Anyone else get bombarded with comment spam recently. I was working on the site when it happend. I got 11 spam comments (poker 838 or something) in the span of about a minute to 11 different images and galleries. I have comment approval turned on so they didn't get through, and since it was 11 it was a minor annoyance, but imagine if it were hundreds or thousands.

Short of hiding comments with CSS, there isn't a simple way to disable comments site-wide. Plus if someone is using a script, hiding it with CSS may not do anything anyway.

I wonder if Smugmug is working on some way to prevent this kind of thing from happening like using a captcha or something.

Well @#$%, it appears that I've been targeted. I'm up to 110 spam comments. I guess I have to go through all of my galleries and disable the comments one by one.

#@$%!!!!!


... Okay, found the bulk setting. What a freaking pain. Now I have to go in and delete all those comments 1 by 1.

Yes, Mike. I am having the same problem here... nearly 100 comment spams for the past one hour.

Emailed help but still no reply from them.

I'm getting deluged by them too. All from poker something or another. Maybe it's finding them by google or something. I'm getting 100s.

I really hate to have to turn off comments. Is there some way to control WHO is allowed to comment? Maybe require a registration step of some sort?

513 in the past 24 hours for me.

lovely.


edit: getting 1 about every 6 seconds right now.

Had the same spamer you had. Got 60 - then I turned on comment approval, but even though I first thought it stopped, it didn't. [stuff about an IP that visited my site shortly before the attack removed - was just a regular visitor]
You can relavtively easy delete them in the control panel with a single click, but still it's a pain in the neck.
What about introducing those security mechanisms where one has to type in the characters that are on a small image created by the server in order to submit a comment? I haven't had trouble before, but I don't know what else could effectively prohibit the abuse.


Sebastian

EDIT: While typing this I got another 110!!!! HELP!!! I want to keep the comment function though!

Well, anyone had any spammers hitting their comments section?? Have a look at http://camlaird.smugmug.com/gallery/1182609/3/55355328/Medium - How can I globally turn off comments, I would love to keep it but this could be a major problem - I had the first about two hours ago and now just got another 4. Any help?

Well, anyone had any spammers hitting their comments section?? Have a look at http://camlaird.smugmug.com/gallery/1182609/3/55355328/Medium - How can I globally turn off comments, I would love to keep it but this could be a major problem - I had the first about two hours ago and now just got another 4. Any help?

I am a fool, should have had a search first and I posted in the wrong forum - sorry!!! Anyway, I am going to manually turn off the comments... Bummer!

Had the same spamer you had. Got 60 - then I turned on comment approval, but even though I first thought it stopped, it didn't. Do you have any kind of logging on your homepage? The only visitor before the whole thing started was:

<snip>

I don't know if they've any connection with what's going on here. Anyone logged the same visitor?

You can relavtively easy delete them in the control panel with a single click, but still it's a pain in the neck.
What about introducing those security mechanisms where one has to type in the characters that are on a small image created by the server in order to submit a comment? I haven't had trouble before, but I don't know what else could effectively prohibit the abuse.

Sebastian

EDIT: While typing this I got another 110!!!! HELP!!! I want to keep the comment function though!

unfortunately, i cant confirm your guy...my stats for today arent up yet.

whoever it is though should be fairly easy for sm to track down, considering the volume that these things are coming in.

also should be easy peasy to bulk purge since they all have the same name. i wouldnt waste your time deleting these by hand, you wont be able to keep ahead of the new ones showing up right now. I would think that given SM's history, they'll have these out of the system right quick.

i just added a sitewide password to stop the bleeding right now.

gonna go play some poker until this thing blows over...

also should be easy peasy to bulk purge since they all have the same name. i wouldnt waste your time deleting these by hand, you wont be able to keep ahead of the new ones showing up right now. I would think that given SM's history, they'll have these out of the system right quick.
Your probably right, I'll stop thinking about them and turn off the mail notification for comments...that goes on my nerves and pretty much annoys me! Man first I was happy that I got comment notifications in my mail, but as I saw the number my hopes decreased a lot and I didn't really want to look at it.

Sebastian

EDIT: I wonder if this guy also messes with our bandwith stats.

i just added a sitewide password to stop the bleeding right now.

gonna go play some poker until this thing blows over...
Does this help when he's already in the site?

EDIT: I wonder if this guy also messes with our bandwith stats.

remember this thread (http://dgrin.com/showthread.php?t=26243)?

Yup, the poker freak found my Smugmug pages as too.
When I blocked comments on one gallery, they started attacking another one.

My 'new NASA solution' applies here. If we catch them, stuff them in an old Saturn 5 rocket and shoot them into the universe.... they're not worth feeding in a prison :wink

Now, how to solve this!?? Changing the settings of ALL my galleries !!?? Don't have time for that !! !!! Grrr......

Francois

Anyone else get bombarded with comment spam recently. I was working on the site when it happend. I got 11 spam comments (poker 838 or something) in the span of about a minute to 11 different images and galleries. I have comment approval turned on so they didn't get through, and since it was 11 it was a minor annoyance, but imagine if it were hundreds or thousands.

Short of hiding comments with CSS, there isn't a simple way to disable comments site-wide. Plus if someone is using a script, hiding it with CSS may not do anything anyway.

I wonder if Smugmug is working on some way to prevent this kind of thing from happening like using a captcha or something.

i just added a sitewide password to stop the bleeding right now.

ok, even with a sitewide password, i'm still getting comments. am i missing something? how is this happening?

ok, even with a sitewide password, i'm still getting comments. am i missing something? how is this happening?

It is a 'bot' and it is smarter than SM's software :rolleyes

remember this thread (http://dgrin.com/showthread.php?t=26243)?
Opps, I did forget about this one. Gotta have a look into this again.

Sebastian

ok, even with a sitewide password, i'm still getting comments. am i missing something? how is this happening?
Same here for me... :rolleyes
At least the mail notifications have slowly stopped after I turned it off 15min ago or so.

Sebastian

My pro site is being slammed with comment spam - causing great difficulty.

I'm unable to figure out how to turn on comment "Captcha", or any other basic and essential comment SPAM controls for my smugmug site.

What am I missing? :dunno

Cheers & thanks from Tasmania,

Thomas

Same here for me... :rolleyes
At least the mail notifications have slowly stopped after I turned it off 15min ago or so.

Sebastian

When I turn 'comments' off it seems to stop, but goes to another gallery.....

I'm getting spammed too. 17 comments in the last 3 hours. Ben, can't you declare martial law or something?!? Hehe.

I think they may have capped it off though, things seem to have died down in the past few minutes. Not holding my breath though. At least, here's a tip:

Don't bother going into your individual galleries to try and hunt down each comment to delete it, just go into your control panel and there should be a link to view all your comments. It's slow or fast depending on your internet connection, but it's just a two click back and forth kinda thing so it shouldn't be that hard for someone who got hit with only a few... Hopefully SM can help people like Mike who've got over a hundred!

-Matt-

My pro site is being slammed with comment spam - causing great difficulty.

I'm unable to figure out how to turn on comment "Captcha", or any other basic and essential comment SPAM controls for my smugmug site.

What am I missing? :dunno

Cheers & thanks from Tasmania,

Thomas

go to your control panel and click on the number next to comments.

on the next screen in the top right there is a button to turn on comment approval.

this will at least make it so the comments dont show up on your site.

... Hopefully SM can help people like Mike who've got over a hundred!

1 every 6 seconds at one point.

I'm getting spammed too. 17 comments in the last 3 hours. Ben, can't you declare martial law or something?!? Hehe.
Consider yourself lucky. As Mike and bigwebguy I got a lot. About 300 in 3 hours with big brakes in between. ;)
I don't bother deleting them anymore and I hope for Andy getting out of his bed in order to alarm the rest of the SM team! Not that I'm not granting him his beauty sleep, but we've clearly a situation here. :wink

Sebastian

When I turn 'comments' off it seems to stop, but goes to another gallery.....
Yeah, haven't tried that. I just turned off the mails I was getting from smugmug telling me that I've got a new comment. That was really annoying.

Sebastian

EDIT: Looks like the mailserver is still busy as some old notifications still keep coming in. Hope SM doesn't get declared as a spamer too by some ISPs.

I guess I'm lucky I've only received two poker spam comments.

I just got hit a few min ago. :boid

James.

go to your control panel and click on the number next to comments.

on the next screen in the top right there is a button to turn on comment approval.

this will at least make it so the comments dont show up on your site.

Thanks 4 the quick reply BWG.

I'm aware of the comment moderation control and already use it.

I'm getting 100 comments and notification emails at a time - and having to manually delete each comment one-by-one.

I'm asking about SPAM control - like Captcha - how do we turn that on?

Cheers n thanks for your efforts,

Thomas in Tassie

I would like to see some word from SM on this one, should we kill them all ourselves? Mine started at 2:51 and I am still getting them right now.

I am running statcounter and not seeing any use at the time I am getting them.

James.

Thanks 4 the quick reply BWG.

I'm aware of the comment moderation control and already use it.

I'm getting 100 comments and notification emails at a time - and having to manually delete each comment one-by-one.

I'm asking about SPAM control - like Captcha - how do we turn that on?

Cheers n thanks for your efforts,

Thomas in Tassie

best thing to do now is turn of email notification and weather the storm until the SM folks get things under control.

Damn poker bastard. OK, here is what im finding out. I have my image comment button (not the gallery comment button) and comments left by others invisible by using:

#imageCommentSummary {display: none;}

#comments {display: none;}
The bastard can still leave comments, but they wont show up on your page. Also, I have my email notifactions turned off in the meantime. Turning off your gallery comments from within the customize gallery options or enabling comment approval is kinda useless.

Damn poker bastard. OK, here is what im finding out. I have my image comment button (not the gallery comment button) and comments left by others invisible by using:

#imageCommentSummary {display: none;}

#comments {display: none;}
The bastard can still leave comments, but they wont show up on your page. Also, I have my email notifactions turned off in the meantime. Turning off your gallery comments from within the customize gallery options or enabling comment approval is kinda useless.

enabling comment approval wont prevent you from getting them, but it will prevent them from showing up in your galleries..


update: 1017 comments and still rising!

Damn poker bastard. OK, here is what im finding out. I have my image comment button (not the gallery comment button) and comments left by others invisible by using:

#imageCommentSummary {display: none;}

#comments {display: none;}
The bastard can still leave comments, but they wont show up on your page. Also, I have my email notifactions turned off in the meantime. Turning off your gallery comments from within the customize gallery options or enabling comment approval is kinda useless.

Seems to have worked in my case..... 'it' moved to another gallery, and then another.. and now it seems to have stopped. I got some 12 in total, so I am not complaining for myself.... but companies like these should be attacked, either by law or by white hackers :wink

Seems to have worked in my case..... 'it' moved to another gallery, and then another.. and now it seems to have stopped. I got some 12 in total, so I am not complaining for myself.... but companies like these should be attacked, either by law or by white hackers :wink

working on the latter :D

James.

working on the latter :D

James.

vigilante justice!

it's what the internets was meant for.:thumb

Hi everyone,

I have called and awakened the West Coast. Please standby while we work on this and we'll provide as much info as we can, when we get it.

Thank you for your patience and understanding while we sort this out.

working on the latter :D

James.
So you were able to trace them back? If so, I would like to know how you did it! :D

Thanks,
Sebastian

as far as I can tell so far this company may be behind the attack

http://oversee.net/

James.

edit: If they are not doing it, they own some domains in use, and or have some connection.

update: 1017 comments and still rising!
Heavy!:huh I'm still in the 300-400 range and I personally killed around 150 by hand. ( :gun2 comment-spamer)
I'm a bit more chilled as the queue at the mail notification server finally seems to be empty for me.

Sebastian

So you were able to trace them back? If so, I would like to know how you did it! :D

Thanks,
Sebastian

It is a redirect scheme, bounced arouns a couple times. These guys are just the first stop.

DO NOT FOLLOW THIS WITHOUT ANTI SPYWARE/ADDWARE SOFTWARE WORKING AND COOKIES BLOCKED!!!!!! THEY WILL TRY TO GET INTO YOUR SYSTEM!!!!!!!
kiszka-blada.com
then off to
proredirect.com
who then goes to
oversee.net

James.

as far as I can tell so far this company may be behind the attack

http://oversee.net/

James.

edit: If they are not doing it, they own some domains in use, and or have some connection.

This kind of 'marketing' goes in the same range as the Osama's of this world...... just terrorizing innocent people for the heck of it. Nobody in his right mind is ever going to use one of these casino links they put in our comments.... so it is a total futile and criminal action.

It is a redirect scheme, bounced arouns a couple times. These guys are just the first stop.
Ah, okay...so you simply followed the link. I thought that you perhaps had some tracking code on your page that captured the bot while it was doing it's dirty business.

Thanks for the info though. Keep us posted. :)

Sebastian

It is a redirect scheme, bounced arouns a couple times. These guys are just the first stop.

DO NOT FOLLOW THIS WITHOUT ANTI SPYWARE/ADDWARE SOFTWARE WORKING AND COOKIES BLOCKED!!!!!! THEY WILL TRY TO GET INTO YOUR SYSTEM!!!!!!!
kiszka-blada.com
then off to
proredirect.com
who then goes to
oversee.net

James.

the domain is registered at nameking.com

Abuse Desk Email Address: abuse@nameking.com

he'll probably just pop up somewhere else, but we can make it inconvenient for a little while.

from what I see in my own site log I suspect this is the direct source

Sachsen, Leipzig, Germany
p54B9A603.dip0.t-ipconnect.de (84.185.166.3)

It is a windows 2000 box, it has been hitting my page for a duration of 0 sec, and it has plenty of open ports that a normal workstation would not be listening too. :wink

James.

from what I see in my own site log I suspect this is the direct source

Sachsen, Leipzig, Germany
p54B9A603.dip0.t-ipconnect.de (84.185.166.3)

It is a windows 2000 box, it has been hitting my page for a duration of 0 sec, and it has plenty of open ports that a normal workstation would not be listening too. :wink

James.


i doubt that you would see anything in your logs.

more than likely its hitting www.smugmug.com/hack/RPC/gallery.mg and just passing in the image id

it's not actually hitting your page now which is why adding a site level password doesnt do anything..


however...this information would've had to be mined previously unless the bot is just doing an incremental hit & miss...

i doubt that you would see anything in your logs.

more than likely its hitting www.smugmug.com/hack/RPC/gallery.mg (http://www.smugmug.com/hack/RPC/gallery.mg) and just passing in the image id

it's not actually hitting your page now which is why adding a site level password doesnt do anything..


however...this information would've had to be mined previously unless the bot is just doing an incremental hit & miss...

How many browsers would hit my main page for 0 sec every little while? Yes, that one is just guessing off the time duration, which is why it is not a ourright target........yet, pending more info.

James.

well, not hit from that IP the last couple times I got new commants, maybe that was a scanning run of some kind or it could be unrelated, but most people don't listen to ports 21 (ftp), 135 (epmap), 389 (ldap), 1002, and 1720 on a browser station.

James.

update: 1528 comments and rising.

looks like the deck is stacked against me.

ldap 389 can be from netmeeting, which has a known hole, I bet that is someone's system that has been hijacked.

James.

from what I see in my own site log I suspect this is the direct source

Sachsen, Leipzig, Germany
p54B9A603.dip0.t-ipconnect.de (84.185.166.3)

It is a windows 2000 box, it has been hitting my page for a duration of 0 sec, and it has plenty of open ports that a normal workstation would not be listening too. :wink

James.


Hey, hey easy! That's me!! I clicked on your link to see if you've got site pw turned on too!

EDIT: Statcounter lists 0sec when someone comes to your main page and doesn't click on any other page by just closing the browser.

Hey, hey easy! That's me!! I clicked on your link to see if you've got site pw turned on too!
If that is you, why is your system listening to those ports? ftp? ldap? epmap? 1002? 1720?

James.

Did you go to my site more than once? To the root only? that is what drew my attention, more then once, right before I got another spam round. Are you running anti spyware? or are you just really using your system :D

ldap 389 can be from netmeeting, which has a known hole, I bet that is someone's system that has been hijacked.

James.
That's my server and windows update hasn't been working for me anymore for quite some time (just hangs while searching for updates)...looks like I gotta install some patches manually.
I'm sure it hasn't been hijacked though.

Sebastian

This kind of 'marketing' goes in the same range as the Osama's of this world...... just terrorizing innocent people for the heck of it. Nobody in his right mind is ever going to use one of these casino links they put in our comments.... so it is a total futile and criminal action.

Francois I love your new tagline:

That's my server and windows update hasn't been working for me anymore for quite some time (just hangs while searching for updates)...looks like I gotta install some patches manually.
I'm sure it hasn't been hijacked though.

Sebastian

yeah then you better do some updates, that is why you research before you attack back, too easy to get the wrong one. If I were you I wouldn't browse from a server. Kinda odd that it only showed you hitting my root page and nothing else.

James.

I've been told that situation has been controlled, and that the spam comments have been deleted. I looked at mine and Lee's accounts, appears so.

More from Onethumb I'm sure.

If that is you, why is your system listening to those ports? ftp? ldap? epmap? 1002? 1720?

James.

Did you go to my site more than once? To the root only? that is what drew my attention, more then once, right before I got another spam round. Are you running anti spyware? or are you just really using your system :D
Those spamers don't show on Statcounter. I've already checked that with my account. Just before the attack I had one visitor (look on the first page), but it's not very likely that it's the one spaming around - or you would have had that hit too.

I can't recall if I hit your site more than once today, but I have visited it before and may still have the cookie.

Why the many ports you ask? Because it's my server to which I can connect to when I'm not at home. Has the usual stuff, teamspeak server, ftp etc. But it for sure doesn't spam around.

Sebastian

enabling comment approval wont prevent you from getting them, but it will prevent them from showing up in your galleries..


update: 1017 comments and still rising! If you enable comment approval, wont you be bombarded with approval emails?? If you turn off email notifications in you account settings, will you still get comment approval emails??

BTW, I have only been hit 13 times so far. Is it because I already had my single photo comment link blocked using that code? He seems to only comment on single images & not galleries, in my case. And only hits the very first photo in my galleries, so thats why I only have 13 spams, me thinks.

BTW, pay backs a mutha!! Lets get these creeps!!!

that is why you research before you attack back, too easy to get the wrong one.
James.
in other words, you need to know when to hold 'em, know when to fold 'em?





sorry.

I've been told that situation has been controlled, and that the spam comments have been deleted. I looked at mine and Lee's accounts, appears so.

More from Onethumb I'm sure.

Yup, nicly done, and fairly fast. :thumb That kinda of attack is just a fact of life these days.

James.

I turned off allowing comments for all 500+ of my galleries after I got about 140 comments. That worked. I turned one gallery back on for comments and it started again.

arthill.smugmug.com

Those spamers don't show on Statcounter. I've already checked that with my account. Just before the attack I had one visitor (look on the first page), but it's not very likely that it's the one spaming around - or you would have had that hit too.

I can't recall if I hit your site more than once today, but I have visited it before and may still have the cookie.

Why the many ports you ask? Because it's my server to which I can connect to when I'm not at home. Has the usual stuff, teamspeak server, ftp etc. But it for sure doesn't spam around.

Sebastian

You might want to take another look at security, it looked pretty open to attack.

James.

yeah then you better do some updates, that is why you research before you attack back, too easy to get the wrong one. If I were you I wouldn't browse from a server. Kinda odd that it only showed you hitting my root page and nothing else.

James.
I'm not sitting at it, but it's the internet router for my flat. Also it isn't unsual at all to only get hits at the frontpage. I often have people clicking my link visiting the frontpage, but then quit. Statcounter or whatever you're using can't measure (at least most of them don't, because it would require a script continuisly reporting back to the counter) how long a visitor has looked at a single page. They just can guess it by looking at how long did it take for the user to click the next link.
As I said, I was just checking on your site if you had a site password, too, because that didn't keep the comments away from my site. That also proves that these bots weren't using standard browsing method to leave their spam as they would have been blocked out by a site password.

Sebastian

Hi Everyone, I'm repeating this message:


Thanks for writing and thanks for letting us know. Yes, we had a comment spammer. Our engineers have since fixed the problem, and deleted all spam comments from the system.

You can change your comment email alert preferences by going to Control Panel>Mail Preferences

You can enable comment approval by following the instructions here:
http://www.smugmug.com/help/photo-sharing-comments

Please watch our Support Forum http://www.dgrin.com/forumdisplay.php?f=12 for updates.

We'll continue to monitor the system. Please let us know if you experience any more comment problems. I'm sorry for the hassle.

in other words, you need to know when to hold 'em, know when to fold 'em?





sorry.

well, exactly, when I run into a deal like this I pull in all the info I can on the most likly sources, then compair more, I just was giving out what looked to be a likly source to see if others had the same and actually also in case exactly what the case was, in case it was someone on dgrin with legit use. Most people don't browse with a system like that, a fact which raised a flag or 2 for me.

James.

If you enable comment approval, wont you be bombarded with approval emails?? If you turn off email notifications in you account settings, will you still get comment approval emails??

Nope, there are no pending approval mails. You have to go to the control panel and there you'll see an option to display the comments awaiting approval. So it definately works without the email notification.

Sebastian

Nope, there are no pending approval mails. You have to go to the control panel and there you'll see an option to display the comments awaiting approval. So it definately works without the email notification.

Sebastian
Nice. Thanks!

Most people don't browse with a system like that, a fact which raised a flag or 2 for me.
Well technically I don't browse with it. My workstation here is pretty much up-to-date. Your scanning tools only hit my relatively unsecure server which doesn't hold any important information. It's just the first barrier.
And I like my Win2000 - I don't feel the urge to switch to anything else and it has been running okay for a long time.

Sebastian

I'm not sitting at it, but it's the internet router for my flat. Also it isn't unsual at all to only get hits at the frontpage. I often have people clicking my link visiting the frontpage, but then quit. Statcounter or whatever you're using can't measure (at least most of them don't, because it would require a script continuisly reporting back to the counter) how long a visitor has looked at a single page. They just can guess it by looking at how long did it take for the user to click the next link.
As I said, I was just checking on your site if you had a site password, too, because that didn't keep the comments away from my site. That also proves that these bots weren't using standard browsing method to leave their spam as they would have been blocked out by a site password.

Sebastian

A system setup properly to route should not show up that way. You might want to look at how you are doing your routing with it then. And hope that the spammers don't find your system, I have had tighter servers hacked before.

James.

Well technically I don't browse with it. My workstation here is pretty much up-to-date. Your scanning tools only hit my relatively unsecure server which doesn't hold any important information. It's just the first barrier.
And I like my Win2000 - I don't feel the urge to switch to anything else and it has been running okay for a long time.

Sebastian

Yup, I understand the if it works keep it idea, but unsecure is a good wording for that box.

James.

Hi Everyone, I'm repeating this message:


Thanks for writing and thanks for letting us know. Yes, we had a comment spammer. Our engineers have since fixed the problem, and deleted all spam comments from the system.
Thanks Andy and the team for the fix of the nasty problem! It's been a while since you last had to wake the west coast crew for an emergancy?

Sebastian

I had 12 of those "poker" comments this morning, then, when I went back a few minutes later, all the comments were gone, and there was no sign of them! Guess someone took care of it!
THANKS!

I had 12 of those "poker" comments this morning, then, when I went back a few minutes later, all the comments were gone, and there was no sign of them! Guess someone took care of it!
THANKS!

You're welcome!

Thanks for writing and thanks for letting us know. Yes, we had a comment spammer. Our engineers have since fixed the problem, and deleted all spam comments from the system.

You can change your comment email alert preferences by going to Control Panel>Mail Preferences
You can enable comment approval by following the instructions here:
http://www.smugmug.com/help/photo-sharing-comments

Please watch our Support Forum http://www.dgrin.com/forumdisplay.php?f=12 for updates.

We'll continue to monitor the system. Please let us know if you experience any more comment problems. I'm sorry for the hassle.

Yup, I understand the if it works keep it idea, but unsecure is a good wording for that box.
You're probably right, but I can't put a firewall on this thing. It's a 300mhz celeron notebook and it's only on when I or one of the people in my flat are in the internet. I've been taking my chances on this for a while and will keep it that way. If somethings wrong with it, I'll get to know it pretty fast.

Thanks for the advice though.

Sebastian

Yup, I understand the if it works keep it idea, but unsecure is a good wording for that box. Yup, time to update.

http://img.photobucket.com/albums/v334/peestandingup/PoweredByMacOSX.gif

http://img.photobucket.com/albums/v334/peestandingup/index_darwinunixbased20050412.gif

Thanks Andy and the team for the fix of the nasty problem! It's been a while since you last had to wake the west coast crew for an emergancy?

Sebastian

Yes - and I don't like doing it, of course, because by 7am my time in NY, it's 4am in Calif. And Onethumb and Wireless sure work late hours as it is, so the wakey wakey thing is not fun. I'm just glad that they were able to stop the spam, and delete it, too.

Thanks everyone for their patience and understanding.

well, exactly, when I run into a deal like this I pull in all the info I can on the most likly sources, then compair more, I just was giving out what looked to be a likly source to see if others had the same and actually also in case exactly what the case was, in case it was someone on dgrin with legit use. Most people don't browse with a system like that, a fact which raised a flag or 2 for me.

James.

i was actually making an attempt at humor.....know when to hold em'....the gambler....kenny rogers....poker spam...


i fear i may be wasting my energy though...doesnt seem like you're much in the mood.

Yup, time to update.

geez. who let the fanboys in?

--chop--doesnt seem like you're much in the mood.

yeah, "talking" to the fiance right now, you know those times. :wxwax

james.

Wow!

All kinds of drama while I was asleep :D

Thank you so much to smugmug for fixing everything before I even knew anything had happened! You guys are the bestest.

geez. who let the fanboys in? Oh, sorry. You are right. Windows is very secure & UNIX sucks. My bad. :rolleyes

Thanks Andy and Team ! :thumb

Francois



Hi Everyone, I'm repeating this message:


Thanks for writing and thanks for letting us know. Yes, we had a comment spammer. Our engineers have since fixed the problem, and deleted all spam comments from the system.

You can change your comment email alert preferences by going to Control Panel>Mail Preferences

You can enable comment approval by following the instructions here:
http://www.smugmug.com/help/photo-sharing-comments

Please watch our Support Forum http://www.dgrin.com/forumdisplay.php?f=12 for updates.

We'll continue to monitor the system. Please let us know if you experience any more comment problems. I'm sorry for the hassle.

I got 44 of them overnight. I've always had comment approval on, so they didn't post. But I also see that they must have been cleaned up as I had nothing to approve this morning.

update: 1528 comments and rising.

looks like the deck is stacked against me.


Nah, you've got me on your side. :)

I've been having fun with this loser for the past hour or so. I figure I've got a LOT more CPU power than he has, so I'm actually not just not posting his comments - I'm holding his TCP connections open for 5 minutes before closing them. :)

The dork keeps on coming though. (And based on his efforts, this isn't just a bot - he's totally poking around manually)

Whoever he is, he's pretty clueless - smugmug adds 'rel="nofollow"' to all of the HREFs in comments and such so none of the search engines will see his silly spam.

Oh well, back to play with my mouse :)

Don

Anyone else get bombarded with comment spam recently. I was working on the site when it happend. I got 11 spam comments (poker 838 or something) in the span of about a minute to 11 different images and galleries. I have comment approval turned on so they didn't get through, and since it was 11 it was a minor annoyance, but imagine if it were hundreds or thousands.

Short of hiding comments with CSS, there isn't a simple way to disable comments site-wide. Plus if someone is using a script, hiding it with CSS may not do anything anyway.

I wonder if Smugmug is working on some way to prevent this kind of thing from happening like using a captcha or something.

I had 295. Normally, I'd be flattered - haha. But they're gone now :)

You guys are amazing. This has been an interesting and enlightening drama. I'm enthralled by the lingo being flung around by you tech whizzes. Well done to the West coast guys. You're the true CSI guys in this episode. I especially enjoyed your ridicule of the fool that's attempting to match wits with you. We all hold the hammer with you! Go get 'em.:1drink

i was actually making an attempt at humor.....know when to hold em'....the gambler....kenny rogers....poker spam...
For the problem is that I simply don't get it. Can someone enlighten the non-native speaker around here?:D

Thanks,
Sebastian

This is exactly why I was looking at the simple stuff, all of the recent attacks that I have had at the office came from small level guys, doing basic stuff, the big boys know that we have thier number and the are paying joe blow to go spam his brain out till he gets canned by his ISP. The last one I caught was a UCLA student trying to make beer money, dumb kid, tried to use my state owened servers to send spam from the UCLA campus, like we arn't gonna catch that. I have much better toys for when they try this to my work boxes, kinda like don I like to play when I get a bite. On that last one I called UCLA too soon and didn't get to have much fun, but then again they did catch him sitting at the system.

James.

Nah, you've got me on your side. :)

I've been having fun with this loser for the past hour or so. I figure I've got a LOT more CPU power than he has, so I'm actually not just not posting his comments - I'm holding his TCP connections open for 5 minutes before closing them. :)

The dork keeps on coming though. (And based on his efforts, this isn't just a bot - he's totally poking around manually)

Whoever he is, he's pretty clueless - smugmug adds 'rel="nofollow"' to all of the HREFs in comments and such so none of the search engines will see his silly spam.

Oh well, back to play with my mouse :)

Don

Oh, sorry. You are right. Windows is very secure & UNIX sucks. My bad. :rolleyes
Nope, they're all more or less secure, just depends on the crowd using them. Comes with fact that there are more Windows guys out there having spare time I guess.
Still MAC or Linux are no option for me. Too much Windows stuff I hang on. But let's not start this discussion over here again. :wink

Sebastian

For the problem is that I simply don't get it. Can someone enlighten the non-native speaker around here?:D

Thanks,
Sebastian
He was quoting and old and very good country song about poker, it was kinda dry humor attempt, that flopped on me because I am having a bad morning already.

James.

Edit: the song name is "the gambler"

He was quoting and old and very good country song about poker, it was kinda dry humor attempt, that flopped on me because I am having a bad morning already.

James.

sebastian, look up Kenny Rogers & The Gambler

get an mp3 if you can, i guarantee you've heard the song before.

Ahhh, too funny, I got "The Gambler" right away. Now I feel old, and I'm only 32 (at least for a few more weeks...)

Thanks guys for cleaning up the mess! I guess I didnt' need to read the whole thing but it was interesting anyways.

So :thumb is it safe to allow comments again?

from my viewpoint blocking them when you see an attack of this size and or sitting there deleting them is a waste of your time, don and boys will be able to kill them all at one time faster than you can kill 5 of them. The one or two offs you will want to worry about, but the SM will fix the big ones.

James.

So :thumb is it safe to allow comments again?

I turned comments back on and haven't gotten spammed. Should be safe enough :dunno

Anyone else get bombarded with comment spam recently. I was working on the site when it happend. I got 11 spam comments (poker 838 or something) in the span of about a minute to 11 different images and galleries. I have comment approval turned on so they didn't get through, and since it was 11 it was a minor annoyance, but imagine if it were hundreds or thousands.

Short of hiding comments with CSS, there isn't a simple way to disable comments site-wide. Plus if someone is using a script, hiding it with CSS may not do anything anyway.

I wonder if Smugmug is working on some way to prevent this kind of thing from happening like using a captcha or something.

Great that all is fixed! :clap I had about 300 messages.
But it may happen again in the future.

Feature request:
Install something like SecureImage for spam control. I did this for my blog (http://blog.antonspaans.com/) to fight spam. It requires the commenter to copy an (warped) image of a text-string into a text-field. If the text matches, only then the comment is accepted. I installed it because i got spam on my blog. After i installed, not one single spam message.

edit: ah, great that all the spam comments were removed :)

thanks much :P

i was wondering what was up when the comments weren't there, which led me to this thread :)

Great that all is fixed! :clap I had about 300 messages.
But it may happen again in the future.

Feature request:
Install something like SecureImage for spam control. I did this for my blog (http://blog.antonspaans.com/) to fight spam. It requires the commenter to copy an (warped) image of a text-string into a text-field. If the text matches, only then the comment is accepted. I installed it because i got spam on my blog. After i installed, not one single spam message.

I am not so sure that is a good idea, maybe better to deal with the odd attack than make people go to that much trouble.

James.

I am not so sure that is a good idea, maybe better to deal with the odd attack than make people go to that much trouble.

James. Nah, I also like the idea of the SecureImage thing. Its really not that much trouble for guests. Besides, more & more websites are doing this for the very reason of fighting attacks like we had today. If it were a perfect world, there wouldnt be no such thing as spam, but its a constant battle against this stuff & im all for more security.

I say bring on the warped text thingies! :D

Nah, I also like the idea of the SecureImage thing. Its really not that much trouble for guests. Besides, more & more websites are doing this for the very reason of fighting attacks like we had today. If it were a perfect world, there wouldnt be no such thing as spam, but its a constant battle against this stuff & im all for more security.

I say bring on the warped text thingies! :D

It's called a Captcha (http://www.captcha.net/) :thumb

well, I am not too fond of the idea, I am not totally against it ether, I just don't think that one attack like this would justifiy it. SM also has to look at cost, which is cheaper, clean on occasion or a month license fee. How many time has this happened before?

James.

We would not do the captcha thing, it would make ajax comments near impossible. Instead we would probably monitor how many posts per minute/hour you make and then stop you from making more. (this is totally Don's thing though, I am just making guesses) ;)

well, I am not too fond of the idea, I am not totally against it ether, I just don't think that one attack like this would justifiy it. SM also has to look at cost, which is cheaper, clean on occasion or a month license fee. How many time has this happened before?

James.

We would not do the captcha thing, it would make ajax comments near impossible. Instead we would probably monitor how many posts per minute/hour you make and then stop you from making more. (this is totally Don's thing though, I am just making guesses) ;)

Throttle the amount/speed of comments... mmmmm.. that would not be a bad idea at all! :D

well, I am not too fond of the idea, I am not totally against it ether, I just don't think that one attack like this would justifiy it. SM also has to look at cost, which is cheaper, clean on occasion or a month license fee. How many time has this happened before?

James.

There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.

I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together. :)

Don

There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.

I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together. :)

Don

I believe in you!!!

...but JT seems to think it's not possible. Dunno why he'd think that...
comment throttling = don work

captcha = don+jt work

methinks the answer is obvious.

There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.

I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together. :)

Don
I've seen the PHP code of SecureImage (similar system for WordPress comments), and it looked simple indeed. Most LINUX/Unix systems come with ImageMagick's 'convert' tool anyway, doing the brunt of the work.

I think it'll work great, until that dreaded day comes when the bots are able to read warped text! Dun Dun Duuuuun!! :D

I think it'll work great, until that dreaded day comes when the bots are able to read warped text! Dun Dun Duuuuun!! :D

they already can: http://www.macworld.co.uk/news/index.cfm?NewsID=13911&Page=1&pagePos=2

they already can: http://www.macworld.co.uk/news/index.cfm?NewsID=13911&Page=1&pagePos=2

oh silly me...i must have accidentally posted the link about the mac OSX security hole.

my bad.





(i'm just messin w/ya kerry :thumb)

oh silly me...i must have accidentally posted the link about the mac OSX security hole.

my bad.





(i'm just messin w/ya kerry :thumb) LOL, no prob. :thumb

But, in all fairness, that was the first "virus-like" trojan/worm for Mac OS X, which is pretty darn good. Thats why you heard so much about it, even though it wasnt really a big deal & they fixed it in like a day.

EDIT: Oops, I was talking about something else. The Safari thing is news to me. :dunno

There wouldn't be a fee. Captcha is braind-dead simple to write, so we'd just roll our own.

I think this is what we'll do, but JT seems to think it's not possible. Dunno why he'd think that, so I guess we'll have to put our heads together. :)

Don

hmmm, I didn't know it was that simple, cool, I'll have to check it out. but the posts per hour thing sounds like a winner, or maybe after like the third post in X amount of time start using captcha.

James.

LOL, no prob. :thumb

But, in all fairness, that was the first "virus-like" trojan/worm for Mac OS X, which is pretty darn good. Thats why you heard so much about it, even though it wasnt really a big deal & they fixed it in like a day.

EDIT: Oops, I was talking about something else. The Safari thing is news to me. :dunno


macfixit.com has several solutions, this one being the best, IMO. Also the most complicated:

Make Terminal ask for permission This is the most involved workaround, and probably the most effective. It involves replacing the Terminal application with an automator script that will intercept calls to Terminal and seek your permission to run Terminal before executing.

1. First you will need to download the Automator script, created by a MacFixIt reader, by going to the "Go" menu in the Finder, selecting "Other User's Folder" then typing "pehowland" (without quotes) and pressing return.
2. Next, download the file named "Terminal.app.zip" and unstuff it. The resulting file will be an Automator script application named "Terminal.app" or just "Terminal" if you have file extension display turned off.
3. Next, using the Finder, go to /Applications/Utilities and rename Terminal.app to _Terminal.app.
4. Copy the replacement Terminal.app (the Automator script) into /Applications/Utilities
5. Now every time a shell script attempts to launch the Terminal, the automator script will launch instead and demand user permission before the actual Terminal is launched.

If you want to undo this process, just delete my new Terminal.app and rename _Terminal.app back to Terminal.app.

sebastian, look up Kenny Rogers & The Gambler

get an mp3 if you can, i guarantee you've heard the song before.
Ok, got it, but it didn't sound familiar at all. They're so many country songs out there...the only time I recall listening to country was when I checked out the radio stations in the GTA game series. :wink

To stay a bit on topic: I also like the idea to limit the amout of comments one can post per limit, but don't set the limit lower than Andy's posts per minute frequency at it's best. That's the best man can achieve though. :D
The distorted image thingy should be an optional thing that we can activate when we want to. Would be nice to have this for emailforms too, like someone sugested.


Sebastian

* quietly slips out of the nerd convention*

The distorted image thingy should be an optional thing that we can activate when we want to. Would be nice to have this for emailforms too, like someone sugested. Amen on the email forms!! I had to take my "mailto" email link off my page 'cause I started getting spam. I know there is a few workarounds to this mentioned on other threads, but it would be cool to have the option of a form built in. At least for maybe the power/pro users. :D

That was definately quite anonying. But, I have to say, thanks for the quick response as usual smugmug! You guys rock.

Wow- I somehow missed this thread yesterday. I even searched for this topic yesterday morning when I woke up and saw all my email notifications. I guess I feel lucky, since I only received 5 comments. At first thought, I also thought it must be some kind of robot. But I noticed all the comments were on the first picture of my most popular galleries. However, I didn't see anything in my stats. Anyway, I'm glad it is fixed. I also think it is great that Don took the opportunity to fight back with his much superior tactics. :duel

Thanks for all the help from the SWAT team.

Miles

Anyone else get bombarded with comment spam recently. I was working on the site when it happend. I got 11 spam comments (poker 838 or something) in the span of about a minute to 11 different images and galleries. I have comment approval turned on so they didn't get through, and since it was 11 it was a minor annoyance, but imagine if it were hundreds or thousands.

Short of hiding comments with CSS, there isn't a simple way to disable comments site-wide. Plus if someone is using a script, hiding it with CSS may not do anything anyway.

I wonder if Smugmug is working on some way to prevent this kind of thing from happening like using a captcha or something.

The spammer is at it again...
I get Real Estate spam again!

I'm right in the middle of getting another barrage of comment spam!
Eek!

Matt Brady
www.ruama.com

The first batch yesterday seems to have been killed very effectively, but here comes round 2. I'm getting this one:

1. | made by: real estate aspen (105421439@87750645.com) | on: Feb 22, 2006 8:09am PST | action: delete (javascript:deleteComment(399814,'Image',22087284) ;)

boise idaho real estate boise idaho real estate (http://www.realestateplanet.info/real-estate/boise-idaho-real-estate.html)
boise real estate boise real estate (http://www.realestateplanet.info/real-estate/boise-real-estate.html)
phoenix real estate phoenix real estate (http://www.realestateplanet.info/real-estate/phoenix-real-estate.html)
real estate aspen real estate aspen (http://www.realestateplanet.info/real-estate/real-estate-aspen.html)
real estate for sale real estate for sale (http://www.realestateplanet.info/real-estate/real-estate-for-sale.html)
olympia real estate olympia real estate (http://www.realestateplanet.info/real-estate/olympia-real-estate.html)
monarch beach real estate monarch beach real estate (http://www.realestateplanet.info/real-estate/monarch-beach-real-estate.html)
truckee real estate truckee real estate (http://www.realestateplanet.info/real-estate/truckee-real-estate.html)



It's like a video game. The second wave is coming, did SM get their powerups?



I've got faith in you guys!



F

The spammer is at it again...
I get Real Estate spam again!

same here - just started a couple of minutes ago. back to enabling comment approval ... 8 so far, but it just started.

same here, 6 so far, don't fear, SM will have it cleared up soon.

James.

I have a collect call for a Mr. Teknow Warrier. Will you accept the challenge? C'mon take this Real Estate guy on like his punkass predecessor. I got one from him a few minutes ago.:wxwax

same here, 6 so far, don't fear, SM will have it cleared up soon.

James.

I've notified Onethumb.

same here - just started a couple of minutes ago. back to enabling comment approval ... 8 so far, but it just started.

Where can i turn on 'comment approval'? Can't find the button :D

Where can i turn on 'comment approval'? Can't find the button :D

Never mind... found the button! :D

Where can i turn on 'comment approval'? Can't find the button :D

go to the control panel and view your comments. Up in the top right is a button that says enable comment approval.

mikelane2.smugmug.com and customize.smugmug.com have been spammed fyi. Comments are still disabled for all of mikelane.smugmug.com (and will remain that way for some time I suppose).

Where can i turn on 'comment approval'? Can't find the button :D


Thanks for writing and thanks for letting us know. Yes, we had a comment spammer. Our engineers are working on the problem, and hopefully they'll be able to delete the spam comments for you.

You can change your comment email alert preferences by going to Control Panel>Mail Preferences
You can enable comment approval by following the instructions here:
http://www.smugmug.com/help/photo-sharing-comments

Please watch our Support Forum http://www.dgrin.com/forumdisplay.php?f=12 for updates.

We'll continue to monitor the system. Please let us know if you experience any more comment problems. I'm sorry for the hassle.

go to the control panel and view your comments. Up in the top right is a button that says enable comment approval.

mikelane2.smugmug.com and customize.smugmug.com have been spammed fyi. Comments are still disabled for all of mikelane.smugmug.com (and will remain that way for some time I suppose).

I just want to walk up to that SPAM dude (or dude-ess) and bitch-slap him silly! :beatwax
(I'm a 6'7" tall guy, so that could be very entertaining. Anyone bring a camera!?)

I just turned on comment approval and wanted to let you know that I've also received 7 spam comments, but they are gone already! :thumb

Is this the same guy or did somebody copy the action of the yesterday guy?


Thanks for the quick fix,
Sebastian

It's like a video game. The second wave is coming, did SM get their powerups?

Yeah, so yesterday I had fun keeping the losers' TCP sockets open. I hope I crashed his box.

Today I have a little less patience, so everytime he tries to post a spam, I dump a few hundred GBs worth of junk data back at him.

Let's see who has more bandwidth - me or him. :)

Don

Looks like Don was able to delete the spam comments.

I just received 2 comment notification emails. They were for 2 of the same pictures that were spammed yesterday. When I click on the link in the email, there isn't a comment posted. It looks like the SWAT team is already working behind the scenes and deleting these for us. At least mine have been deleted. Wow- what super support. :clap I would love to see one of these little scums attacked by a group of angry muggers:beatwax

Thanks for the great support by smugmug.

Miles

Edited to add that it looks like I type too slow. Onethumb confirmed my reply. I'm giddy just thinking about how much fun it would be to crash this spammers box with GBs of garbage.

Yeah, so yesterday I had fun keeping the losers' TCP sockets open. I hope I crashed his box.

Today I have a little less patience, so everytime he tries to post a spam, I dump a few hundred GBs worth of junk data back at him.

Let's see who has more bandwidth - me or him. :)

Don
admit it, while this guy might be a PITA, you're enjoying yourself.

Yeah, so yesterday I had fun keeping the losers' TCP sockets open. I hope I crashed his box.

Today I have a little less patience, so everytime he tries to post a spam, I dump a few hundred GBs worth of junk data back at him.

Let's see who has more bandwidth - me or him. :)

Don

I love what you do to him/her, but you got to be careful with that. Two wrongs don't make a right. If you cause damage to his servers, etc, i won't be surprised if he actually could come after you (legally).

I love what you do to him/her, but you got to be careful with that. Two wrongs don't make a right. If you cause damage to his servers, etc, i won't be surprised if he actually could come after you (legally).

He's opening a connection to MY server. I'm simply sending him an appropriate response.

He can close the connection if he'd like to - but he requested MY data.

I'm on pretty firm legal ground. :)

Don

He's opening a connection to MY server. I'm simply sending him an appropriate response.

He can close the connection if he'd like to - but he requested MY data.

I'm on pretty firm legal ground. :)

Don

Send him a few hundred GBs of these: :flip

Get him!

Anyone else still getting notifications trickling in? I guess he is done spamming, the notices are just a bit late?

Thanks for deleting the comments all in bulk. I didn't have too many, but what a nightmare for those that had a lot!

Is this huge amount of garbage data your sending out causing problems with our (smugmug's) server? I haven't been able to access any smugmug sites for the past few minutes. Oh well, if that is what it takes to get rid of this scum, I guess it will be worth it.

Miles

Onethumb, is there a way you can make the bastards computer explode or give him one of these? :noob

He's opening a connection to MY server. I'm simply sending him an appropriate response.

He can close the connection if he'd like to - but he requested MY data.

I'm on pretty firm legal ground. :)

Don

You're right.. i like your thinking :D

Yeah, so yesterday I had fun keeping the losers' TCP sockets open. I hope I crashed his box.

Today I have a little less patience, so everytime he tries to post a spam, I dump a few hundred GBs worth of junk data back at him.

Let's see who has more bandwidth - me or him. :)

Don

:clap Awesome.

:clap Awesome.

This guy is still going. None of his comments have made it through since like 8:30am, but he's still pounding us.

What a dork.

Don

This guy is still going. None of his comments have made it through since like 8:30am, but he's still pounding us.

What a dork.

Don

As seen on our release notes, CAPTCHA is live now. Hopefully this will help. :)

Don

As seen on our release notes, CAPTCHA is live now. Hopefully this will help. :)

Don

yeeowza that was fast!

As seen on our release notes, CAPTCHA is live now. Hopefully this will help. :)

Don
Does the code have to be that obscure? It's quite hard to read on my laptop at 1024x768. I've yet to try at 1600x1200 on my 21" monitor...

I've gotten some 5 comments in 1,5 years so far, now I expect to get a lot less. Part of this maybe has to do with the fact that Finns are not the most talkative people. :)

Does the code have to be that obscure? It's quite hard to read on my laptop at 1024x768. I've yet to try at 1600x1200 on my 21" monitor...

I've gotten some 5 comments in 1,5 years so far, now I expect to get a lot less. Part of this maybe has to do with the fact that Finns are not the most talkative people. :)

Unfortunately, it has to be mildly difficult to read - otherwise a computer could also read it easily.

We tried to find a good balance of readability, usability (see the link there to get another one in case you can't read the one you got?), and security. I think we did a pretty good job, imho.

FYI, I was testing it at 1920x1200 and have no trouble reading most of them. Maybe I'm unique, though?

Don

FYI, I was testing it at 1920x1200 and have no trouble reading most of them. Maybe I'm unique, though?
That must be a widescreen LCD with a hefty dot pitch. Or you were just sitting close enough. :)

While it may be hard to read for some, the way you handle a wrong code submit is very nice. Ajax to the rescue in this regard I guess.

I think the image could be a bit larger since it is shown only after opening the comment input box anyway.

Edit: I really need to remember to write a sig sometime. In the meantime, here's something for Google: http://www.majakorpi.net

I hate that we have to take such drastic measures, but I guess it will be worth it. I receive an average of 4 comments per day. (I have a photo of the day gallery that gets a lot of attention) I'm anxious to see how this will affect my viewers. I can see that some people will have problems reading the code, but at least they have an option to view a new code. Hopefully they won't be to afraid to try something new. I know some people hate change, and this isn't part of the usual routine. Overall, I think this will be a good thing.

Kudos to the smugmug team. Wow, what a week!!!. Spammers and DoS attacks at the same time. I think you've handled it well. Thanks

Miles

As seen on our release notes, CAPTCHA is live now. Hopefully this will help. :)

Don

Thanks! Wow, that was FAST!!! :thumb