I hadn’t had any comment spam for months. Last week I upgraded to 1.4.3, and today the comment spam started again:

http://www.pnjwood.com/fotoblog/?showimage=plate5578@pnjwood.com

The Comment is:
----------------------------------------------------------------------
as Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0
Content-Transfer-Encoding: 7bit Subject: said to be wan iv th quickest iver
heerd since bcc: batts1005@aol.com b93746dde039ecd193398aa7cbd6e366 .

by plate5578@pnjwood.com - plate5578@pnjwood.com

Whatever you guys did to stop comment spam actually reduced my level of protection.

While I certainly appreciate the work you guys did on protecting against the new threat, I’d really like to be able to stop all this spam.

Thanks for posting Paul. Will is out of town for Thanksgiving, not sure how quickly this one will get fixed.
I'll try to familiarise myself with the problem this weekend.
In the meantime turning off comment email notifications should prevent the spam..

our testing prevented the bot we were aware of and it was tested thoroughly.

as for the above - i've no idea yet. but if we didn't crack it i'm disappointed. we'll get back to this asap.

by the way... you are certainly not more vulnerable! the system has only been improved. if you've only started receiving more since then it's a coincidence.

to quote a mighty warrior:
They've adapted.

well, what we did?

we made sure that no variable can be passed to the script which is not posted from the form itself, we only accept the $_POST[..] variables and make sure that no other values can be passed to the script

I fixed many forms in the last time like this and all forms which were misused before now don't send any spam at all
they are safe

so, I have one question:
there was a misunderstanding/mistake in the readme_upgrade.txt in the folder /doc

there it was said to change the pixelpost.php (which is right to update the version information) + to change the admin/index.php (and that was wrong, because the index.php must be changed)

which file did you upgrade? The

index.php or admin/index.php?

If you upgraded the second, than you are still vulnerable and the spamming just found your comment form and started to send spam

if you upgraded the first one, than we must go into it, and we need the server log of your domain to see what kind of requests came

we are sorry for this, but our fault was only that mistake in the readme, the other things are exactly what other spam protection scripts do to protect other scripts, mailers or blogs as well...

connie - i did fix that mistake in the readme so that shouldn't have been a problem!

Yeah! I bet you are not using popup comments. and there is something wrong in 1.4.3 release! the main point for 1.4.3 release was to stop that comment spams BUT I don't know how but the released version does not have that for non-popup comments!!!

To fix dload the attachment which is index.zip and it contains index.php file. repleace it with the current main index.php of your 1.4.3 install.

EDIT:
THIS BUG IS FIXED NOW ON THE OFFICIAL RELEASE OF 1.4.3. IF YOU DOWNLOAD IT FROM NOW ON, YOU DON'T NEED TO DOWNLOAD THE ATTACHED INDEX.PHP.

Thanks, everybody, for the fast response. I’ve replaced the file with the new one posted by Raminia. If I get any more comment spam, I’ll let you guys know, and maybe we can adapt as fast as the spammers.

— Paul

Thank you! tell me if those evil spammers come back.

KILL ALL SPAM!!! grrrrr!

Do we have any updates on this? Has the "official" version of 1.4.3 resolved the spam issue?

the official release has been updated with the fix of the bug I mentioned above.

Ok... I had updated to 1.4.3 still getting spam..
I just uploaded need index.php...
now i'll see if we killed it ??

Question, under admin
it states this...

You are running version 1.4.3 of Pixelpost. Released 21 November 2005.
Latest pixelpost version: Check

But on my page it says 1.4.1 ??
any ideas,

Thanks
Lou

I hope i've upgraded to 1.4.3

Lou, It says "Powered by Pixelpost 1.4.1" on your site because that's in your template file. Just go into image_template.html and change that line :)

please be aware that 1.4.3 does fix a security hole in the comment form that spammers was able to use it to send spams to other email address through mail function of you domain. But it won't stop all spammers! It just made PP more secure and fixed the security hole.

Well... e2 took down my site for spam, I have the latest upgrades what gives? is 1.4.3 secure?

... but can't do anything like ftp etc because the accounts disabled..

What a mess again....

any thoughs on what causing the spam ???

Lou, we can't really do anything without further information.
Do you have any logs? Emails from e2? Anything that can help us track down the problem?

Well... e2 took down my site for spam, I have the latest upgrades what gives? is 1.4.3 secure?

... but can't do anything like ftp etc because the accounts disabled..

What a mess again....

any thoughs on what causing the spam ???
what did they tell you about the problem? you had referer spams or what?

well, we closed the security gap in the comment-function with version 1.4.3 and disabeled referer-spam by giving a 404 in 1.4.2,
but we cannot stop these ****-spammers to try to spam again

I get more than 10.000 hits a day at photografitti.de as referrer-spam which is blocked by referrer-karma.php with 403
but these **** just come back

you cannot hinder somebody to run against a wall, but for sure this causes traffic and server load

once again, the side is the victim, but to protect everything does not stop these scripts.

So some Hosters just see the traffic, don't look into the log-files to analyze the causes for the traffic and just close the website

I had this with serverschleuder.de as well, a very unprofessional hoster in Germany, they even did not allow me .htaccess to block...

I guess it is heavy traffic because of spammers who TRY to produce referer-spam or comment-spam

well, we closed the security gap in the comment-function with version 1.4.3 and disabeled referer-spam by giving a 404 in 1.4.2,
but we cannot stop these ****-spammers to try to spam again

I get more than 10.000 hits a day at photografitti.de as referrer-spam which is blocked by referrer-karma.php with 403
but these **** just come back

you cannot hinder somebody to run against a wall, but for sure this causes traffic and server load

once again, the side is the victim, but to protect everything does not stop these scripts.

So some Hosters just see the traffic, don't look into the log-files to analyze the causes for the traffic and just close the website

I had this with serverschleuder.de as well, a very unprofessional hoster in Germany, they even did not allow me .htaccess to block...

So here's what I got from e2..
Lou,

Your site was sending out over 100,000 emails per hour to a specific address at hotmail. Due to the severity of the spam request we have had to terminate your account. The way the account was sending email out was not through a web form and was authenticated through a SMTP socket, this forced us to terminate your account.

Please let us know if you have any further questions.

Thanks!

Eleven2 Support

I find this funny because outgoing SMTP doesn't go through their server... It goes through my main email account.. e2 only push my POP3 mail in and ships outgoing through my main server.

The last attack I had was through http they wrote scipts in a sub dir under pixplepost/admin.
My isp didn't example how the scipt was loaded to the site,
but removed it. I guess somethings you never know unless you want to spend your life hacking..

I was shopping for a new host and noticed alot of host have a zero tolerance policy for spam, so if you get hacked you loose you isp, its easier for them to close the account rather than figure out whats happening. That business model will evently fail.

i spoke with eleven2 earlier today, the spam wasnt through pixelpost from what i understand...

i spoke with eleven2 earlier today, the spam wasnt through pixelpost from what i understand...

The same I get from E2 explanation which they give at our forum. They said it was through SMTP-authentificated connection.

I guess E2 never heard of spoofing?

Due to the seriousness of the offense the account has been closed. If you wish to continue to host with us, you would need to signup for a new account as we cannot re-open an existing abusive account.

Please let us know if you have any further questions.

Thanks!

Rodney Giles
Eleven2, Inc.

I wonder how opening a new account solves the problem ??
Inquiring minds want to know..

i spoke with eleven2 earlier today, the spam wasnt through pixelpost from what i understand...

I wonder how you got through. I could never get a human on the support line..

I guess E2 never heard of spoofing?

why would you think email spoofing would be acceptable?

http://www.cert.org/tech_tips/email_spoofing.html

Ive seen it was accepted authentificated SMTP connection so someone (or you) knew password to your account.
It gives you advice to use SSL connection for POP3/SMTP/webpanel and FTP (called sFTP).
Opening new account give you second chance (even if this spammer was you) and belive that it was last such situation. They want to be fair to you.

']why would you think email spoofing would be acceptable?

http://www.cert.org/tech_tips/email_spoofing.html

Never said it was exceptable.... Just pointed out that is done on the net...

Ive seen it was accepted authentificated SMTP connection so someone (or you) knew password to your account.
It gives you advice to use SSL connection for POP3/SMTP/webpanel and FTP (called sFTP).
Opening new account give you second chance (even if this spammer was you) and belive that it was last such situation. They want to be fair to you.

That's fair.. But doesn't solve the problem...
Yes, I knew mine own passwd... hummmm
I wish you guy's e2 would answer the phone so I could understand what happened..

and you could get sued for calling someone a spammer..

ok... send me the logfile

and you could get sued for calling someone a spammer..

first, don't shoot with canon balls to sparrows
at least all this here is not important for your life, it is leisure and fun

I would be glad if somehow (it must not be Pixelpost) my domain is abused for spam, this spam is stopped at first
then I would try to be cooperative and try to understand

but you just hit around you and show no patience at all, you poor victim

everybody of us is in risk, life is dangerous, people have bad characters, and we must be aware of everything, we are not the center of the world and our small problems are mostly nothing compared to the problems of the majority of people in the world

so don't complain here too much, please!

things like this happened to one of my domain as well and I felt bad, but I tried to understand and tried to fix the hole... not arguying around

many of our team members helped you to understand what is going on, but you behave like a small child..

and you could get sued for calling someone a spammer..
well they didn't actually call you a spammer, they said your account had been closed because of spam.
who knows, you could've had some malware installed on your PC, or your account could have been compromised. what they DO know is that their SHARED server was sending out spam from your account.
there could be 5, 50 or 100 other websites (and therefore, customers) on that server who are all being affected by this. infact, my domain on Eleven2 was VERY unresponsive the other day, so it could well have been you affecting me.
as far as shared hosting goes, you will always count as a low value customer. it's not hard to replace you, and your actions can affect every other customer they have on that server. they are completely within their rights to close your account as soon as there's trouble.

first, don't shoot with canon balls to sparrows
at least all this here is not important for your life, it is leisure and fun

I would be glad if somehow (it must not be Pixelpost) my domain is abused for spam, this spam is stopped at first
then I would try to be cooperative and try to understand

but you just hit around you and show no patience at all, you poor victim

everybody of us is in risk, life is dangerous, people have bad characters, and we must be aware of everything, we are not the center of the world and our small problems are mostly nothing compared to the problems of the majority of people in the world

so don't complain here too much, please!

things like this happened to one of my domain as well and I felt bad, but I tried to understand and tried to fix the hole... not arguying around

many of our team members helped you to understand what is going on, but you behave like a small child..

Thanks for all the kind words and support.

My parting thoughts...

I've had a web site since 90 and over the years I have had several ISP. I've been on the net since 81. I'm 61 yrs old and not a kid. I've never had any problems until I install
Pixelpost, and will remove it from my site and find another blogging software.

My business is photography and that's how I make my living so my sites important to me. It helps feed me.
I don't make a lot of money so I use a small ISP's to keep my cost down.

I guess those of you who have vanity sites will not understand what talking baout because you web site doesn't feed you.

so It's time for me to move on form this form. Good luck with you beta software. There are alot of holes in it, so keep plugging away.

Bye

Lou
http://www.pbase.com/ldallara

Thanks for all the kind words and support.

My parting thoughts...

I've had a web site since 90 and over the years I have had several ISP. I've been on the net since 81. I'm 61 yrs old and not a kid. I've never had any problems until I install
Pixelpost, and will remove it from my site and find another blogging software.

My business is photography and that's how I make my living so my sites important to me. It helps feed me.
I don't make a lot of money so I use a small ISP's to keep my cost down.

I guess those of you who have vanity sites will not understand what talking baout because you web site doesn't feed you.

so It's time for me to move on form this form. Good luck with you beta software. There are alot of holes in it, so keep plugging away.

Bye

Lou
http://www.pbase.com/ldallara
Thank you keep getting older.

I don't really understand why you're getting annoyed at us. Eleven2 already stated that the problem had nothing at all to do with Pixelpost.

Plus as an aside, there are plenty of commercial photographers who use Pixelpost, but at the end of the day it's not commercial software, we've never claimed that there are no problems, infact we're very open about the issues with Pixelpost, that said - your problem wasn't caused by our software.

Sure, Pixelpost doesn't feed us, because we're all volunteers. But i for one am a professional web developer and a freelance photographer. Both of these trades "feed me". I don't pursue them, or Pixelpost out of vanity.

I am personally very sorry that you've had problems, and i'm sorry we couldn't make you happy with our software, because at the end of the day that's why those of us on the dev team dedicate a large amount of our free time to helping users. But with an issue that is between you and Eleven2, all we can do is try to defend Eleven2, we are on very good terms with them and believe they offer a fantastic service.

Good luck with the blogging software you move onto, and let us know how it works out for you, we're keen to expand Pixelpost, and we love criticism.

Take care

speaking on behalf of me, not pixelpost: but aren't people supposed to get more mature over the years?!