Spammers taking advantage of Plone

Posted: Sun Jan 07, 2007 3:26 pm

Just a bit of information if anyone is interested. It doesn't really affect anything on Nuke sites other than being just more annoying spam.

We have been receiving a huge amount of spam attempts targeting our Reviews and Comments. Sentinel has caught just about all them.

Following a discussion on IRC with the Plone community, I was informed about a known Plone vulnerability which the spammers use when Plone users do not apply a security patch.
It allows posting of non-image files (like an html page or script) in the images directory.

The general form we receive seems to be a comment or review submission containing a large number of links, all pointed to some variant URL of : somesite/portal_memberdata/portraits/someuser

Mostly it seems to be p*rn related, not the medication stuff.

So far, we have personally counted almost 100 Plone based sites affected by this.

Just thought I'd post this if anyone was interested.

Posted: Sun Jan 07, 2007 7:55 pm

wolfear wrote:

It allows posting of non-image files (like an html page or script) in the images directory.

That's scary but not uncommon.
You know how much crappy upload scripts exist, due to either the bad coder that doesn't understand file validation or bad servers that didn't execute 'pear install fileinfo'?

Spam is something that will always be there, no matter if you use CAPTCHA or not.

Posted: Sun Jan 07, 2007 10:54 pm

I've not seen this directly, but I'm not surprised. Spammers are using everything to gain an advantage. The easy of use of these software provides a great target for these scum. Botnets are constantly searching and exploiting many vulnerable scripts

Posted: Mon Jan 08, 2007 12:48 am

evaders99 wrote:

The easy of use of these software provides a great target for these scum. Botnets are constantly searching and exploiting many vulnerable scripts

Too true. Doesn't help any that people don't keep up with applying security fixes.
I just spent the last several days updating my sites. I let 2 of them get waaaay behind and the spammers jumped on us like fleas on a hound dog (bit of colorful local flavor...lol).
I just read the story, I think it was on DevShed..not sure, about the botnet that just got busted. I can't remember the exact number, but I think they were using 7,000 (don't quote me on that..not sure) infected computers. Scary stuff.
Makes me glad I dumped XP and moved to Linux. Not a total solution, but I can sleep a little bit better.

djmaze wrote:

That's scary but not uncommon.
You know how much crappy upload scripts exist, due to either the bad coder that doesn't understand file validation or bad servers that didn't execute 'pear install fileinfo'?

Spam is something that will always be there, no matter if you use CAPTCHA or not.

True again. I'm not at all familiar with Zope or the Plone system, so I have no idea where the actual failure was, just the end result as pointed out to me on IRC.
Spam is here and it's going to get worse as these slimeballs get more creative.

Visit a spammer forum and it'll scare the socks off ya the things they discuss.

Almost makes me want to pack up my toys and go home, but that would be admitting defeat.

I started emailing a notice to the owners of the affected sites. Hopefully they don't think I'm spamming them (lol). I know I would want to know if some slimeball was using my site to send out p*rn.
It's sad when this sort of thing happens enough you can create a form letter.