Pligg spammers still a problem in v9.9.0

fat_spammer.png You probably thought pligg was getting better at dealing with spam entries, well you would be wrong pligg sites are a heaven for spammers and the developers haven’t even attempted the simple task in v9.9.0 of adding email verification to the registration process which would have helped greatly. First there was the PycURL SQL Injection spam, then there was India and SEO, now the latest would seem to be Australian IP’s spamming with bots and googlemail.com accounts.

We have had SQL vurnabilities in the user.php file that caused focused attacks only on pligg sites allowing bots to completely bypass the registration process and captcha to insert users and stories directly into the pligg database by using PycURL. Odds are most likely that the use of Google featured prominently here, or any of the master lists at pligg.com or PliggSites.com as a way to identify which sites were vulnerable to the SQL injection used to complete the attack.

An askimet module to combat spam was released but has been reported as slowing down the story submission process by up to 50 seconds on step_3 of the story submission. We tried the Askimet module for ourselves that comes bundled with v9.9.0 of pligg and it simply doesnt work, settings cannot be edited, spam not detected or undeletable etc? Even the module we applied a speed fix to and released still doesnt work correctly although it does solve the submission slowdown.

One of the ways suggested over at the pligg forum is the use of hack titled “Single step registration + Confirmation e-mail v0.1” unfortunately this hack will only work with v9.8.2 of pligg and not the current v9.9.0 release. Like so many time’s before at pligg the developers posted on the 15th January 2008 that a version for v9.9.0 of pligg would be released within a week, here we are over two months later and Ash has never replied again to the thread? And still an update has never been released. Not for the first time i may add this lets the pligg community down, we checked the Pligg Modules section of the forum, other threads as well as the SVN that dollar5 had hinted at to try and located the update Ash mentioned without any success.

This means your v9.9.0 site will still be vulnerable to be hit with PycURL attacks, any attackers emails will probably be blank@blank.com and we have had word from several webmasters running v9.9.0 that this is still happening and pretty frequently by the sounds of things.

Another type of spam we have been alerted to would seem to originate from Australia and be bot driven, users have been registering at pligg sites from AU Ip’s and googlemail.com or gmail.com accounts. The email accounts usually look similar to top.jewlery@googlemail.com all having . withing the user-names. A few weeks back googles gmail.com captcha process was broken by hackers allowing bots to register for gmail.com email accounts automatically. It looks like the PycURL spammers are also now utilizing this hack to gain gmail accounts for spamming purpose’s.

Why would they do this, well it just may be to get round the email confimation by automatically verifying the email address by bot although this hasn’t been confirmed. Another factor is it’s very unlikley that you will ever ban gmail.com, googlemail.com accounts from registering on your website because they are used by 1000’s of ligitimate members. The spammers know this hence they have started to use googlemail.com accounts.

Hopefuly the pligg developers will make improvments in the next version to combat this once and for all, we wouldnt hold out for that to happen though as past releases have usually proven to be a dissapointment breaking more than they fix. The main thing that is letting pligg down at the moment is poor support for modules by the developers and as far as we can tell not having a clear development path or project roadmap certainly dosent help things. The pligg community hear a lot of talk and see very little action even the developers taking a little time upgrading existing MoD’s to work with the latest release would at least be a start.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Article Details

#

Author: on March 28th, 2008

Category: Pligg

Tags: , , , ,

  1. Israel says:

    do you have a solution for this?