Advanced search  

News:

cpg1.5.46 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: SPAM flood despite the use of reCAPTCHA plugin  (Read 6169 times)

0 Members and 1 Guest are viewing this topic.

metropolis2003

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
SPAM flood despite the use of reCAPTCHA plugin
« on: November 06, 2012, 05:42:24 pm »

I am running various instances of Coppermine on different websites.

The unregistered group is (was) allowed to post comments and I protected posting with the reCAPTACHA plugin.

But all of the galleries are flooded with SPAM each and every day now, the captcha challenge seems to be completely useless.

Is this a bug in Coppermine, the reCAPTCHA module or is reCAPTCHA not to be used anyway anymore because it has been cracked?

Are there any alternatives to avoid spam?
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1498
  • aka 'i-imagine'
    • Home Page
Re: SPAM flood despite the use of reCAPTCHA plugin
« Reply #1 on: November 07, 2012, 12:46:12 am »

Which version of the plugin are you running? Posting a link to your Coppermine Gallery would not only be helpful,
it is one of the board rules...

How many spams per day / per gallery are you seeing?

Also, try to understand that no captcha system can stop human spammers. Search here
and on the web for the topic and you will find that people are paid to solve captchas.

metropolis2003

  • Coppermine newbie
  • Offline Offline
  • Posts: 12
Re: SPAM flood despite the use of reCAPTCHA plugin
« Reply #2 on: November 07, 2012, 12:54:23 pm »

I am using AJAX reCaptcha (recaptcha): v2.0 in Coppermine 1.5.20.

You may have a look at http://www.schloss-einstein-girls.info/cpg but currently I disabled posting for Guests as this was the only way to stop spamming.

I was getting about 25-50 posts per day and they came in in "waves" (i.e. six - eight posts within a few secondes, then peace and then the same a few hours later).

While I know that there may be paid spammers, I more believe that automated bots are working here because of the "waves" with some posts within a very short time period.

I am surprised that nobody else seem to have this problem as I have it on some websites that are all independent from each other.
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1498
  • aka 'i-imagine'
    • Home Page
Re: SPAM flood despite the use of reCAPTCHA plugin
« Reply #3 on: November 08, 2012, 03:07:11 am »

The opinions on reCaptcha Groups on Google is that it is mainly human solvers
filling in captchas for robot generated spam.

See this post where someone has tried a different captcha, having not seen it,
I can't say how well it works. I have also posted some other suggestions here in this forum.

http://forum.coppermine-gallery.net/index.php/topic,75376.0.html

Craig Walsh

  • Coppermine regular visitor
  • **
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 51
    • Lucies Farm Ltd.
Re: SPAM flood despite the use of reCAPTCHA plugin
« Reply #4 on: July 20, 2013, 06:35:27 pm »

I just had semi-monthly session deleting hundreds of spam messages.  They seem to be the work of human spammers because each one makes a brief (and often amusingly ungrammatical) comment about the particular image, and then tries to sell fake Vuitton handbags or the other things that spammers "sell."

The comments have one thing in common -- they all include a URL.  That is, I suppose, the whole point of the exercise for the human spammers.  There's no point paying someone to add facetious comments to our Coppermine site if not to direct or increase traffic to their own site.

Is there a way, therefore, of stopping human spammers from including a web address (clickable or otherwise) in their comment?  I use the bad word filter -- similarly, is there a plug in or filter that would stop web addresses or e-mail addresses?

Our CPG site does not allow registration, and I have periodically shut off the ability for anyone to post comments in the hope that the human spammers would go away.  But when I re-enable comments, they soon come back.

In my perfect world, I'd love to have the ability for folks to add comments -- but comments that do not include web addresses.

We have a CMS site at www.poico.com -- lots of nice comments on the various pages, but folks can't post clickable URL's -- so virtually no spam comments. 

Any suggestions most welcome.  Our CPG site is www.bark.ch.

Thanks,

Craig
Logged
Craig Walsh
CPG Photo Gallery - www.bark.ch
Member of the Association of Photographers (AOP)

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: SPAM flood despite the use of reCAPTCHA plugin
« Reply #5 on: August 20, 2013, 05:06:55 pm »

What's your preferred solution? Disable the clickable URLs, automatically remove them or deny comments with URLs?
Logged

scifiguy

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Re: SPAM flood despite the use of reCAPTCHA plugin
« Reply #6 on: August 25, 2013, 07:30:03 pm »

What's your preferred solution? Disable the clickable URLs, automatically remove them or deny comments with URLs?
It would be nice if those options were choosable in the adming but if I have to pick one I'd deny comments with URL's.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: SPAM flood despite the use of reCAPTCHA plugin
« Reply #7 on: September 03, 2013, 12:07:51 pm »

Open db_input.php, find
Code: [Select]
$akismet_approval_needed = 0;and above, add
Code: [Select]
    if ($msg_body != make_clickable($msg_body)) {
        cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
    }

Feel free to adjust the error message.
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1498
  • aka 'i-imagine'
    • Home Page
Re: SPAM flood despite the use of reCAPTCHA plugin
« Reply #8 on: October 08, 2013, 12:56:02 am »

Is this a bug in Coppermine, the reCAPTCHA module or is reCAPTCHA not to be used anyway anymore because it has been cracked?

Something has gone very wrong with reCaptcha recently - I too am getting a lot of spam through since about a few weeks to one month ago.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: SPAM flood despite the use of reCAPTCHA plugin
« Reply #9 on: October 08, 2013, 09:09:36 am »

That's maybe an issue at reCAPTCHA rather than the plugin. If it rejects your input if you enter wrong/no captcha code, it works as expected.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: SPAM flood despite the use of reCAPTCHA plugin
« Reply #10 on: October 09, 2013, 10:37:30 am »

For your information, I just released a new CAPTCHA plugin: http://forum.coppermine-gallery.net/index.php/topic,76723.0.html
Logged
Pages: [1]   Go Up
 

Page created in 0.019 seconds with 21 queries.