Comment Spam...

124

Comments

  • Mike LaneMike Lane Registered Users Posts: 7,106 Major grins
    edited February 21, 2006
    So thumb.gif is it safe to allow comments again?
    Y'all don't want to hear me, you just want to dance.

    http://photos.mikelanestudios.com/
  • JamesJWegJamesJWeg Registered Users Posts: 795 Major grins
    edited February 21, 2006
    from my viewpoint blocking them when you see an attack of this size and or sitting there deleting them is a waste of your time, don and boys will be able to kill them all at one time faster than you can kill 5 of them. The one or two offs you will want to worry about, but the SM will fix the big ones.

    James.
  • arthillarthill Registered Users Posts: 62 Big grins
    edited February 21, 2006
    Mike Lane wrote:
    So thumb.gif is it safe to allow comments again?

    I turned comments back on and haven't gotten spammed. Should be safe enough ne_nau.gif
    In theory, there is no difference between theory and practice. In practice, however, there is.
    In order to understand recursion, you first have to understand recursion.
    Art Hill
  • flyingdutchieflyingdutchie Registered Users Posts: 1,286 Major grins
    edited February 21, 2006
    Feature Request: Spam Control...
    Mike Lane wrote:
    Anyone else get bombarded with comment spam recently. I was working on the site when it happend. I got 11 spam comments (poker 838 or something) in the span of about a minute to 11 different images and galleries. I have comment approval turned on so they didn't get through, and since it was 11 it was a minor annoyance, but imagine if it were hundreds or thousands.

    Short of hiding comments with CSS, there isn't a simple way to disable comments site-wide. Plus if someone is using a script, hiding it with CSS may not do anything anyway.

    I wonder if Smugmug is working on some way to prevent this kind of thing from happening like using a captcha or something.

    Great that all is fixed! clap.gif I had about 300 messages.
    But it may happen again in the future.

    Feature request:
    Install something like SecureImage for spam control. I did this for my blog (http://blog.antonspaans.com/) to fight spam. It requires the commenter to copy an (warped) image of a text-string into a text-field. If the text matches, only then the comment is accepted. I installed it because i got spam on my blog. After i installed, not one single spam message.
    I can't grasp the notion of time.

    When I hear the earth will melt into the sun,
    in two billion years,
    all I can think is:
        "Will that be on a Monday?"
    ==========================
    http://www.streetsofboston.com
    http://blog.antonspaans.com
  • dominikdominik Registered Users Posts: 48 Big grins
    edited February 21, 2006
    edit: ah, great that all the spam comments were removed :)

    thanks much :P

    i was wondering what was up when the comments weren't there, which led me to this thread :)
  • JamesJWegJamesJWeg Registered Users Posts: 795 Major grins
    edited February 21, 2006
    Great that all is fixed! clap.gif I had about 300 messages.
    But it may happen again in the future.

    Feature request:
    Install something like SecureImage for spam control. I did this for my blog (http://blog.antonspaans.com/) to fight spam. It requires the commenter to copy an (warped) image of a text-string into a text-field. If the text matches, only then the comment is accepted. I installed it because i got spam on my blog. After i installed, not one single spam message.

    I am not so sure that is a good idea, maybe better to deal with the odd attack than make people go to that much trouble.

    James.
  • peestandinguppeestandingup Registered Users Posts: 489 Major grins
    edited February 21, 2006
    JamesJWeg wrote:
    I am not so sure that is a good idea, maybe better to deal with the odd attack than make people go to that much trouble.

    James.
    Nah, I also like the idea of the SecureImage thing. Its really not that much trouble for guests. Besides, more & more websites are doing this for the very reason of fighting attacks like we had today. If it were a perfect world, there wouldnt be no such thing as spam, but its a constant battle against this stuff & im all for more security.

    I say bring on the warped text thingies! :D
  • Mike LaneMike Lane Registered Users Posts: 7,106 Major grins
    edited February 21, 2006
    Nah, I also like the idea of the SecureImage thing. Its really not that much trouble for guests. Besides, more & more websites are doing this for the very reason of fighting attacks like we had today. If it were a perfect world, there wouldnt be no such thing as spam, but its a constant battle against this stuff & im all for more security.

    I say bring on the warped text thingies! :D

    It's called a Captcha thumb.gif
    Y'all don't want to hear me, you just want to dance.

    http://photos.mikelanestudios.com/
  • JamesJWegJamesJWeg Registered Users Posts: 795 Major grins
    edited February 21, 2006
    well, I am not too fond of the idea, I am not totally against it ether, I just don't think that one attack like this would justifiy it. SM also has to look at cost, which is cheaper, clean on occasion or a month license fee. How many time has this happened before?

    James.
  • {JT}{JT} Registered Users Posts: 1,016 Major grins
    edited February 21, 2006
    We would not do the captcha thing, it would make ajax comments near impossible. Instead we would probably monitor how many posts per minute/hour you make and then stop you from making more. (this is totally Don's thing though, I am just making guesses) ;)
    JamesJWeg wrote:
    well, I am not too fond of the idea, I am not totally against it ether, I just don't think that one attack like this would justifiy it. SM also has to look at cost, which is cheaper, clean on occasion or a month license fee. How many time has this happened before?

    James.
  • flyingdutchieflyingdutchie Registered Users Posts: 1,286 Major grins
    edited February 21, 2006
    {JT} wrote:
    We would not do the captcha thing, it would make ajax comments near impossible. Instead we would probably monitor how many posts per minute/hour you make and then stop you from making more. (this is totally Don's thing though, I am just making guesses) ;)

    Throttle the amount/speed of comments... mmmmm.. that would not be a bad idea at all! :D
    I can't grasp the notion of time.

    When I hear the earth will melt into the sun,
    in two billion years,
    all I can think is:
        "Will that be on a Monday?"
    ==========================
    http://www.streetsofboston.com
    http://blog.antonspaans.com
  • onethumbonethumb Administrators Posts: 1,269 Major grins
    edited February 21, 2006
    JamesJWeg wrote:
    well, I am not too fond of the idea, I am not totally against it ether, I just don't think that one attack like this would justifiy it. SM also has to look at cost, which is cheaper, clean on occasion or a month license fee. How many time has this happened before?

    James.

    There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.

    I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together. :)

    Don
  • Mike LaneMike Lane Registered Users Posts: 7,106 Major grins
    edited February 21, 2006
    onethumb wrote:
    There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.

    I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together. :)

    Don

    I believe in you!!!
    Y'all don't want to hear me, you just want to dance.

    http://photos.mikelanestudios.com/
  • bwgbwg Registered Users, Retired Mod Posts: 2,119 SmugMug Employee
    edited February 21, 2006
    onethumb wrote:
    ...but JT seems to think it's not possible. Dunno why he'd think that...
    comment throttling = don work

    captcha = don+jt work

    methinks the answer is obvious.
    Pedal faster
  • flyingdutchieflyingdutchie Registered Users Posts: 1,286 Major grins
    edited February 21, 2006
    onethumb wrote:
    There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.

    I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together. :)

    Don
    I've seen the PHP code of SecureImage (similar system for WordPress comments), and it looked simple indeed. Most LINUX/Unix systems come with ImageMagick's 'convert' tool anyway, doing the brunt of the work.
    I can't grasp the notion of time.

    When I hear the earth will melt into the sun,
    in two billion years,
    all I can think is:
        "Will that be on a Monday?"
    ==========================
    http://www.streetsofboston.com
    http://blog.antonspaans.com
  • peestandinguppeestandingup Registered Users Posts: 489 Major grins
    edited February 21, 2006
    I think it'll work great, until that dreaded day comes when the bots are able to read warped text! Dun Dun Duuuuun!! :D
  • bwgbwg Registered Users, Retired Mod Posts: 2,119 SmugMug Employee
    edited February 21, 2006
    I think it'll work great, until that dreaded day comes when the bots are able to read warped text! Dun Dun Duuuuun!! :D

    they already can: http://www.macworld.co.uk/news/index.cfm?NewsID=13911&Page=1&pagePos=2
    Pedal faster
  • bwgbwg Registered Users, Retired Mod Posts: 2,119 SmugMug Employee
    edited February 21, 2006
    bigwebguy wrote:

    oh silly me...i must have accidentally posted the link about the mac OSX security hole.

    my bad.





    (i'm just messin w/ya kerry thumb.gif)
    Pedal faster
  • peestandinguppeestandingup Registered Users Posts: 489 Major grins
    edited February 21, 2006
    bigwebguy wrote:
    oh silly me...i must have accidentally posted the link about the mac OSX security hole.

    my bad.





    (i'm just messin w/ya kerry thumb.gif)
    Laughing.gif, no prob. thumb.gif

    But, in all fairness, that was the first "virus-like" trojan/worm for Mac OS X, which is pretty darn good. Thats why you heard so much about it, even though it wasnt really a big deal & they fixed it in like a day.

    EDIT: Oops, I was talking about something else. The Safari thing is news to me. ne_nau.gif
  • JamesJWegJamesJWeg Registered Users Posts: 795 Major grins
    edited February 21, 2006
    onethumb wrote:
    There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.

    I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together. :)

    Don

    hmmm, I didn't know it was that simple, cool, I'll have to check it out. but the posts per hour thing sounds like a winner, or maybe after like the third post in X amount of time start using captcha.

    James.
  • DavidTODavidTO Registered Users, Retired Mod Posts: 19,160 Major grins
    edited February 21, 2006
    Laughing.gif, no prob. thumb.gif

    But, in all fairness, that was the first "virus-like" trojan/worm for Mac OS X, which is pretty darn good. Thats why you heard so much about it, even though it wasnt really a big deal & they fixed it in like a day.

    EDIT: Oops, I was talking about something else. The Safari thing is news to me. ne_nau.gif


    macfixit.com has several solutions, this one being the best, IMO. Also the most complicated:
    Make Terminal ask for permission This is the most involved workaround, and probably the most effective. It involves replacing the Terminal application with an automator script that will intercept calls to Terminal and seek your permission to run Terminal before executing.

    1. First you will need to download the Automator script, created by a MacFixIt reader, by going to the "Go" menu in the Finder, selecting "Other User's Folder" then typing "pehowland" (without quotes) and pressing return.
    2. Next, download the file named "Terminal.app.zip" and unstuff it. The resulting file will be an Automator script application named "Terminal.app" or just "Terminal" if you have file extension display turned off.
    3. Next, using the Finder, go to /Applications/Utilities and rename Terminal.app to _Terminal.app.
    4. Copy the replacement Terminal.app (the Automator script) into /Applications/Utilities
    5. Now every time a shell script attempts to launch the Terminal, the automator script will launch instead and demand user permission before the actual Terminal is launched.

    If you want to undo this process, just delete my new Terminal.app and rename _Terminal.app back to Terminal.app.
    Moderator Emeritus
    Dgrin FAQ | Me | Workshops
  • rainforest1155rainforest1155 Registered Users Posts: 4,566 Major grins
    edited February 21, 2006
    bigwebguy wrote:
    sebastian, look up Kenny Rogers & The Gambler

    get an mp3 if you can, i guarantee you've heard the song before.
    Ok, got it, but it didn't sound familiar at all. They're so many country songs out there...the only time I recall listening to country was when I checked out the radio stations in the GTA game series. mwink.gif

    To stay a bit on topic: I also like the idea to limit the amout of comments one can post per limit, but don't set the limit lower than Andy's posts per minute frequency at it's best. That's the best man can achieve though. :D
    The distorted image thingy should be an optional thing that we can activate when we want to. Would be nice to have this for emailforms too, like someone sugested.


    Sebastian
    Sebastian
    SmugMug Support Hero
  • Matthew SavilleMatthew Saville Registered Users, Retired Mod Posts: 3,352 Major grins
    edited February 21, 2006
    * quietly slips out of the nerd convention*
    My first thought is always of light.” – Galen Rowell
    My SmugMug PortfolioMy Astro-Landscape Photo BlogDgrin Weddings Forum
  • peestandinguppeestandingup Registered Users Posts: 489 Major grins
    edited February 22, 2006
    The distorted image thingy should be an optional thing that we can activate when we want to. Would be nice to have this for emailforms too, like someone sugested.
    Amen on the email forms!! I had to take my "mailto" email link off my page 'cause I started getting spam. I know there is a few workarounds to this mentioned on other threads, but it would be cool to have the option of a form built in. At least for maybe the power/pro users. :D
  • aero-nutaero-nut Registered Users Posts: 693 Major grins
    edited February 22, 2006
    That was definately quite anonying. But, I have to say, thanks for the quick response as usual smugmug! You guys rock.
  • boyersmileboyersmile Registered Users Posts: 41 Big grins
    edited February 22, 2006
    Wow- I somehow missed this thread yesterday. I even searched for this topic yesterday morning when I woke up and saw all my email notifications. I guess I feel lucky, since I only received 5 comments. At first thought, I also thought it must be some kind of robot. But I noticed all the comments were on the first picture of my most popular galleries. However, I didn't see anything in my stats. Anyway, I'm glad it is fixed. I also think it is great that Don took the opportunity to fight back with his much superior tactics. :duel

    Thanks for all the help from the SWAT team.

    Miles
  • flyingdutchieflyingdutchie Registered Users Posts: 1,286 Major grins
    edited February 22, 2006
    Mike Lane wrote:
    Anyone else get bombarded with comment spam recently. I was working on the site when it happend. I got 11 spam comments (poker 838 or something) in the span of about a minute to 11 different images and galleries. I have comment approval turned on so they didn't get through, and since it was 11 it was a minor annoyance, but imagine if it were hundreds or thousands.

    Short of hiding comments with CSS, there isn't a simple way to disable comments site-wide. Plus if someone is using a script, hiding it with CSS may not do anything anyway.

    I wonder if Smugmug is working on some way to prevent this kind of thing from happening like using a captcha or something.

    The spammer is at it again...
    I get Real Estate spam again!
    I can't grasp the notion of time.

    When I hear the earth will melt into the sun,
    in two billion years,
    all I can think is:
        "Will that be on a Monday?"
    ==========================
    http://www.streetsofboston.com
    http://blog.antonspaans.com
  • mbradymbrady Registered Users Posts: 321 Major grins
    edited February 22, 2006
    Comment Spam - Round 2!
    I'm right in the middle of getting another barrage of comment spam!
    Eek!

    Matt Brady
    www.ruama.com
  • FaschaFascha Registered Users Posts: 14 Big grins
    edited February 22, 2006
    Here they come again
    The first batch yesterday seems to have been killed very effectively, but here comes round 2. I'm getting this one:

    1. | made by: real estate aspen | on: Feb 22, 2006 8:09am PST | action: [URL="javascript:deleteComment(399814,'Image',22087284);"]delete[/URL]

    boise idaho real estate boise idaho real estate
    boise real estate boise real estate
    phoenix real estate phoenix real estate
    real estate aspen real estate aspen
    real estate for sale real estate for sale
    olympia real estate olympia real estate
    monarch beach real estate monarch beach real estate
    truckee real estate truckee real estate



    It's like a video game. The second wave is coming, did SM get their powerups?



    I've got faith in you guys!



    F
  • BarbBarb Administrators Posts: 3,352 SmugMug Employee
    edited February 22, 2006
    The spammer is at it again...
    I get Real Estate spam again!

    same here - just started a couple of minutes ago. back to enabling comment approval ... 8 so far, but it just started.
    Barb
    Smug since 2006
    SmugMug Help
    PhotoscapeDesign
Sign In or Register to comment.