DesignFloat The Popular Pligg Site Gets Spam Attacked
Many times before here at Social CMS Buzz we have spoken about outstanding vulnerabilities within the Pligg CSM system related to spam attacks, it seems today DesignFloat.com has come under siege and is experiencing some nasty pligg spam related problems in one of these attacks. This is of concern to pligg webmasters as DesignFloat is an established pligg site that use’s all the available method’s of prevention currently available for Pligg.
Pligg webmasters and developers alike have been aware of the automated bot spam that the Pligg CMS system is becoming renowned for, it’s rare we actually see an attack taking place or have any images of how bad these attacks can be for a pligg site.
DesignFloat today and even at the time of writing is suffering one of these attacks on a massive scale, the entire upcoming section from page 1 up to page 8 has been spammed in the Business & Freelancing category with around 160+ entries from outlook-express-forum.de.
You can see from the image below the extent of the attack.
As you can see from above the attack is pretty severe and is happening too fast to be human, these type of attacks can really cripple a site and take a lot of time to block the attacker then clean out the spam entries. With pligg having no way of actually deleting stories that’s where one of the major downfalls of the Pligg CMS system stand out.
Pligg also now haven’t released a version of the system for over six months and with a recent admission from the developers that v1.0 will be more of the same with some little fixes the future isn’t bright. Excruciatingly slow development intervals and 6 month old vulnerabilities all add up to the situation we are seeing today, it’s also the main casue of pligg’s traffic drop as users aren’t visiting pligg.com as much as they used too.
I really hope Andrew over at DesignFloat can solve the issue soon and it doesn’t open the gate for others with different domains and IP’s to exploit the same vulnerability.
Visit: DesigFloat
If you enjoyed this post, make sure you subscribe to our RSS feed!
Category: Pligg
Tags: Design Float, designfloat, pligg spam, spam, spam attack
Hello. It is test. 
Where to download this module. Download links in this article are not available. 
Thanks for sharing us your techniques I visit this site regularly to get more tips. 
gskuin 
Hi Lincoln.
I don't post at Pligg much anymore but the newer members I feel sorry for since they ...
I'm new to social networking CMS and was going to jump into a project using Pligg. After reading your ...
Comment by John on 7 June 2008:
This blog is a total joke.
Design Float isn’t using all possible spam remedies. I looked myself. You can easily block links to any domain. You can delete stories from Pligg. The developers said 1.0 won’t contain new features, they didn’t say it wouldn’t have fixes…
You are a delusional person who makes things up in order to make yourself appear knowledgeable. I feel bad for the developers if they read this shit blog. It wouldn’t make me want to work on pligg anymore with assholes like you trying to make a profit by bad mouthing an open source project.
Comment by Trevor on 7 June 2008:
Each to his own but the post is pretty accurate, can you tell me where to delete discarded stories from in pligg? no you cannot because that feature does not exist? And the article also clearly states that pligg v1.0 will be mostly fixes with very little if any new features so you got that wrong even after supposedly reading the post?
I don’t see anything here of substance from your reply John but a lonely pligg fan with a gripe against this blog? Go get a life.
Comment by wang adsense on 7 June 2008:
That is a nightmare,
Can reCaptcha story submit mod avoid this to happen?
I also have a pligg and did receive massive submission about 50-60 perday. But when I installed reCaptcha mod the news reduce below 10.
As for discarded stories there are one solution brought up by one pligg member and it does delete discarded stories at admin panel.
Still I do agree that plig dev are slow, at least they should tackle all the security bug fix soon as possible first.
Comment by DarrenK on 7 June 2008:
Why don’t the pligg developers simply integrate a flood control feature for stories and comments coming from the same IP. It wouldn’t completely stop the attacks but it would slow them up a lot.
Comment by frostbitez on 7 June 2008:
Pligg does have a way to delete stories from the database but the developers reckon that this feature should come as a paid module caleed TrashMaster and cost you $12.99 from the pligg pro shop. This should be a standard feature of pligg and be provided in the standard release of pligg.
http://www.pligg.com/pro/index.php?l=product_detail&p=40
Talk about developers taking the piss out of their members to try and exploit some quick cash from it’s loyal userbase? Pligg have lost interest since their proposed sale fell flat on it’s ass, the release schedule since January about say it all.
Comment by Geoserv on 10 June 2008:
John your either a dumbass or a Pligg groupie.
Yes you can delete stories from Pligg, but they are never really deleted, check your database, if the user knows the URL to the story, its still there. Test before you shoot your mouth off.
Go to Wordpress, Joomla or any other CMS, security flaws are dealt with immediately, not months later.
The developers solution is to rename register.php, that will work for a little bit, but once the author of the PyCurl attack sees that, he will adjust his script accordingly.
The developers have provided a bandaid solution to a major issue and have no idea what to do. All they need to do is admit that.
This post unfortunately is ACCURATE and you my friend are naive, go back to Pligg.com and hang out there, we dont need groupies or fake webmasters here polluting this website with garbage dumbass.
Bye John, oh and I noticed you post a link to your crappy Pligg install, perhaps its using the default yget template?
Good post Lincoln.
Comment by Brian on 14 July 2008:
There is a free way to delete stories it is a easy hack :
http://forums.pligg.com/pligg-mods/10089-method-deleting-discarded-stories.html
So there is a free way to delete stories, as for stopping spam just check the forums there are about 15 free modules, and a combination of a few of them will stop most spam.