Olympus-OM
[Top] [All Lists]

[OM] TOPE has been "spam-hacked" and a word or two about TOPE 30...

Subject: [OM] TOPE has been "spam-hacked" and a word or two about TOPE 30...
From: Olaf Greve <o.greve@xxxxxxx>
Date: Tue, 8 May 2007 14:23:32 +0200
Hi,

Recently I found out that my webserver was acting weird: without  
apparent reason, the webserver software (Apache) started pulling the  
CPU towards 100%, around the time that "the USA wakes up" (i.e.  
around midday over here).
Consequently, I took some measures to figure out where the issues  
came from, and using Apache's "server-status" handler, I noticed the  
script that caused Apache to choke up (i.e. grab an excessive amount  
of resources), was the TOPE "show entry" script, when specific  
entries were viewed.
I wondered why, as this script never caused trouble before, and while  
checking the server status I did notice that the "store comments"  
script was called very often. Too often. I checked out the sizes of  
the comments files, and lo and behold: some of them were as big as  
18Mb! The main issue then becoming that these files are parsed as  
text by PHP when an entry is shown, and this either takes a long time  
to complete, or in the worst case causes such an excessive load on  
the CPU, that other server processes (like sendmail) went to a "stand- 
off" state. When checking the contents of those files, it became  
apparent that they were completely hammered with all sorts of typical  
commercial spam, referring to vi*gr* websites, etc.
This is known as "forum spam" (I think), but TOPE uses custom  
scripts, so someone must have found the URL, and made use of it by  
manually figuring out the parameters and it's functionality.

For now, I have configured the webserver so, that ANY call to the  
"store comments" script is forbidden, and will simply generate a  
standard server error (hopefully the spammers will signal these  
server errors, and will stop the hack attempt), while I am looking  
into a better solution (e.g. by having to type additional text (anti- 
spam challenges) when posting a comment). Therefore, for now the  
comments script doesn't work, so I kindly request you all to not try  
to leave any comments, until I indicate on the list that it is safe  
to use the script again.

Unfortunately this has already caused me quite some time, and will  
cost me a good few hours more to completely correct the mingled  
comments files of the various entries (this has to be done manually),  
so I want to punish the resposible people as much as possible, and  
will go through the Apache access log to work out the IP addresses of  
the machines that were used for this, and I will report them to the  
proper anti spam authorities, such that they will be blacklisted  
Internet wide. If anyone knows of good places to do so (the more, the  
merrier), I welcome hearing about them...

Then, this of course takes precedence for me over launching TOPE 30,  
and as I hadn't announced the end of the shooting season for that  
yet, I will extent that to include the coming weekend, after which  
the normal cycle of 2 weeks submission time, followed by the initial  
launch, etc, will take place.
That should give me plenty of time to get the other issue fixed, and  
you then still have a few more days to take pictures for TOPE 30. :)

Alrighty, over and out for now, but this is definitely to be  
continued...

Cheers,
Olafo


==============================================
List usage info:     http://www.zuikoholic.com
List nannies:        olympusadmin@xxxxxxxxxx
==============================================

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz