DesignFloat The Popular Pligg Site Gets Spam Attacked

Posted by Lincoln in Pligg on Friday, June 6th 2008   

Digg it

Bookmark it

Stumble it

Mixx It

dfloat_125x125.gifMany times before here at Social CMS Buzz we have spoken about outstanding vulnerabilities within the Pligg CSM system related to spam attacks, it seems today DesignFloat.com has come under siege and is experiencing some nasty pligg spam related problems in one of these attacks. This is of concern to pligg webmasters as DesignFloat is an established pligg site that use’s all the available method’s of prevention currently available for Pligg.

Pligg webmasters and developers alike have been aware of the automated bot spam that the Pligg CMS system is becoming renowned for, it’s rare we actually see an attack taking place or have any images of how bad these attacks can be for a pligg site.

DesignFloat today and even at the time of writing is suffering one of these attacks on a massive scale, the entire upcoming section from page 1 up to page 8 has been spammed in the Business & Freelancing category with around 160+ entries from outlook-express-forum.de.

You can see from the image below the extent of the attack.
designfloat.spammed.jpg

As you can see from above the attack is pretty severe and is happening too fast to be human, these type of attacks can really cripple a site and take a lot of time to block the attacker then clean out the spam entries. With pligg having no way of actually deleting stories that’s where one of the major downfalls of the Pligg CMS system stand out.

Pligg also now haven’t released a version of the system for over six months and with a recent admission from the developers that v1.0 will be more of the same with some little fixes the future isn’t bright. Excruciatingly slow development intervals and 6 month old vulnerabilities all add up to the situation we are seeing today, it’s also the main casue of pligg’s traffic drop as users aren’t visiting pligg.com as much as they used too.

I really hope Andrew over at DesignFloat can solve the issue soon and it doesn’t open the gate for others with different domains and IP’s to exploit the same vulnerability.

Visit: DesigFloat

Popularity: 24% [?]



If you enjoyed this post, make sure you subscribe to our RSS feed!

  

This post was written by:

Lincoln - who has written 182 posts on Social CMS Buzz.

Founder of Social CMS Buzz and a fan of all things open source, social and design related.

Contact the author

Web: http://socialcmsbuzz.com

Related Content

Subscribe to the post comments feeds or Leave a trackback


Tags: , , , ,

10 Comments Already

commenter
John Said,
June 7th, 2008 @4:28 am  

This blog is a total joke.
Design Float isn’t using all possible spam remedies. I looked myself. You can easily block links to any domain. You can delete stories from Pligg. The developers said 1.0 won’t contain new features, they didn’t say it wouldn’t have fixes…
You are a delusional person who makes things up in order to make yourself appear knowledgeable. I feel bad for the developers if they read this shit blog. It wouldn’t make me want to work on pligg anymore with assholes like you trying to make a profit by bad mouthing an open source project.

commenter
Trevor Said,
June 7th, 2008 @11:47 am  

Each to his own but the post is pretty accurate, can you tell me where to delete discarded stories from in pligg? no you cannot because that feature does not exist? And the article also clearly states that pligg v1.0 will be mostly fixes with very little if any new features so you got that wrong even after supposedly reading the post?

I don’t see anything here of substance from your reply John but a lonely pligg fan with a gripe against this blog? Go get a life.

commenter
wang adsense Said,
June 7th, 2008 @1:51 pm  

That is a nightmare,
Can reCaptcha story submit mod avoid this to happen?
I also have a pligg and did receive massive submission about 50-60 perday. But when I installed reCaptcha mod the news reduce below 10.

As for discarded stories there are one solution brought up by one pligg member and it does delete discarded stories at admin panel.

Still I do agree that plig dev are slow, at least they should tackle all the security bug fix soon as possible first.

commenter
DarrenK Said,
June 7th, 2008 @2:07 pm  

Why don’t the pligg developers simply integrate a flood control feature for stories and comments coming from the same IP. It wouldn’t completely stop the attacks but it would slow them up a lot.

commenter
frostbitez Said,
June 7th, 2008 @4:58 pm  

Pligg does have a way to delete stories from the database but the developers reckon that this feature should come as a paid module caleed TrashMaster and cost you $12.99 from the pligg pro shop. This should be a standard feature of pligg and be provided in the standard release of pligg.

http://www.pligg.com/pro/index.php?l=product_detail&p=40

Talk about developers taking the piss out of their members to try and exploit some quick cash from it’s loyal userbase? Pligg have lost interest since their proposed sale fell flat on it’s ass, the release schedule since January about say it all.

commenter
Geoserv Said,
June 10th, 2008 @1:24 am  

John your either a dumbass or a Pligg groupie.

Yes you can delete stories from Pligg, but they are never really deleted, check your database, if the user knows the URL to the story, its still there. Test before you shoot your mouth off.

Go to Wordpress, Joomla or any other CMS, security flaws are dealt with immediately, not months later.

The developers solution is to rename register.php, that will work for a little bit, but once the author of the PyCurl attack sees that, he will adjust his script accordingly.

The developers have provided a bandaid solution to a major issue and have no idea what to do. All they need to do is admit that.

This post unfortunately is ACCURATE and you my friend are naive, go back to Pligg.com and hang out there, we dont need groupies or fake webmasters here polluting this website with garbage dumbass.

Bye John, oh and I noticed you post a link to your crappy Pligg install, perhaps its using the default yget template?

Good post Lincoln.

commenter
Brian Said,
July 14th, 2008 @10:50 am  

There is a free way to delete stories it is a easy hack :
http://forums.pligg.com/pligg-mods/10089-method-deleting-discarded-stories.html

So there is a free way to delete stories, as for stopping spam just check the forums there are about 15 free modules, and a combination of a few of them will stop most spam.

Pingback & Trackback
mygif
Pingback from http://www.blogengage.com
June 6th, 2008 @11:22 pm  
mygif
Pingback from bloggingzoom.com
June 6th, 2008 @11:23 pm  

Related Post

Please Leave Your Comments Below

Please Note: All comments will be moderated

« 6 Of The Best Premium Wordpress Theme Designers
Pliggzee Template Released For v9.9.0 Of Pligg »