Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Sustained Distributed Spambot Review Attacks
 
J_T_
Moderator
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

I had been getting these since starting with Magento but today takes the cake.

Our Pending Reviews always fills up with rubbish, links to random strings etc. clearly spam bots probing for open comments/reviews. usually it’s 5 at a time, once a week or so. But this morning, from just after 8 till now just before 11 I found pages worth of these attempts.

As some were still showing in Who’s Online, I logged their IPs.

153.19.1.244
163.192.4.213
12.158.191.70
94.230.141.138
195.127.150.117
184.72.58.219
200.20.109.21
195.194.111.2
184.72.57.170
174.129.5.87
219.112.130.3
12.158.191.70
38.107.149.14
173.203.206.253

Stick those in ip2location.com/demo.aspx and you’ll find IPs from all over the world, Brazil, Japan, USA, UK etc. so it seems a distributed botnet with particular knowledge of and interest in Magento.

I’m still running a 1.3 version so I wondered whether 1.4 has added attach prevention like native Captcha, maybe even Akismet etc. to prevent these form even entering the pending lists. It’s a pain to clean up and of course these people eat server-resources with their continuous attempts.

Is anyone else seeing this behaviour? What have you done about it? Blocking IPs seems futile as it’s distributed, probably all infected machines from around the world.

 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Moderator
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

As it’s still going on, here’s one of the reviews.

L5xvk5P  <a href="http://wzhlavbgfdqtwiu.com/">wzhlavbgfdqtwiu</a>, [url=http://ibrtuhzxhyadhg.com/]ibrtuhzxhyadhg[/url], [link=http://stsrtmfvcgspgb.com/]stsrtmfvcgspgb[/link], http://duyvxlgwpdyuga.com/

The URL they access looks like this:

http://www.shop.com/review/product/list/id/3516/&#x22;./&#x22;./product-fitting&#x22;&#x3E;here&#x3C;/a&#x3E;.&#x3C;/&#x22;./&#x22;./&#x22;./product-fitting&#x22;&#x3E;here&#x3C;/a&#x3E;.&#x3C;/&#x22;./product-fitting&#x22;&#x3E;here&#x3C;/a&#x3E;.&#x3C;/&#x22;./&#x22;./&#x22;./product-fitting&#x22;&#x3E;here&#x3C;/a&#x3E;.&#x3C;/%2

The product-fitting is a CMS page - not sure what the relevance of this is during the attack.

 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Moderator
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

Five hours after it started, it’s still going on, much like a slow DDoS attack, at a rate of one comment span every 90 seconds.

I switched off guest review posting for the time being so it’s no longer polluting my pending review lists. It’s still eating up server resources though, albeit marginally, but would love to get rid of it. I’ve spotted many dozens of different IP addresses so it kind of scares me to think if they switched from focussing on review spam to a much more intense real DDoS. With that many zombie machines, our server could be on its knees if they start making more heavy requests.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Gui
Guru
 
Avatar
Total Posts:  588
Joined:  2008-03-09
 

Not sure on your 1.4 native captcha but since you are running 1.3 try the Fontis ReCaptcha:
http://www.magentocommerce.com/magento-connect/Fontis/extension/1169/fontis-recaptcha/

This works very well for us and it also integrates with the Registration page. As you will find that after you block the reviews they will create customer accounts on the rate you are seeing now.

Btw you can download their extension from their site if you do not want to use Connect

 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Moderator
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

Thanks Gui,

That seems like a decent solution. I have other modules of Fontis and they are good quality.

I do hope Varien address this in the core, as the number of 3rd party modules we “need” already get unwieldy, especially with their individual updates and then Mage’s own frequent and far-fetching updates.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Brent W Peterson
Moderator
 
Avatar
Total Posts:  3217
Joined:  2009-02-26
Minneapolis MN
 

@JT: We are having the same problem, let me know how your captcha solution works

 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Moderator
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

I left guest reviews off for the time being, which has sorted it for now. I have to upgrade a few things before I expand the modules. So the real solution may be a few weeks away still.

 
Magento Community Magento Community
Magento Community
Magento Community
 
snarkys
Sr. Member
 
Total Posts:  124
Joined:  2008-04-04
 

we are also having this issue. How do you turn off guest reviews ? we are running 1.16

Once this is done has anyone found the bots do start creating accounts ?

 
Magento Community Magento Community
Magento Community
Magento Community
 
elfling
Enthusiast
 
Avatar
Total Posts:  901
Joined:  2008-10-21
 

Outsource Online Captcha works great.

I started getting spam reviews / accounts etc a while ago, installed the fontis recaptcha. My error logs filled up within days due to errors in the ReCaptcha (which still arent solved)

Recently changed to Oursource Online Captcha, works great. No worring about spam reviews and spam accounts.

Job done.

http://www.magentocommerce.com/magento-connect/osol/extension/4001/outsourceonline_captcha

 
Magento Community Magento Community
Magento Community
Magento Community
 
bkscott
Sr. Member
 
Avatar
Total Posts:  137
Joined:  2009-07-16
Sacramento
 

We’ve had the Fontis captcha extension on our site for a while. it stopped the spam submissions dead in their tracks.

 
Magento Community Magento Community
Magento Community
Magento Community
 
elfling
Enthusiast
 
Avatar
Total Posts:  901
Joined:  2008-10-21
 

Yeah, but if you turn of error logs to email to you the errors as they happen, you’ll see that it errors out a

So i’m a thumbs down on the fontis ReCaptcha

 
Magento Community Magento Community
Magento Community
Magento Community
 
bkscott
Sr. Member
 
Avatar
Total Posts:  137
Joined:  2009-07-16
Sacramento
 
elfling - 23 December 2010 11:30 AM

Yeah, but if you turn of error logs to email to you the errors as they happen, you’ll see that it errors out a

So i’m a thumbs down on the fontis ReCaptcha

what kind of errors are you getting? i havent had any complaints and ive been using it for almost a year now.

 
Magento Community Magento Community
Magento Community
Magento Community
 
elfling
Enthusiast
 
Avatar
Total Posts:  901
Joined:  2008-10-21
 

http://www.magentocommerce.com/boards/viewthread/49875/

Unless errors is turned on to email, you would never know it existed. Glad it happened otherwise I would never have been ridden of the impossible text of the ReCaptcha that was driving me up the wall.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top