Geeklog Forums

Hi, i have had very bad problems with comment spam, which have forced me to upgrade to a new version of geeklog in the hope that that would have been fixed. Unfortunately, this is not the case.

Here is a link to the vulnerability that i being used on my website to post obscene links and corrupting my comments database.

Major Vulnerability

Can you be more specific, please? That link points to an old discussion on Full Disclosure that lists a lot of (mostly unconfirmed and/or incorrect) issues in Geeklog and some plugins. The issues in Geeklog are, to my knowledge, all fixed by now.

bye, Dirk

Thing I dont understand is how they can say it effects ver 2 and that has not even been released yet???

I know from my research and my involvment that GL devs take security very seriously.

obviously the hole is in his head

Pretty much anything coming from Lorenzo Hernandez Garcia-Hierro can be ignored.

Two things I forgot to mention:

1. Look at the date of that Full Disclosure post - September 2003. We had a story about that at the time (here) and whatever we could reproduce from that report has since been fixed.


2. None of the issues discussed in that post could be used for spamming.

I can only assume that "Mike" was panicking or something when he wrote this ...

bye, Dirk

Sorry for the delay in this response hopefully it will bump back up to the top. The link to the vulnerability is old but the fact remains that i am experiencing it first hand.

Here is a link to my website. Your help is much appretiated.

Please take a close look to latest comments in the right hand side block.

My University website

This site used to be very populated and fun until this last attack. I got extremely busy in my university career and now the site plummeted to an extreme low due to this bad spam attack.

I am unsure of how to solve the problem.
It's Geeklog 1.3.11.

Use the spamx feature. This is not a security hole, but a comment spammer.

I have SpamX enabled, here is what SpamX says about the comments you see on my website:


I must be on some kinda drug but i could have sworn going through the logs and having seen an SQL injection, and a good one I must add because it also took care of updating the IP. I wish i could find it in the massive error log i have but it is clear that it's not the usual spamming in which a bot just submits comments.
We are talking about SQL injection. It has corrupted my database by overwriting other people's comments. And it is doing it it all the time.

After doing my own research i have found that doing the SQL injection attack i have mentioned earlier worked. After that I installed the new Geeklog. As you can see from my website, even that didn't help.

I think Geeklog is the best soft out there, and it's probably someone picking on my website because it got so popular.

Ummm thats a comment spammer.

With the SpamX plugin you can ban the links and the text they are posting.

There are also two add-ons here and here that allow you to ban by IP too.

This will stop further attacks from those IP addresses. It will also ban future incidents via language.

Don't overereact and take this advice you will see it is not the big deal you think it is.

I have the same spam comments on my site. Um HAD, because I added the terms to my personal blacklist and mass-deleted comment spam and they went. Now I won't get any more of those comments, because they are on my blacklist. My site runs 1.3.11 and they were inserted by regular comment posting, not SQL Injection, and they were IDENTICAL comments.

hi i just posted on your site without loging in
so give this a try
edit your gonfig.php file at around line 314
from 0 to 1

Yah it's an intentional feature i left out because it would encourage people to share their thoughts without fear of bein alienated. We are a rather small community.

I will block anonymous posting and will also try a few of those other things you suggested. I am guessing there are two types of comment spam by this individual/s. The first one took advantage of an SQL injection. When i upgraded you guys fixed that vulnerability so the spammer had nothing left to do other than doing normal comment spam.

I will give those a try. Too bad the original spam attack has corrupted many of the posts in my database.

Thanks.

yes it is to bad

Mike,

Can you post or email the logs that show the SQL injection attacks? As far as I know, we've never seen a successfull SQL injection attack against Geeklog. Even though the upgrade has fixed your problem, I'd still be interested in understanding the attacker's exploit.

Thanks,
Vinny