BlogEngage Demonstrates Why Autopligg Is Bad And Enabling ReCaptcha Is Essential

BlogEngage a social bookmarking website dedicated to bloggers and their topics would seem to have had their defenses down and become the target of an Autopligg bot attack. The weakness is that BlogEngage are using the standard pligg captcha method which is easily bypassed and has been broken for some time. Several spam stories have already been promoted to the BlogEngage published section in quick succession.

What is Autopligg and how does it work, well we have previously reported on the tool here “AutoPligg Spam Tool: Pligg Spam Just Got A Whole Lot Worse“. However basically it’s a program that creates fake user accounts then submits articles to your pligg site for those fake accounts to vote upon.

It’s also the reason you should use ReCaptcha as you spam defense on registration, BlogEngage unfortunatley is using the default pligg captcha which AutoPligg can bypass. If you are wondering just how AutoPligg can bypass the default pligg Captcha read this article “How to crack Pligg’s Default captcha“.

Below are some images of the AutoPligg incident.

Screenshot 1: Stories Just submitted, voted and Promoted by bot.

Screenshot 2: Autopligg doing some Auto Voting of articles with fake user accounts.

Screenshot 3: AutoPligg finished voting upon the spam articles.

Screenshot 4: A fake story example 1 showing the fake users who voted to promote.

Screenshot 5: A fake story example 2 showing the same fake users who voted to promote story example 1.

A note to all pligg website owners Enable ReCaptcha. And i think this is the first time i have seen Fish spam?.

Visit: www.blogengage.com

If you enjoyed this post, make sure you subscribe to my RSS feed!

Article Details

#

Author: on October 23rd, 2008

Category: Pligg, Pligg Sites

Tags: , , , ,

  1. Andrey says:

    where you can get a template?
    I saw that another site is working on this template
    http://digg.co.in/

  2. catchpen says:

    Amazing how far spammers will go. Ridiculous!

    @ Andrey
    http://club.cmstheme.com/ Word has it they’re working on making their templates SWCMS compatible.

  3. umasankar says:

    http://digg.co.in is based pligg cms and template is brought at http://club.cmstheme.com

  4. Geoserv says:

    Luckily Brian and I caught this about 1 hour after it started and removed them pretty quickly.

    @Audrey, I have a few FREE Pligg templates at http://www.pliggs.com, I will be making them SWCMS compatible soon.

  5. bbrian017 says:

    I stopped this by adding the confirmation e-mail modification!

    Dam spammers there’s no winning and as Geoserve said we got it about an hour later! The reality is I can’t always be at the website and eventually this will get by me.

    Thanks to Geoserve for helping out with deleting and banning spam url’s!

    I’ll look into setting up ReCaptcha this evening but it appears the e-mail confirmation stopped this all together!