from my viewpoint blocking them when you see an attack of this size and or sitting there deleting them is a waste of your time, don and boys will be able to kill them all at one time faster than you can kill 5 of them. The one or two offs you will want to worry about, but the SM will fix the big ones.
I turned comments back on and haven't gotten spammed. Should be safe enough
In theory, there is no difference between theory and practice. In practice, however, there is.
In order to understand recursion, you first have to understand recursion.
Art Hill
Anyone else get bombarded with comment spam recently. I was working on the site when it happend. I got 11 spam comments (poker 838 or something) in the span of about a minute to 11 different images and galleries. I have comment approval turned on so they didn't get through, and since it was 11 it was a minor annoyance, but imagine if it were hundreds or thousands.
Short of hiding comments with CSS, there isn't a simple way to disable comments site-wide. Plus if someone is using a script, hiding it with CSS may not do anything anyway.
I wonder if Smugmug is working on some way to prevent this kind of thing from happening like using a captcha or something.
Great that all is fixed! I had about 300 messages.
But it may happen again in the future.
Feature request:
Install something like SecureImage for spam control. I did this for my blog (http://blog.antonspaans.com/) to fight spam. It requires the commenter to copy an (warped) image of a text-string into a text-field. If the text matches, only then the comment is accepted. I installed it because i got spam on my blog. After i installed, not one single spam message.
Great that all is fixed! I had about 300 messages.
But it may happen again in the future.
Feature request:
Install something like SecureImage for spam control. I did this for my blog (http://blog.antonspaans.com/) to fight spam. It requires the commenter to copy an (warped) image of a text-string into a text-field. If the text matches, only then the comment is accepted. I installed it because i got spam on my blog. After i installed, not one single spam message.
I am not so sure that is a good idea, maybe better to deal with the odd attack than make people go to that much trouble.
I am not so sure that is a good idea, maybe better to deal with the odd attack than make people go to that much trouble.
James.
Nah, I also like the idea of the SecureImage thing. Its really not that much trouble for guests. Besides, more & more websites are doing this for the very reason of fighting attacks like we had today. If it were a perfect world, there wouldnt be no such thing as spam, but its a constant battle against this stuff & im all for more security.
Nah, I also like the idea of the SecureImage thing. Its really not that much trouble for guests. Besides, more & more websites are doing this for the very reason of fighting attacks like we had today. If it were a perfect world, there wouldnt be no such thing as spam, but its a constant battle against this stuff & im all for more security.
well, I am not too fond of the idea, I am not totally against it ether, I just don't think that one attack like this would justifiy it. SM also has to look at cost, which is cheaper, clean on occasion or a month license fee. How many time has this happened before?
We would not do the captcha thing, it would make ajax comments near impossible. Instead we would probably monitor how many posts per minute/hour you make and then stop you from making more. (this is totally Don's thing though, I am just making guesses)
well, I am not too fond of the idea, I am not totally against it ether, I just don't think that one attack like this would justifiy it. SM also has to look at cost, which is cheaper, clean on occasion or a month license fee. How many time has this happened before?
We would not do the captcha thing, it would make ajax comments near impossible. Instead we would probably monitor how many posts per minute/hour you make and then stop you from making more. (this is totally Don's thing though, I am just making guesses)
Throttle the amount/speed of comments... mmmmm.. that would not be a bad idea at all!
well, I am not too fond of the idea, I am not totally against it ether, I just don't think that one attack like this would justifiy it. SM also has to look at cost, which is cheaper, clean on occasion or a month license fee. How many time has this happened before?
James.
There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.
I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together.
There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.
I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together.
Don
I've seen the PHP code of SecureImage (similar system for WordPress comments), and it looked simple indeed. Most LINUX/Unix systems come with ImageMagick's 'convert' tool anyway, doing the brunt of the work.
oh silly me...i must have accidentally posted the link about the mac OSX security hole.
my bad.
(i'm just messin w/ya kerry )
, no prob.
But, in all fairness, that was the first "virus-like" trojan/worm for Mac OS X, which is pretty darn good. Thats why you heard so much about it, even though it wasnt really a big deal & they fixed it in like a day.
EDIT: Oops, I was talking about something else. The Safari thing is news to me.
There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.
I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together.
Don
hmmm, I didn't know it was that simple, cool, I'll have to check it out. but the posts per hour thing sounds like a winner, or maybe after like the third post in X amount of time start using captcha.
But, in all fairness, that was the first "virus-like" trojan/worm for Mac OS X, which is pretty darn good. Thats why you heard so much about it, even though it wasnt really a big deal & they fixed it in like a day.
EDIT: Oops, I was talking about something else. The Safari thing is news to me.
macfixit.com has several solutions, this one being the best, IMO. Also the most complicated:
Make Terminal ask for permission This is the most involved workaround, and probably the most effective. It involves replacing the Terminal application with an automator script that will intercept calls to Terminal and seek your permission to run Terminal before executing.
1. First you will need to download the Automator script, created by a MacFixIt reader, by going to the "Go" menu in the Finder, selecting "Other User's Folder" then typing "pehowland" (without quotes) and pressing return.
2. Next, download the file named "Terminal.app.zip" and unstuff it. The resulting file will be an Automator script application named "Terminal.app" or just "Terminal" if you have file extension display turned off.
3. Next, using the Finder, go to /Applications/Utilities and rename Terminal.app to _Terminal.app.
4. Copy the replacement Terminal.app (the Automator script) into /Applications/Utilities
5. Now every time a shell script attempts to launch the Terminal, the automator script will launch instead and demand user permission before the actual Terminal is launched.
If you want to undo this process, just delete my new Terminal.app and rename _Terminal.app back to Terminal.app.
get an mp3 if you can, i guarantee you've heard the song before.
Ok, got it, but it didn't sound familiar at all. They're so many country songs out there...the only time I recall listening to country was when I checked out the radio stations in the GTA game series.
To stay a bit on topic: I also like the idea to limit the amout of comments one can post per limit, but don't set the limit lower than Andy's posts per minute frequency at it's best. That's the best man can achieve though.
The distorted image thingy should be an optional thing that we can activate when we want to. Would be nice to have this for emailforms too, like someone sugested.
Sebastian
Sebastian
SmugMug Support Hero
0
Options
Matthew SavilleRegistered Users, Retired ModPosts: 3,352Major grins
The distorted image thingy should be an optional thing that we can activate when we want to. Would be nice to have this for emailforms too, like someone sugested.
Amen on the email forms!! I had to take my "mailto" email link off my page 'cause I started getting spam. I know there is a few workarounds to this mentioned on other threads, but it would be cool to have the option of a form built in. At least for maybe the power/pro users.
Wow- I somehow missed this thread yesterday. I even searched for this topic yesterday morning when I woke up and saw all my email notifications. I guess I feel lucky, since I only received 5 comments. At first thought, I also thought it must be some kind of robot. But I noticed all the comments were on the first picture of my most popular galleries. However, I didn't see anything in my stats. Anyway, I'm glad it is fixed. I also think it is great that Don took the opportunity to fight back with his much superior tactics. :duel
Anyone else get bombarded with comment spam recently. I was working on the site when it happend. I got 11 spam comments (poker 838 or something) in the span of about a minute to 11 different images and galleries. I have comment approval turned on so they didn't get through, and since it was 11 it was a minor annoyance, but imagine if it were hundreds or thousands.
Short of hiding comments with CSS, there isn't a simple way to disable comments site-wide. Plus if someone is using a script, hiding it with CSS may not do anything anyway.
I wonder if Smugmug is working on some way to prevent this kind of thing from happening like using a captcha or something.
The spammer is at it again...
I get Real Estate spam again!
Comments
http://photos.mikelanestudios.com/
James.
http://www.jamesjweg.com
I turned comments back on and haven't gotten spammed. Should be safe enough
In order to understand recursion, you first have to understand recursion.
Art Hill
Great that all is fixed!
But it may happen again in the future.
Feature request:
Install something like SecureImage for spam control. I did this for my blog (http://blog.antonspaans.com/) to fight spam. It requires the commenter to copy an (warped) image of a text-string into a text-field. If the text matches, only then the comment is accepted. I installed it because i got spam on my blog. After i installed, not one single spam message.
When I hear the earth will melt into the sun,
in two billion years,
all I can think is:
"Will that be on a Monday?"
==========================
http://www.streetsofboston.com
http://blog.antonspaans.com
thanks much :P
i was wondering what was up when the comments weren't there, which led me to this thread
I am not so sure that is a good idea, maybe better to deal with the odd attack than make people go to that much trouble.
James.
http://www.jamesjweg.com
I say bring on the warped text thingies!
It's called a Captcha
http://photos.mikelanestudios.com/
James.
http://www.jamesjweg.com
Throttle the amount/speed of comments... mmmmm.. that would not be a bad idea at all!
When I hear the earth will melt into the sun,
in two billion years,
all I can think is:
"Will that be on a Monday?"
==========================
http://www.streetsofboston.com
http://blog.antonspaans.com
There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.
I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together.
Don
I believe in you!!!
http://photos.mikelanestudios.com/
captcha = don+jt work
methinks the answer is obvious.
When I hear the earth will melt into the sun,
in two billion years,
all I can think is:
"Will that be on a Monday?"
==========================
http://www.streetsofboston.com
http://blog.antonspaans.com
they already can: http://www.macworld.co.uk/news/index.cfm?NewsID=13911&Page=1&pagePos=2
oh silly me...i must have accidentally posted the link about the mac OSX security hole.
my bad.
(i'm just messin w/ya kerry
But, in all fairness, that was the first "virus-like" trojan/worm for Mac OS X, which is pretty darn good. Thats why you heard so much about it, even though it wasnt really a big deal & they fixed it in like a day.
EDIT: Oops, I was talking about something else. The Safari thing is news to me.
hmmm, I didn't know it was that simple, cool, I'll have to check it out. but the posts per hour thing sounds like a winner, or maybe after like the third post in X amount of time start using captcha.
James.
http://www.jamesjweg.com
macfixit.com has several solutions, this one being the best, IMO. Also the most complicated:
Dgrin FAQ | Me | Workshops
To stay a bit on topic: I also like the idea to limit the amout of comments one can post per limit, but don't set the limit lower than Andy's posts per minute frequency at it's best. That's the best man can achieve though.
The distorted image thingy should be an optional thing that we can activate when we want to. Would be nice to have this for emailforms too, like someone sugested.
Sebastian
SmugMug Support Hero
My SmugMug Portfolio • My Astro-Landscape Photo Blog • Dgrin Weddings Forum
http://www.desertshadowphoto.com
http://aero-nut.smugmug.com
Thanks for all the help from the SWAT team.
Miles
www.boyersmile.smugmug.com
The spammer is at it again...
I get Real Estate spam again!
When I hear the earth will melt into the sun,
in two billion years,
all I can think is:
"Will that be on a Monday?"
==========================
http://www.streetsofboston.com
http://blog.antonspaans.com
I'm right in the middle of getting another barrage of comment spam!
Eek!
Matt Brady
www.ruama.com
The first batch yesterday seems to have been killed very effectively, but here comes round 2. I'm getting this one:
1. | made by: real estate aspen | on: Feb 22, 2006 8:09am PST | action: [URL="javascript:deleteComment(399814,'Image',22087284);"]delete[/URL]
boise idaho real estate boise idaho real estate
boise real estate boise real estate
phoenix real estate phoenix real estate
real estate aspen real estate aspen
real estate for sale real estate for sale
olympia real estate olympia real estate
monarch beach real estate monarch beach real estate
truckee real estate truckee real estate
It's like a video game. The second wave is coming, did SM get their powerups?
I've got faith in you guys!
F
same here - just started a couple of minutes ago. back to enabling comment approval ... 8 so far, but it just started.
Smug since 2006
SmugMug Help
PhotoscapeDesign