hi!
i'm running PP 1.4.3 in my www.davidebretti.it
i got 3 comment emails containing:

"butalbital online_renova hypoglycemia order propecia cns_depressants_abuse klonopin bextra heart attack lipitor vaniqa subcision metformin pcos accutane xenical ultram"

at the moment i can't upgrade to 1.5 because it contain file with "-" in the filename and my provider doesn't allow it for "security reasons".

is this a serious problem? what can i do?

the - is just in the zip folder that you download, weird they wont allow a - anyways, the actual files dont contain - though...not what you upload at least...

v1.5 has better spam control, this specific message you got is new though, I recieved similar stuff today, and since starting with pixelpost I have never once had spam.

the - is just in the zip folder that you download, weird they wont allow a - anyways, the actual files dont contain - though...not what you upload at least...
v1.5 has better spam control, this specific message you got is new though, I recieved similar stuff today, and since starting with pixelpost I have never once had spam.

"-" is contained in laguage files, i will upgrade to the final release when it will be avaible, i want modify filenames referers only once.

i received spam stuff just today too, they dont appear in comment administration page.

thank u
d.

this spam is a new kind of spam which started just now

it has nothing to do with the new release, but with the stupidity of people with black brain and unused creativity which they can only use for SPAM and not for something more interesting ;=(

we are working on that to stop it

we are working on that to stop it

great.
your work is very appreciated. :)

my bad, i never think about the language files, ive never even touched them really, weird they dont allow that though

since pp 1.5 installed (3 days ago) I got 4 spammails, with 1.4 never....

i got 4 spams these days ...by using 1.4.
i ve never got spam!

if these spammails occur now, this for sure is not a fault of the new version

a new kind of spam started the last days, sending spam to the comment system of PP.
Thus, the comment notification mail is sent

we understood this and we are working on it.

But please take notice, that

1) SPAM is not the fault of the victim
2) with PP 1.5 you are far more safe than with PP 1.4
3) that the world is round and evil doers or stupid people have unbound creativity to annoy others

yep exactly those messages hit me the last 3 days too.. everyday one message :D (on pp 1.4.3)
thus i'll put up a "backported" version of the captcha-addon for 1.4.3 today.
(easier for me than updating and merging custom stuff :/ )

it's sad how much pixelpost is getting targeted by spammers. this new spam seems to be completely skipping the whole process of the form input since that was secured - which is annoying to say the least.

i haven't experienced any spam yet though, so we must be doing something right with some people's installs. it makes me wonder if some servers are more secure than others.

imho the current spamproblem is not a problem of the server itself.. if the bot directly POSTs to index.php?x=save_comment its just a question of who is listed where..

if the comments aren't making it through to your database then we've done something to stop them in that case - all we need is the same checks when an email notification is being created.

Not sure if this helps anyone, but I have been getting the same exact spam as David mentioned. I received the first one on Friday morning, before I even knew about the 1.5rc1 upgrade. I upgraded on Friday night, and have still received three more since.The spam is showing in both the comments and email. The comments all seem to hit the same image number.
Chris

@Joe[y]:
hmm i really don't know if there are any checks on the input or the message content which help to decide if its spam or not.

at least concerning the captcha there shouldn't be any mail if the code is not entered correctly (caused by line 959's exit command, in modified version of index.php for rc1).

or am i missing your point?

at least concerning the captcha there shouldn't be any mail if the code is not entered correctly (caused by line 959's exit command, in modified version of index.php for rc1).

i don't really know anything about the captcha or the modified index.php so you've lost me there i'm afraid.

i think i'm still having trouble understanding what exactly this new spam is doingand why it's different to the stuff we seemed to have stopped with 1.5.

as far as i'm understanding current spam, the bots are directly sending a POST to "index.php?x=save_comment" as mentioned before. the normal checks in the save routine are still active but can't see if its human or machine input.
imho the problem could also be delayed if you just rename the "save_comment" function to "save_my_comment".. but than it's only delayed until the bots get the info about the new function name..

direct spam-checking with known messages (like akismet does in a certain way) or additional necessary input which needs some real "human-brain-factor" (like captcha does in a basic way) are currently the way to go, imho

direct spam-checking with known messages (like akismet does in a certain way) or additional necessary input which needs some real "human-brain-factor" (like captcha does in a basic way) are currently the way to go, imho

i've heard mention of a captch which doesn't rely on images but rather on the user answering a simple logical question - perhaps somebody will consider this as an addon - which will rule out hopefully all machine input.

as far as human spam input - i really can't see a way to ever stop that entirely - other than i.p blocking - which we have already.

just received another the fifth one... i noticed that every mail comes from image no. 81:

http://www.davidebretti.it/?showimage=81
----------------------------------------------------------------------
yasmin lipitor cialis accutane klonopin effexor propecia glucophage meridia alprazolam ultram diabetes carisoprodol tadalafil norco
by Arnie - aamidon@tellink.net
----------------------------------------------------------------------

yes, they all go to #80 or #81 and they are not sent using the form
they are sent directly with the URL

it is our job to fix that URLs like this which try to enter data without sending them from the form will be blocked

we are working on that, it will be done soon, I hope

I have also received this spam. I have received 2 a day since Friday and they have all been posted to the same image, which is also # 81.

I considered just deleting this image entirely to see if it would stop.

Any thoughts?

I have yet to upgrade to 1.5rc, but from reading these threads I understand that this will not stop it. I also gather that the "spam-stoppers" which people have in their pop-up comments windows don't stop it either.

Are these assumptions correct?

Does anyone know if it's just Pixelpost sites which are affected?

Is anyone else only receiving them on the same image (81?)?

it is not PP specific, it is idiot specific ;=)

if there are scripts which work with parameters for getting special information and there are many (photoblogs, blogs, shops ....) and which accept form input, people will try to abuse the URL

there is no sense in deleting the image #81 from your photoblog, because the range of numbers goes from 0 to .....
do you want to delete all ?=)

the only protection is like everytime: accept that things like this can happen, that there is no absolute protection, that spam protection is always behind the spammers, that it is a long march,

and don't overestimate this special spam too much, it is just annoying, but it is not infecting something, not destroying something, just pesting in the comments and the incoming-email-basket

there are bigger risks in life!

please note that I do not underestimate this but I think it is discussed enough here,

we said already more than one time that the developers understood the problem and work on it
more we cannot do

"there are bigger risks in life!" - Thanks for putting it into context for me Connie.

After all, as you say, it is only an annoyance, nothing more.

I'll go take some photos instead of worrying about it!

since pp 1.5 installed (3 days ago) I got 4 spammails, with 1.4 never....
it's not related to the version of Pixelpost. it's related to the time they post. :D

This is definitely targeting image # 81, and 80 as well with a very long list of similar products.

spammers are back... and now spam comments get saved :(
here a shot from my admin:
http://img157.imageshack.us/img157/2180/immagine12vk.jpg

I got the same SPAM but Akismet caught them perfectly

I am getting the same spam, it began just before I upgraded to 1.5. and I was hoping 1.5 would stop it. Interestingly the last spam appeared and yet the IP for the spam comment does not show up in my statcounter - seems that they managed to spam me without a hit on the image page.

Akismet

emh... what is akismet? :D

emh... what is akismet? :D

http://akismet.com/