Yesterday, I got some spam through my site contact form.
Not entirely sure what to do, if anything. Should I do something? I could find the spam ip addresses and ban them, of course. Should I be worried about the site being vulnerable?
:( My danger sense isn't going off, but that could just because I'm really ignorant in these sorts of things.
Anisa.
On 8/16/06, Anisa mystavash@animecards.org wrote:
Yesterday, I got some spam through my site contact form.
Not entirely sure what to do, if anything. Should I do something? I could find the spam ip addresses and ban them, of course. Should I be worried about the site being vulnerable?
:( My danger sense isn't going off, but that could just because I'm really ignorant in these sorts of things.
Different (mostly old) versions of certain contact forms allow spam relays. If you start getting a lot of hits on that form be concerned about it being used to relay spam. Otherwise it was probably just a probe and can be ignored.
There are lots of antispam options (CAPTCHAs, akismet, etc.) but those decrease the value to normal users so I only like to implement them if I am overwhelemed by the spam problem.
Greg
On Wed, 16 Aug 2006 20:03:31 +0200, Anisa mystavash@animecards.org wrote:
Yesterday, I got some spam through my site contact form. Not entirely sure what to do, if anything. Should I do something? I
Yep. Firstly Lullabot has an interesting article on contact forms with some tips: http://www.lullabot.com/articles/fighting_spam_with_captcha
Make sure you are running the latest version of Drupal. If you have a contact form that is part of a module such as the Feedback module (highly recommended) ensure that you have installed the latest module code.
Also keep up to date with Drupal security updates: http://drupal.org/security
It is recommended to subscribe to the RSS feed with Drupal security advisories: http://drupal.org/security/rss.xml
could find the spam ip addresses and ban them, of course. Should I be worried about the site being vulnerable?
Not really, at least not today. But we should all be worried. There are 280,000 virusses, Trojans, Worms etc affecting Windows. If and when Windows become secure, the substantial industry associated with malware will either turn their attention to a) Linux b) Macintosh and c) CMS systems and PHP. Item c) is ripe for malware exploits!
:( My danger sense isn't going off, but that could just because I'm really ignorant in these sorts of things.
I have a major problem with more than one Drupal sites where the ISP acceptable email limit is reached within minutes of the new hour whereafter my email gets blocked for the next hour. It could be either end-user spam (I am running a number of pop accounts) or it could be contact form injection spam or some other vulnaribility. I have considered writing the output of the contact form to a sql table to be able to see what happens there. My problem is that if it is spam as a result of a SQL injection attempt in a PHP form, my email address is also blocked and whatever spam was sent out via the contact form does not end up with me.
Casper Labuschagne +27827054416 www.krooninfo.co.za www.boerboel.co.za Visit http://www.ubuntu.com for a highly recommended open source alternative to Windows!
Hello,
I'm trying to figure out why my RSS feeds are broken:
" This feed does not validate.
*
line 2, column 0: XML parsing error: <unknown>:2:0: xml declaration not at start of external entity [help]
<?xml version="1.0" encoding="utf-8"?>
Source: http://www.mysite.org/rss.xml
1. 2. <?xml version="1.0" encoding="utf-8"?> 3. <rss version="2.0" xml:base="http://www.mysite.org" xmlns:dc="http://purl.org/dc/elements/1.1/"> 4. <channel> ... "
The problem seems to be that line one is empty - the rest of the XML file is fine, but because the <?xml ...> declaration begins at line 2, the RSS is not valid and cannot be aggregated.
I've tried this with all my feeds, and even the atom.module - same problem.
I've disabled all my contributed modules, unpublished all my non- english content, and still get the same error.
Is there anywhere else I can look for why Drupal is injecting a line of whitespace into my RSS feed?
Thanks,
s.
I've disabled all my contributed modules, unpublished all my non-english content, and still get the same error.
What about switching your theme back to bluemarine?
Thank you very much,
The problem was the contextlinks module - I thought I disabled it but I hadn't.
Disabling it AND erasing the module seems to have tentatively fixed my problem - I'll start re-enabling modules and re-publishing content, hopefully it'll hold.
Thanks so much again! :D
s.
On 17-Aug-06, at 9:53 AM, Morbus Iff wrote:
I've disabled all my contributed modules, unpublished all my non-english content, and still get the same error.
What about switching your theme back to bluemarine?
-- Morbus Iff ( dare you overpower my stench of eeeevil? ) Technical: http://www.oreillynet.com/pub/au/779 Culture: http://www.disobey.com/ and http://www.gamegrene.com/ icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus -- [ Drupal support list | http://lists.drupal.org/ ]
Hi
If I want the content (story, blogs) to show up on the front side to users that are not logged in, what do I do?
(I have succeeded in deciding wether or not to show content in the sidebars to logged in/not logged in users, but what about the content that shows up in the middle section of the web site-where do I administrate this ?)
Gina
Depending on exactly what you want to do, you could use the front_page module and specify a different frontpage for anonymous and logged in users.
s.
On 18-Aug-06, at 12:00 PM, Gina Rydland wrote:
Hi
If I want the content (story, blogs) to show up on the front side to users that are not logged in, what do I do?
(I have succeeded in deciding wether or not to show content in the sidebars to logged in/not logged in users, but what about the content that shows up in the middle section of the web site-where do I administrate this ?)
Gina
[ Drupal support list | http://lists.drupal.org/ ]
On Friday 18 August 2006 09:00, Gina Rydland wrote:
Hi
If I want the content (story, blogs) to show up on the front side to users that are not logged in, what do I do?
(I have succeeded in deciding wether or not to show content in the sidebars to logged in/not logged in users, but what about the content that shows up in the middle section of the web site-where do I administrate this ?)
Gina
If I understand you correctly, there are at least two things that may need to be addressed: 1) access roles: go to admin/access and make sure there is a check under "anonymous user" and to the right of "access content" (a permission under "node module"). You may also want to give them access to comments by checking "access comments". 2) the individual node settings: node/*/edit expand the "Publishing options" group and check the box beside "Promoted to front page".
On Thu, 17 Aug 2006 15:43:27 +0200, Steven Mansour steven@strictmachine.ca wrote:
The problem seems to be that line one is empty - the rest of the XML file is fine, but because the <?xml ...> declaration begins at line 2, the RSS is not valid and cannot be aggregated.
I've tried this with all my feeds, and even the atom.module - same problem.
I've disabled all my contributed modules, unpublished all my non-english content, and still get the same error.
Is there anywhere else I can look for why Drupal is injecting a line of whitespace into my RSS feed?
Thanks,
s.
Do other pages of the site also start with whitespace? If so, you need to check several files (eg settings.php) for whitespace outside of <?php ?> tags. It's best to do so with a hex editor as certain whitespace (byte order marks) might be invisible in texteditors.
Heine
It's a thought. So I will think on it. I just got another 3 spam feedback. It's just so... dumb.
Maybe I'll add a simple captcha....
Anisa.
On 8/17/06, Casper Labuschagne casperl@krooninfo.co.za wrote:
On Wed, 16 Aug 2006 20:03:31 +0200, Anisa mystavash@animecards.org wrote:
Yesterday, I got some spam through my site contact form. Not entirely sure what to do, if anything. Should I do something? I
Yep. Firstly Lullabot has an interesting article on contact forms with some tips: http://www.lullabot.com/articles/fighting_spam_with_captcha
Make sure you are running the latest version of Drupal. If you have a contact form that is part of a module such as the Feedback module (highly recommended) ensure that you have installed the latest module code.
Also keep up to date with Drupal security updates: http://drupal.org/security
It is recommended to subscribe to the RSS feed with Drupal security advisories: http://drupal.org/security/rss.xml
could find the spam ip addresses and ban them, of course. Should I be worried about the site being vulnerable?
Not really, at least not today. But we should all be worried. There are 280,000 virusses, Trojans, Worms etc affecting Windows. If and when Windows become secure, the substantial industry associated with malware will either turn their attention to a) Linux b) Macintosh and c) CMS systems and PHP. Item c) is ripe for malware exploits!
:( My danger sense isn't going off, but that could just because I'm really ignorant in these sorts of things.
I have a major problem with more than one Drupal sites where the ISP acceptable email limit is reached within minutes of the new hour whereafter my email gets blocked for the next hour. It could be either end-user spam (I am running a number of pop accounts) or it could be contact form injection spam or some other vulnaribility. I have considered writing the output of the contact form to a sql table to be able to see what happens there. My problem is that if it is spam as a result of a SQL injection attempt in a PHP form, my email address is also blocked and whatever spam was sent out via the contact form does not end up with me.
Casper Labuschagne +27827054416 www.krooninfo.co.za www.boerboel.co.za Visit http://www.ubuntu.com for a highly recommended open source alternative to Windows! -- [ Drupal support list | http://lists.drupal.org/ ]
-
Anisa -
Casper Labuschagne -
Gina Rydland -
Greg Knaddison - GVS -
Heine Deelstra -
Jason Flatt -
Morbus Iff -
Steven Mansour