Spam problem ! I found over 200 spam comments !

mcemrn

Joined: 2013-02-17
Posts: 20

Posted: Sun, 2014-03-16 14:39

Hello everybody, today i found over 200 spam comments (with links etc...) Bot-Generated...
I see that in Gallery 3 there is no capthca plugin for posting comments and there is not an option to "all comments needs Admin approval"...

This makes Spambots the life simple...

For now i will disable the comments module waiting for a solution...

Any idea ? Thanks...

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Mon, 2014-03-17 01:42

Quote:

in Gallery 3 there is no capthca plugin

Yes there is... it is called reCAPTCHA

Dave

_____________________________________________
Blog & G2 || floridave - Gallery Team

mcemrn

Joined: 2013-02-17
Posts: 20

Posted: Mon, 2014-03-17 08:13

floridave wrote:

Quote:

in Gallery 3 there is no capthca plugin

Yes there is... it is called reCAPTCHA

Dave

_____________________________________________
Blog & G2 || floridave - Gallery Team

I searched it in modules here but didn't find it

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Mon, 2014-03-17 19:30

It comes with the default distribution. Care to contribute back by creating the docs?

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

agusalsa

Joined: 2014-03-21
Posts: 18

Posted: Tue, 2014-04-01 15:09

reCAPTCHA fails, I can register myself even I enter the wrong code. If code is 36325455 and I enter 36325458 it read it as correct.

h_s

Joined: 2009-06-26
Posts: 43

Posted: Tue, 2014-04-08 20:45

I have some difficulties with the recaptcha module as well unfortunately, resulting in lots of spam.

Things I have noticed:

*) URL to the recaptcha has changed. This is not updated in admin_recaptcha.html.php (see <https://github.com/gallery/gallery3/blob/master/modules/recaptcha/views/admin_recaptcha.html.php>). Therefore the recaptcha test is not displayed in the admin panel.

*) Since I have a setup with a domain alias, a hint to get it to work is to set a keypair as global key when keys are created on the recaptcha website!

*) If I block google.com (e.g. with "NoScript" Addon in Firefox) the captcha is never displayed and I can send messages / post comments without going through the captcha process.

Any ideas how to prevent this circumvention?

Kind regards,

h_s

xeta

Joined: 2011-11-24
Posts: 42

Posted: Sat, 2014-04-26 07:40

@h_s

It seem you are right, the address for the verification Server have changed. The recaptcha module actually dont work.

I have also checked the latest snapshot of gallery and there this issue is the same.

I tried to figure out the changes myself but I didnt get it to work

www.xeta.at

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Sun, 2014-05-04 20:34

I think I have fixes some of these issues.
I got the admin page get the recapcha test.
I got a workaround for the "NoScript" addon in firefox. Please test here: http://www.langleycom.com/gallery3/index.php/Andrew and let me know your results.

Will post code once I get some feedback.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

h_s

Joined: 2009-06-26
Posts: 43

Posted: Mon, 2014-05-05 06:34

Dear Dave,

Thank you very much for your effort.

I just tested the link you provided and now it works great for me!

Captcha is requested as it should be.
With javascript disabled you can't post; i.e. the noscript workaround is no longer possible

Another general thing: Captchas are to me really annoying. I am just curious how other G3 users handle the spam problem?!

E.g. in wordpress there is a plugin called http://antispambee.com/ which analyses the comment and decides if it is spam or not (i.e. a spam filter). My experience so far is 100% good. No false positiv/negativ at all! And the user experience is not disturbed.

In another website I use a very simple "captcha", where the user has to add two one-digit numbers as a test (for expample: 4+2 = ??). It is simple and has so far worked very well.

Kind regards

h_s

xeta

Joined: 2011-11-24
Posts: 42

Posted: Tue, 2014-05-06 09:32

Dear Dave,

On your test link the same problem occurs like on my own page: The captcha accepts also wrong inputs.

But I am not sure what is the reason for that!

www.xeta.at

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Tue, 2014-05-06 13:49

xeta,
Are you able to get past with TWO wildly different words? From the recaptch wiki:

Quote:

reCAPTCHA consists of two words: a verification word, to which the reCAPTCHA server knows the answer and a read word which comes from an old book. The read word is not graded (since the server is using human guesses to figure out the answer). As such, this word can be entered incorrectly, and the CAPTCHA will still be valid. Each read word is sent to multiple people, so incorrect solutions will not affect the output of reCAPTCHA.

On the verification word, reCAPTCHA intentionally allows an "off by one" error depending on how much we trust the user giving the solution. This increases the user experience without impacting security. reCAPTCHA engineers monitor this functionality for abuse.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

xeta

Joined: 2011-11-24
Posts: 42

Posted: Wed, 2014-05-07 05:44

Dave,
Its clear to me that read word is not verified/checked. But till your last post I was not aware that verification word allows "off by one". In this case your Link seems to work pretty well.

Thanks

www.xeta.at

MarkRH

Joined: 2007-05-25
Posts: 241

Posted: Thu, 2014-05-08 10:13

I just use the Akismet module: http://codex.galleryproject.org/Gallery3:Modules:akismet which comes with Gallery as well I believe.

I use it in my WordPress blog also so I use the same API key. It's caught all the spam I've had, up to 500 now.
Although, the stats page in the gallery is kind of messed up as it counts the Spam Detected as Missed Spam at the same time, which is wrong because it didn't miss it(?). I just haven't bothered to find out why. Every now and then I'll go in and empty the Spam that it caught.

- Mark H.

Using Gallery 3.0.9 - gallery.markheadrick.com

undagiga

Joined: 2010-11-26
Posts: 693

Posted: Sat, 2014-07-05 07:12

I'm coming to this a bit late. I'm suddenly getting a lot of email spam because of this problem. I've looked all over the forum and I can't find the code needed to fix reCAPTCHA. I'm on the road for some weeks with not a lot of time to research this. Can someone please summarise what I need to do to quickly fix this, or point me to the fix?

floridave

Joined: 2003-12-22
Posts: 27300

Posted: Sun, 2014-07-06 05:30

Not extensively tested but it should work.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

undagiga

Joined: 2010-11-26
Posts: 693

Posted: Sun, 2014-07-06 06:52

Thank you Dave - much appreciated. I'll let you know how I go.

h_s

Joined: 2009-06-26
Posts: 43

Posted: Sun, 2014-07-06 10:31

Thank you very much Dave!

h_s

mcemrn Joined: 2013-02-17 Posts: 20	Posted: Sun, 2014-03-16 14:39
	Hello everybody, today i found over 200 spam comments (with links etc...) Bot-Generated... I see that in Gallery 3 there is no capthca plugin for posting comments and there is not an option to "all comments needs Admin approval"... This makes Spambots the life simple... For now i will disable the comments module waiting for a solution... Any idea ? Thanks...
	XUser login Username: * Password: * Create new account Request new password
floridave Joined: 2003-12-22 Posts: 27300	Posted: Mon, 2014-03-17 01:42
	Quote: in Gallery 3 there is no capthca plugin Yes there is... it is called reCAPTCHA Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

mcemrn Joined: 2013-02-17 Posts: 20	Posted: Mon, 2014-03-17 08:13
	floridave wrote: Quote: in Gallery 3 there is no capthca plugin Yes there is... it is called reCAPTCHA Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team I searched it in modules here but didn't find it

floridave Joined: 2003-12-22 Posts: 27300	Posted: Mon, 2014-03-17 19:30
	It comes with the default distribution. Care to contribute back by creating the docs? Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

agusalsa Joined: 2014-03-21 Posts: 18	Posted: Tue, 2014-04-01 15:09
	reCAPTCHA fails, I can register myself even I enter the wrong code. If code is 36325455 and I enter 36325458 it read it as correct.

h_s Joined: 2009-06-26 Posts: 43	Posted: Tue, 2014-04-08 20:45
	I have some difficulties with the recaptcha module as well unfortunately, resulting in lots of spam. Things I have noticed: ) URL to the recaptcha has changed. This is not updated in admin_recaptcha.html.php (see <https://github.com/gallery/gallery3/blob/master/modules/recaptcha/views/admin_recaptcha.html.php>). Therefore the recaptcha test is not displayed in the admin panel. ) Since I have a setup with a domain alias, a hint to get it to work is to set a keypair as global key when keys are created on the recaptcha website! *) If I block google.com (e.g. with "NoScript" Addon in Firefox) the captcha is never displayed and I can send messages / post comments without going through the captcha process. Any ideas how to prevent this circumvention? Kind regards, h_s

xeta Joined: 2011-11-24 Posts: 42	Posted: Sat, 2014-04-26 07:40
	@h_s It seem you are right, the address for the verification Server have changed. The recaptcha module actually dont work. I have also checked the latest snapshot of gallery and there this issue is the same. I tried to figure out the changes myself but I didnt get it to work www.xeta.at

floridave Joined: 2003-12-22 Posts: 27300	Posted: Sun, 2014-05-04 20:34
	I think I have fixes some of these issues. I got the admin page get the recapcha test. I got a workaround for the "NoScript" addon in firefox. Please test here: http://www.langleycom.com/gallery3/index.php/Andrew and let me know your results. Will post code once I get some feedback. Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

h_s Joined: 2009-06-26 Posts: 43	Posted: Mon, 2014-05-05 06:34
	Dear Dave, Thank you very much for your effort. I just tested the link you provided and now it works great for me! Captcha is requested as it should be. With javascript disabled you can't post; i.e. the noscript workaround is no longer possible Another general thing: Captchas are to me really annoying. I am just curious how other G3 users handle the spam problem?! E.g. in wordpress there is a plugin called http://antispambee.com/ which analyses the comment and decides if it is spam or not (i.e. a spam filter). My experience so far is 100% good. No false positiv/negativ at all! And the user experience is not disturbed. In another website I use a very simple "captcha", where the user has to add two one-digit numbers as a test (for expample: 4+2 = ??). It is simple and has so far worked very well. Kind regards h_s

xeta Joined: 2011-11-24 Posts: 42	Posted: Tue, 2014-05-06 09:32
	Dear Dave, On your test link the same problem occurs like on my own page: The captcha accepts also wrong inputs. But I am not sure what is the reason for that! www.xeta.at

floridave Joined: 2003-12-22 Posts: 27300	Posted: Tue, 2014-05-06 13:49
	xeta, Are you able to get past with TWO wildly different words? From the recaptch wiki: Quote: reCAPTCHA consists of two words: a verification word, to which the reCAPTCHA server knows the answer and a read word which comes from an old book. The read word is not graded (since the server is using human guesses to figure out the answer). As such, this word can be entered incorrectly, and the CAPTCHA will still be valid. Each read word is sent to multiple people, so incorrect solutions will not affect the output of reCAPTCHA. On the verification word, reCAPTCHA intentionally allows an "off by one" error depending on how much we trust the user giving the solution. This increases the user experience without impacting security. reCAPTCHA engineers monitor this functionality for abuse. Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

xeta Joined: 2011-11-24 Posts: 42	Posted: Wed, 2014-05-07 05:44
	Dave, Its clear to me that read word is not verified/checked. But till your last post I was not aware that verification word allows "off by one". In this case your Link seems to work pretty well. Thanks www.xeta.at

MarkRH Joined: 2007-05-25 Posts: 241	Posted: Thu, 2014-05-08 10:13
	I just use the Akismet module: http://codex.galleryproject.org/Gallery3:Modules:akismet which comes with Gallery as well I believe. I use it in my WordPress blog also so I use the same API key. It's caught all the spam I've had, up to 500 now. Although, the stats page in the gallery is kind of messed up as it counts the Spam Detected as Missed Spam at the same time, which is wrong because it didn't miss it(?). I just haven't bothered to find out why. Every now and then I'll go in and empty the Spam that it caught. - Mark H. Using Gallery 3.0.9 - gallery.markheadrick.com

undagiga Joined: 2010-11-26 Posts: 693	Posted: Sat, 2014-07-05 07:12
	I'm coming to this a bit late. I'm suddenly getting a lot of email spam because of this problem. I've looked all over the forum and I can't find the code needed to fix reCAPTCHA. I'm on the road for some weeks with not a lot of time to research this. Can someone please summarise what I need to do to quickly fix this, or point me to the fix?

floridave Joined: 2003-12-22 Posts: 27300	Posted: Sun, 2014-07-06 05:30
	Not extensively tested but it should work. Dave _____________________________________________ Blog & G2 \|\| floridave - Gallery Team

undagiga Joined: 2010-11-26 Posts: 693	Posted: Sun, 2014-07-06 06:52
	Thank you Dave - much appreciated. I'll let you know how I go.

h_s Joined: 2009-06-26 Posts: 43	Posted: Sun, 2014-07-06 10:31
	Thank you very much Dave! h_s

Spam problem ! I found over 200 spam comments !

XUser login