Fighting off spam bots from FLog
Posted by Manolis Platakis on 06-10-2008 at 7:12
It was about three years ago when I decided to start my own blog. Since then, many things have changed but I am not here to rant about my personal stuff but to get dirty and all technical about spam bots!

I decided to use FLog because, back then, it was the first and one of the few, text-file based, blog engines. No database functionality is provided for students in my university so I was forced to use flat files. I proceeded installing FLog and everything went pretty smoothly for a few months.

All of a sudden I saw tens of newly posted comments in various blog posts which made no sense at all and included specific keywords about sex, drugs and... online gambling with the appropriate outgoing hyperlinks. That's how I was introduced to spam bots. No tact from the bots whatsoever :).

At first I was taken over by panic! The second step was to activate moderation of comments from posters who do not have at least one approved comment thus enabling me to control which comment makes it to my blog. The drawbacks are more than obvious. The overhead of having to check all the time for real moderated comments -struggling amidst the hundreds of spam comments in my e-mail notifications- combined with disappointed one time visitors who flied away kept bugging my mind ever since.

To make matters worse over three thousand moderated -but not deleted- spam comments kept slowing down time responses of my web page rendering my whole website almost useless! Our network administrator, Stef, felt sorry for me and decided to help me out by executing an one line awk command and wiping out all the spam seconds almost instantly. My blog was back from the dead!

Everything went fine (with the moderated comments still on) until one day about a month ago my blog suffered a continuous massive attack from German bots consisting of an average of 200 new comments per day! Needless to say, I had to totally deactivate comments insertion until I came up with a more permanent solution.

Solution:

Instead of bugging my administrator once again I decided to fully change my website and move on to a better blog machine! After all, a few good flat files php blog machines have emerged since 2005.

But all of a sudden I came across Captchas.net and decided to give it a try. After about 4 hours I was able to fully integrate Captchas.net in the -totally unknown for me- php code of FLog (Captchas.net charge 120€ for integration). Here are the instructions for you to do so. FLog version I am using is 1.0.1 but I am pretty sure that my modification is compatible with the latest version of FLog which can be obtained here.

1. Register in Captchas.net service here.

2. Download this zip file.

3. In line 135 of file comment.php and in line 312 of file rcblog.php replace 'demo' and 'secret' with the username and keyphrase you received in your registration mail.

4. Replace the existing comment.php with the comment.php you just edited in the root folder of your website. Upload CaptchasDotNet.php in the same folder.

5. Replace the existing rcblog.php with the rcblog.php you just edited in the "Themes" folder of your website. Upload CaptchasDotNet.php in the same folder.

6. In case you are not using RCblog Theme you 'll have to do so through the Themes tab in the admin panel.

You are ready to go! I hope I help even one of you people out there still fiddling around with FLog. Feel free to drop a comment if you have any questions.

P.S. After I had finished my integration I found a more complete solution to the problem here (visible through I.E.) but I haven' tried it out. Documentation in English is available here.

UPDATE (14/10/2008):
Rcblog suffered some tiny modifications for the comment form to display correctly in all the web browsers! Credits go to skarab.
Posted by _DoE_ on 11-07-2010 at 18:13
Hi there,
I just came across your site while searching the web who the hell is still using FLog.

Thanks for placing a link to my site where the current FLog software is still maintained and can be downloaded for free. The latest available version now is 1.1.2c which has a lot of bugfixes done, an enhanced "Anti-Spam!" routine and knows a lot more bots.
You may download this patch from my site at:
http://rage.ifastnet.com/index.php?page=FLog_1.1.2c
A working 1.1.2b version is needed for updating to 1.1.2c

You may read the documentation and the history of changes in it at:
http://rage.ifastnet.com/files/addendum112c.html

Yeah, I know you now use your own solution with captchas.net which is also working great. But If someone else does not want to code in php files, then someone else may try out my version.

Btw: My updates and patches also work in Firefox (Gecko) and Safari/Chrome (WebKit) and not just in IE.
Posted by Manolis Platakis on 13-07-2010 at 9:45
Nice to see you here _DoE_ :)
Posted by _DoE_ on 14-07-2010 at 14:07
I've just detected that your FLog data is publicly available.
That's a severe security issue because your FLog user name and your FLog password hash can be seen by anyone. With this data a hacker can gain access to your admin within minutes!

You wrote you already have been attacked by spammers, so it's just a matter of time until a hacker visits your FLog. See here for instance: http://www.hellboundhackers.org/articles/comments-484-real-14.html

Some hackers also visited and are still visiting my FLog. But they don't have any chance - so far.

A lot of FLog installations have already been hacked because they all use the default FLog path for saving the data.

To solve this issue you should remove your data directory out of your server root.
If you cannot then you should protect your data directory using a .htaccess file.
If you cannot then put an empty file with name "index.html" in the data directory to deny directory listing. Then create a subdirectory inside the data directory. Use a name for that subdirectory that cannot be easily guessed. Move all your data files into this newly created subdirectory. And finally make the necessary changes in your "config.php", so FLog can find its data. This is of course not 100% save, but it's better than what you currently have.

And don't forget to backup your data regularly. Just in case ...
Posted by Manolis Platakis on 18-07-2010 at 14:21
Thanks a lot for the heads up! As a matter of fact I've already been attacked by hackers and had to restore the website from a backup. I employed one of your solutions. I hope I'll be safer from now on. Thanks again!
Comment on This Post

Image password:
The Captcha image
Phonetic spelling (mp3)