Hello, The past couple of days I have been removing wierd unreadable comments from my last picture. I am not sure what the source or nature is. But since there is no readable text I supose this is some sort of a program. The e-mail adresses are all from hotmail.

The adress is http://www.allesismooi.nl/photos I left some of the comments from last night to see.
Any tips on how to stop this or where they come from are more than welcome.

cheers!
Quinten

one user reported to me that he got comment spam with chinese characters as well

I think I will try to re-animate the anti.comment-spam.captcha again, which I stopped some time ago..

Hi Connie, It's about two or three of these comments a day so it is still managable, but where could it come from? It links to .asp sites wih I will not visit because I haven't got a clue what it is.
http://www.allesismooi.nl/photos/index.php?popup=comment&showimage=68

cheers!
Quinten

I have no idea, but that means nothing, because stupid people with energy but no idea what for to use this energy always find stupid molesting things to realize..

if all this creativeness would go into something beautiful, poetic, useful .. whatever... ;=(

captcha is the best way

try http://www.bildgier.de/download/anti_comment_spam_addon_v102.zip
a readme.txt is included
it worked for me, but I did not publish it because one user reported that one commenter could not send a comment


but it worked for 99%

if I find time I will go on that further, but in the moment no time

Thanks I also read the little script you wrote in another thread!

I'm having an even stranger SPAM problem. Well, it may not be a problem other than deleting the notification emails. Here's a sample of what the notification email looks like:

Hello,
A new comment has been made at your photoblog.

http://fauxtoblog.com/?showimage=said8452@fauxtoblog.com


The Comment is:
----------------------------------------------------------------------
said8452@fauxtoblog.com
by said8452@fauxtoblog.com - days Content-Type: multipart/mixed; boundary=\\\"800d51b2f66f041167c61302900b1a75\\\" MIME-Version: 1.0 Subject: no bcc: beacon5919@aol.com This is a multi-part message in MIME format. --800d51b2f66f041167c61302900b1a75 Content-Type: text/html; charset=\\\"us-ascii\\\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit that can shoot through th pocket. h other day it become necess ry to thrust on th impeeryal terrytory iv ryzony a competint person f r to administher th laws an keep th peace iv said --800d51b2f66f041167c61302900b1a75-- .
----------------------------------------------------------------------
Email Sent by pixelpost

Notice the address to the post, it's not a post at all and just gives the No picture here yet error. I don't know if this is a problem or not,

fauxtog

this is bad, the issue came up for the first time a few days ago and we have been working as much as possible to resolve it before it started popping up anywhere

i highly suggest switching you comment system off via the admin and removing the comment link (just replace link with #) for the time being...we do have the new code for the fix under testing for this very thing right now, we'll do our best to get that to you by sunday night...like i said, we think we have it fixed though, but we're waiting back on testing.

*edit* i am gathering a new index.php for you to test, it SHOULD stop this

backup your current pixelposts index.php somewhere

then download and upload this to replace the current index.php
http://pixelpost.org/temp/is_fix_test/index.zip

then see if that stops it

Well, now I just have a blank page. Hmmm... It's been a long time since I installed PixelPost. I'm sure I'm forgetting something.

I put the old index.php file back and the site works fine again. Is there something wrong with the new file?

for urgent remedy, PLEASE switch off the mail on comment feature on admin panel >> options >> general >> email me when comment appear? OFF!!

Do it now!

OK, I've turned off the comment notification, but is there some reason why you guys are so vague about this? What's the worst that can happen so I can figure out how to best prioritize this?

we are not so vague about it, it is the common form problem, that your comment system could be misused as to spread spam mails

we are just working on that, tested and will release the 1.4.3 security update today which will stop that

I wasn't trying to berate anyone. You gave me the EXACT answer I was looking for. No one said anything about using the system to send SPAM emails. That's what I wanted to know. Before telling me what the actual problem was, the only thing that I was told was that it was an issue and it was bad. How is that NOT vague? Sheesh!

can't you understand when we are examining a problem which seems to be serious that we warn even before we know exactly, waterproofed the reason / solution?

I asked a VERY simple question. If you didn't have an answer then tell me. If you do, then do. That's all I'm saying. I think it's definitely a language issue because I can barely understand most of the replies as it is.

I don't get it. If you were to post a strange problem and the only answers you got were telling you how bad it is and to shut down your comment system, wouldn't you want to know what might happen if you didn't shut down the system?

I think you guys are all wonderful coders and built a great product, but your communication (although much better than my German or Iranian) is very confusing in English. I was just trying to assess what I should do. If your first response had the information that your last two did, then it would have been perfect.

woah woah everybody's friends here! smile.. be happy! :D

both of you!! grrr

it's called injection hijacking, the bot uses a common line break to reach the bcc field and ships out copies of emails with it...simple as that

the bad part is, this bot, now targeting pixelpost, cause send out A LOT of those bcc emails...

yeah smile. The problem was stated before. They try to use your server as a spam server from a vulnerability in the HTML form. The similar attacks has been reported for wordpress as well in this September and now we have it in Pixelpost too.

The bad side is that your server will be in trouble if other servers (like yahoo, aol, ...) recognize it as a spam server.

On my part, I can tell you that I was in a hurry and I posted a meesage with most effect and in the least time. Nothing is vague. Please, get the 1.4.3 version as soon as it become available.

btw, Iranians speak Persian (or Farsi) not Iranian. sorry for insisting, it's just a friendly note ;)

Thanks Will. :-)

Sorry Raminia. I was typing quickly and with a little too much passion to get the facts correct. Thanks for your help. I was doing exactly as you all told me as fast as I could, I just got frustrated when I asked what I thought was a simple question after making the requested changes.

Here's another question.

I've received maybe 8 or 10 email notifications in the last few weeks that look the same as the one I first posted. Is each notification representative of many spam emails or is it a one to one type thing?

could be anywhere from 9 to 9300...your server logs contain this information, i suggest contacting your hosting support and giving them a heads up as well, if ou need help digging through the server logs to find this info that is their job, i do not know how long dreamhost will take to respond so i suggest going ahead and emailing them...

Could you write a sample email of what I (or anyone else with this problem) should ask our host's tech support? It never fails, when I need to ask tech support a question about something I don't fully understand, that the guy on the other end doesn't either. :-)

well, if you know how to check your logs, you dont really need to conact support...but anyways

Dear Dreamhost Support,

I am recieving a form of injection hijacking spam on my account. These attacks were first noticed on "enter/date/here". the issue is being resolved but I would like help checking the server logs to know how many spam emails were sent out during the time of attack.

- Your Name

Dude. I'm a photographer. I know how to check the film logs I use on jobs, but that's about it. :-)

Thanks.