proftpd and SQL uid

For about two weeks now it seems that a botnet is attacking one of my Gallery2 installations in order to either comment spam me or to solve the captchas:


121.132.186.55 – – [14/Jun/2007:09:09:27 +0200] “POST /main.php?g2_GALLERYSID=4cc6b5e4b7ce4a207957a07c081b6f65 HTTP/1.1” 200 12167 “http://gallery.foobar.net/main.php?g2_GALLERYSID=631acbacb15f2cfb83cdaf592721c082” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)” 0 gallery.foobar.net
121.132.186.55 – – [14/Jun/2007:09:09:30 +0200] “GET /main.php?g2_view=comment.AddComment&g2_itemId=7152&g2_return=
main.php%3Fg2_itemId%3D7152%26&&g2_returnName=photo HTTP/1.1” 200 10349 “http://gallery.foobar.net/main.php?g2_view=comment.AddComment&g2_itemId=
7152&g2_return=main.php%3Fg2_itemId%3D7152%26&&g2_returnName=
photo” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)” 0 gallery.foobar.net
121.132.186.55 – – [14/Jun/2007:09:09:32 +0200] “POST /main.php?g2_GALLERYSID=b45c76223a933ba3bed6e09a9589a6cd HTTP/1.1” 200 12081 “http://gallery.foobar.net/main.php?g2_view=comment.AddComment&g2_itemId=
7152&g2_return=main.php%3Fg2_itemId%3D7152%26&&g2_returnName=
photo” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)” 0 gallery.foobar.net

Sadly Gallery2 seems to not offer the configuration option to disable comments for non-authorized/logged-in users, just only to disable captchas for some users/groups, but apparently disabling captchas for guests seems totally wrong for me.
Currently I’m blocking the hosts with an iptables rule whenever I see an attacking host by accident, but I guess that there should be a better option…

Uncategorized