Gallery2 and Comment Spam BotNets

2007-06-14 ij

In his blog post about the m68k port he’s writing about the port being dead, because there’s simply no security support for it.

I have to admit that he might be right about it.

Although the m68k port is doing fine with keeping up, there are so many problems, that I doubt that m68k will be allowed to get back. My current list, of why m68k might be dead is:

There’s no security support for m68k
m68k has no glibc support in current versions (pthread thingie or so)
m68k is not in stable
packages are getting bigger and bigger and slower and slower all over the place
there is basically no interest in supporting m68k in the majority of DDs
some more minor reasons

I expect some of the above points to be taken against any possible re-inclusion of m68k, such as no security support and being not in stable, which is some sort of paradox because, you’ll guess it, m68k is not release with Etch and thus is not in stable. I guess this is difficult to understand when you’re not a m68k user, but from my point of view, this is forseeable because of past discussion about the status of m68k.
There had been spent so much energy on getting rid off m68k with the Vancouver Massacre, that it’s unlikely that a similar amount of energy will be spent to get m68k back in, because there wasn’t much energy spent for the time after Etch release. Ok, there was the introduction of etch-m68k on the mirrors, but as Joey already stated, that’s only part of the game.
There was a clear view of how to get rid off of m68k, but no vision of how m68k can exist outside of Etch. Now, the m68k support is basically gone, it’s even more problematic to keep up with other ports that are still considered for testing. The whole release infrastructure is based on the migration from unstable to testing. If a port doesn’t exist in testing, because it wasn’t released with the last stable, then it’s hard to get released with the next version of stable.

So, yes, I believe as well that m68k is pretty dead when no miracle happens soon…

11 thoughts on “Gallery2 and Comment Spam BotNets”

pabs says:

2007-06-14 at 14:51

Might want to try adding a regex to the fail2ban configs.
sdf says:

2007-06-14 at 16:00

you can disable the right to comment from non-logged in users via the permissions of the top-level album (or individual albums). just remove the right to add comments from the everyone group and add it for the “logged in users” group (the names of the groups can be a bit off – i'm translating from german here)
justfred says:

2007-08-01 at 18:07

I've had great success in my personal blog by just discarding any comments that have a url in them. Seems as if this would be a better option than capcha, or useful in addition, but I'm not really up to digging into the Gallery2 code to do it.
Anthony says:

2008-08-29 at 23:38

We have over 8000 porn-spam comments added in the last week. Despite capcha
I set up permissions as below. Changes are applied to sub-items. But I can still comment as guest so it's not working. Any ideas?

Registered Users [comment] Add comments
Everybody [core] View all versions
Everybody [comment] View comments
Site Admins All access
Ingo Jürgensmann says:

2008-09-03 at 11:10

Hmmm, well, I think I've disabled commenting at all in my Gallery, because I experienced similar problems. Either that or because the captcha was solved by some spam bots…
Anthony Steele says:

2008-09-03 at 12:24

I have now disabled comments on all gallerys that are one level under the root. This seems to have stopped the spam.

Do settings not ripple down if the lower level galleries' permisisons have already been customised.
Peter B says:

2009-03-26 at 13:54

Also had a shed load of comment spam on my Gallery2. Endless postings of URLs. Captcha was installed but I don't think it went through. Suspect that there is another way of posting through the system.

I ended up banning an IP range on my server. That stopped it – for now.
MrAnthony337 says:

2009-11-25 at 19:21

I have been hit for a few days now from a bot net. Too many IPs to really put in blocks easily, and they rotate through what appears to be sets of about 200 IPs per attack. I have commenting totally disabled on my site, and they're still doing it via a forced push through some of the Gallery software it seems.

Check your site access logs for the URL they're hitting and how they post the comment. I'm pretty sure there's a way to force the comment in via URL and thats how they're doing it.
Pure Anime Gallery says:

2010-01-03 at 23:36

Well my site is getting completely hammered by spamming. Captcha on the comment system seems to be invisible with this new wave of attacks. I'm getting spammed to death from random IPs every few minutes. The comments are full of links about gambling and porn. I've turned the comment system off completely.

Think I may have to get writing some code to enhance the captcha system.

I've checked the server logs, and there are three access requests. It requests a page, then brings up the comment, and submits the comment. And goes away again .. just 3 accesses are made. Until a few minutes later when they choose a different image to have a go at. Grrrr .. any ideas very much appreciated.
Ingo Jürgensmann says:

2010-01-04 at 09:07

Beside turning off comments completely, the only solution I see is to allow comments just for registered users or specific user groups.

Another way to handle the issue would be to block the spamming IP addresses and contacting the ISP via the abuse@ email address.
Uffe R. B. Andersen says:

2010-01-06 at 21:24

Below is a listing of Gallery2 comment spammer ip addresses, gathered from my webserver log for the last 3 days – you may use them in your firewall or in deny statement in your webserver:

{ 24.1.110.31, 24.107.247.171, 24.118.105.235, 24.12.25.13, 24.12.34.0, 24.129.61.153, 24.15.36.170, 24.15.57.61, 24.151.223.251, 24.159.187.4, 24.17.146.119, 24.17.235.92, 24.171.154.139, 24.18.167.222, 24.186.70.48, 24.187.100.171, 24.188.182.32, 24.189.168.97, 24.189.201.219, 24.19.23.26, 24.19.60.33, 24.191.63.170, 24.192.50.91, 24.2.239.121, 24.20.24.72, 24.21.83.141, 24.233.176.75, 24.239.11.171, 24.245.49.96, 24.47.132.214, 24.5.195.109, 24.6.107.198, 24.62.143.253, 24.8.209.59, 24.92.246.45, 24.98.90.114, 38.103.167.157, 41.213.126.7, 41.213.126.8, 58.120.227.83, 58.211.218.74, 58.213.114.254, 58.251.104.234, 58.49.58.57, 59.181.114.237, 59.52.97.41, 59.77.14.224, 59.90.2.79, 60.12.137.19, 60.190.81.235, 60.191.0.157, 60.208.119.2, 60.208.78.226, 60.214.83.91, 61.11.80.152, 61.145.163.200, 61.178.74.39, 61.19.237.87, 61.191.105.98, 61.32.46.4, 62.141.53.224, 62.243.224.179, 62.42.152.203, 62.60.136.28, 64.22.71.226, 64.251.151.91, 65.12.236.225, 65.98.224.5, 66.201.168.161, 66.215.185.208, 66.215.195.35, 66.229.221.39, 66.230.230.230, 66.249.65.14, 66.249.65.22, 66.249.65.24, 66.249.65.36, 66.249.65.37, 66.249.65.57, 66.41.166.217, 66.41.88.113, 66.96.16.32, 67.112.254.3, 67.165.59.30, 67.166.54.53, 67.172.72.90, 67.173.215.171, 67.181.153.93, 67.181.157.109, 67.185.147.100, 67.185.48.140, 67.191.102.221, 67.21.89.34, 67.21.89.8, 67.81.77.224, 67.82.218.172, 67.83.85.43, 67.84.3.66, 67.86.172.151, 68.101.164.153, 68.106.244.233, 68.107.94.28, 68.11.42.151, 68.187.144.231, 68.196.183.161, 68.199.167.30, 68.199.186.80, 68.206.14.56, 68.228.55.16, 68.250.190.160, 68.3.152.189, 68.32.88.68, 68.34.41.149, 68.35.210.84, 68.47.173.173, 68.48.253.56, 68.49.194.105, 68.50.75.81, 68.51.203.3, 68.52.174.155, 68.54.234.88, 68.58.31.75, 68.59.38.0, 68.61.123.188, 68.61.17.219, 68.81.214.168, 68.97.229.110, 69.112.99.24, 69.114.133.63, 69.114.195.139, 69.115.62.6, 69.118.186.33, 69.126.117.22, 69.127.2.157, 69.136.72.242, 69.137.212.198, 69.137.80.20, 69.14.71.164, 69.141.207.74, 69.143.92.0, 69.183.146.76, 69.232.32.140, 69.237.59.153, 69.246.228.237, 69.246.90.123, 69.253.206.9, 69.253.232.87, 69.254.155.142, 69.255.1.141, 69.46.128.54, 69.47.80.101, 69.71.222.187, 69.76.235.163, 70.171.8.105, 70.185.247.71, 70.190.139.119, 70.28.86.25, 70.79.239.200, 71.192.160.80, 71.193.97.183, 71.200.237.177, 71.205.227.48, 71.227.139.101, 71.231.56.189, 71.234.133.38, 71.236.9.88, 71.237.146.92, 71.237.34.56, 71.239.117.18, 71.56.130.8, 71.60.244.68, 71.82.63.222, 71.84.67.138, 71.87.98.107, 71.91.34.102, 72.193.57.108, 72.211.228.217, 72.241.51.156, 72.51.141.77, 74.192.178.30, 74.192.53.211, 74.193.212.49, 74.195.193.90, 75.101.170.6, 75.135.132.235, 75.138.169.54, 75.141.116.53, 75.141.215.117, 75.142.18.175, 75.36.180.88, 75.46.85.67, 75.63.3.116, 75.64.0.246, 75.64.115.195, 75.65.24.41, 75.68.3.250, 75.72.252.58, 75.73.27.107, 75.74.161.149, 75.82.247.208, 76.104.219.210, 76.105.203.115, 76.106.192.192, 76.109.144.214, 76.111.10.26, 76.111.52.68, 76.112.9.39, 76.113.20.249, 76.114.210.176, 76.115.161.194, 76.115.17.173, 76.119.74.199, 76.121.12.122, 76.124.255.19, 76.125.147.163, 76.170.233.89, 76.18.29.24, 76.18.8.63, 76.185.115.254, 76.20.228.209, 76.238.114.182, 76.31.251.69, 76.97.161.226, 77.222.131.40, 78.129.157.10, 78.142.140.194, 78.26.163.184, 79.190.64.90, 80.167.238.78, 80.37.121.146, 80.73.191.53, 80.98.154.82, 81.166.171.168, 81.169.155.246, 82.146.51.119, 82.225.127.196, 82.237.15.192, 82.237.24.132, 82.240.105.209, 82.245.160.96, 83.167.88.38, 83.91.86.29, 84.183.90.9, 84.22.122.5, 84.254.248.76, 85.214.73.63, 85.230.75.13, 87.106.208.182, 87.118.101.175, 87.118.104.203, 87.236.199.73, 87.254.156.250, 88.164.250.100, 88.167.169.85, 88.168.240.101, 88.171.234.189, 88.176.188.138, 88.187.125.143, 88.198.9.2, 88.80.28.3, 89.116.118.9, 89.248.169.109, 89.3.192.159, 91.135.244.13, 91.198.227.49, 92.238.238.230, 93.152.136.96, 93.90.181.143, 94.136.16.242, 94.158.111.63, 94.23.32.28, 94.41.65.98, 95.211.5.141, 95.221.2.49, 96.56.179.35, 98.127.94.244, 98.201.96.128, 98.203.236.60, 98.209.134.198, 98.211.230.110, 98.219.246.82, 98.223.35.108, 98.228.108.211, 98.228.162.11, 98.232.83.177, 98.243.11.171, 98.244.154.154, 98.247.183.39, 98.252.149.21, 99.228.245.237, 110.12.114.10, 110.46.99.102, 113.59.115.4, 114.235.81.44, 114.80.68.240, 115.108.168.48, 116.123.238.22, 116.48.17.6, 117.241.57.93, 117.25.129.200, 117.25.131.138, 118.194.65.14, 118.34.135.68, 119.145.199.110, 120.138.118.234, 121.10.117.225, 121.14.148.145, 121.179.87.130, 121.19.122.197, 121.204.0.20, 121.247.210.22, 121.28.143.92, 121.28.34.69, 121.32.89.4, 122.227.68.42, 122.3.146.43, 122.47.109.28, 123.138.18.114, 123.201.197.33, 123.201.84.249, 123.204.54.17, 123.236.232.64, 124.123.140.81, 124.124.19.245, 124.244.15.67, 124.244.251.180, 125.46.49.131, 139.102.90.106, 143.225.175.45, 150.201.62.143, 150.70.84.154, 150.70.84.27, 155.230.105.25, 155.97.193.183, 160.80.83.117, 173.16.149.200, 173.16.149.255, 173.2.63.102, 173.2.76.71, 173.212.0.166, 173.22.115.119, 173.62.201.193, 173.80.24.177, 174.102.87.18, 174.129.133.196, 174.5.180.250, 174.54.88.68, 174.54.90.162, 174.55.83.151, 174.57.55.84, 174.70.47.133, 188.122.245.114, 188.16.66.160, 188.165.47.11, 188.2.182.175, 189.18.150.70, 189.91.21.68, 190.153.50.107, 190.196.73.187, 192.251.226.206, 193.86.233.2, 195.184.125.162, 201.201.174.126, 201.40.127.10, 201.53.202.74, 201.70.124.212, 201.92.148.99, 202.202.111.150, 202.41.155.179, 202.91.245.109, 203.186.250.133, 203.198.126.43, 204.188.230.2, 204.8.156.142, 207.134.155.238, 208.59.124.163, 208.75.212.156, 208.75.88.34, 208.98.181.107, 209.105.150.237, 210.6.45.218, 211.138.249.178, 211.139.6.167, 211.142.24.122, 211.209.220.23, 211.76.81.48, 212.225.176.231, 212.227.107.220, 212.233.204.178, 212.42.236.140, 212.50.79.134, 213.108.204.86, 213.112.108.246, 213.251.189.204, 216.104.15.130, 216.104.15.138, 216.129.119.43, 216.224.124.124, 217.114.215.227, 218.164.180.98, 218.25.59.156, 218.25.99.135, 218.28.103.146, 218.6.144.218, 218.77.129.97, 219.231.137.96, 219.234.95.130, 219.252.44.66, 221.192.236.122, 221.221.147.215, 222.106.131.46, 222.171.28.244, 222.178.10.253, 222.178.58.117, 222.186.33.86, 222.77.187.157 }

Comments are closed.