[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sat, 17 Apr 2010, Neil Williams wrote:
On Sat, 17 Apr 2010 22:42:47 +0100 (BST) Gordon Henderson <gordon+dcglug@xxxxxxxxxx> wrote:On Fri, 16 Apr 2010, Neil Williams wrote:The abuse of a few have caused permanent and irrevocable harm to all; blame the spammers using our site to push illegal content, not me. The DCGLUG site is not Wikipedia, we don't have the resources to deal with automated abuse.It sounds like someone (probably not a list member, but maybe is?) has been defacing the website or posting blatant commercial spam to it, but...No 'but' is necessary, that was what was happening - several times an hour. The attempts continue and are visible to admins via the logs but the change in config blocks all attempts to create new users, refresh deleted users or log in with the previous usernames.
Ah, OK.
Care to post a brief summary?You just did. I'm glad I locked the site and fixed the problems before too many people noticed. Some did. The site config tried to stop certain spam methods but such heuristics were not enough.
I think the spammers do have some clever tools these days, but something like Drupal is going to be relatively easy to "script" - as it's all avalable to you.
I had a customer recently write their own form to email thingy... They thought that since it was custom written and mostly hidden with form variables that weren't obvious that it would be safe... Sadly not and once it was discovered by the spammers it wasn't long before it was abused, so they either have lots of humans doing the work or some clever and adaptable tools....
Constant vigilance (as someone once said!) Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html