Some people are supposedly getting [old, false] reports of a spammer through my http://mynichecomputing.org/drupal6 sub-site. This is thanks to drupal6 and I am tempted to throw drupal6 away completely: I want to be able to find all such garbage in my drupal IF AND WHEN IT EXISTS before 'reports' are generated: Such supposed reports are certainly no longer true, but it seems drupal flaws may be leading to ruining the reputation of my site
Perhaps you can help me actually totally eliminate the code which in a disabled state may still exist (though now certainly totally ineffective). It possibly or apparently maybe at http://mynichecomputing.org/drupal6/user/autocomplete , Though I have totally disabled it in any case (via totally blocking the videotrailers.co and videotrailer.com IP RANGES), I still ask myself: Maybe I should throw my drupal6 patriotic site away. I like everything raw and all my other sites and all my other stuff IS RAW (and good -- no Drupal "engineers" involved).
Comments
Drupal Security
Brad,
The news media is full of stories about security breaches -- it seems as if there are individuals out there with nothing else to do but cause trouble.
Not knowing how you actually built your drupal 6 site, where it is hosted, etc., or what measures you used to insure security.
I have many drupal sites that I have built in versions 5, 6 and 7 and they are secure and my clients are comfortable with them.
There are measures to take for security. The following link explains the "drupal way" of making sure you are secure: https://drupal.org/security/secure-configuration. Additionally, there is Mollom to add to your site for protection.
And another point I have found -- sites need to be monitored to be sure they are safe -- and there is a drupal team that is constantly trying to help all users with that. As stated in the link above, you can sign up for a notification list of security updates.
With that said, I am not a "backend" person, would never work in "raw code" and I appreciate all the work that is done by Drupal "engineers" to provide me with the tools that I can use to help my customers and pay my bills. Frustration is understandable, however, please remember, our Drupal community of developers provide all of Drupal without being paid for it - and they do an excellent job.
maryann king
http://www.emkayandco.com
Thanks, Maryann l maybe Wilbur or others could weigh in too
I will look into the page, https://drupal.org/security/secure-configuration .
I do have Mollom and I am already signed up for security updates (and always respond immediatedly). I do monitor for users who are known
spammers daily and block them. I have 100s of IPs and IP ranges blocked.
Still, someone for a couple of days got something in that triggered a pop-up, which continued for a couple of days until I blocked all his IP ranges . The frustrating thing is that while I made the code insertion impotent: (1) It got there in the first place and (2) the address where it seemingly is is some sort of alias and I cannot really find where the iframe they put in actually is (or if it actually is OR if they somehow hacked some other part of the Drupal).
Anyone who knows Drupal's "insides" would be welcome to comment. See the last paragraph of the post beginning this thread for the information I have determined.
Are you saying that your
Are you saying that your comments allow iframes? It sounds like you may have to lock down your text formats so that comments / anonymous can only use plaintext, or at least filtered html. For more information, check out https://drupal.org/documentation/modules/filter.
In regards to blocking IPs and whatnot, it sounds like you're doing a lot more manual labor than you need to. I highly recommend a more passive, automatic filtering of these spam bots. My two favorite spam prevention modules are BOTCHA (https://drupal.org/project/botcha) and Bad Behavior (https://drupal.org/project/badbehavior). Used together, they offer a pretty passive CAPTCHA system that keeps out about 99% without having to manually block, approve or configure each time.
I originally found out about those two modules at http://raisedbyturtles.org/stopping-spam-comments-in-drupal-7/, and confirmed that they do work on Drupal 6 just as well.
Good luck!
--
David Needham
Team Lead of Training at Datadog
Neither anons NOR registered users can insert iframes
Neither anons NOR registered users can insert iframes. This is what makes the problem I had and what happened so very serious and makes
me think there is a defect in drupal 6. (All my Editors are trustworthy -- and very, very few are ever active.)
Anons and registered users can only use: Allowed HTML tags (standard per Drupal recommendation): a em strong cite code ul ol li dl dt dd img div pre address h1 h2 h3 h4 h5 h6
The code tag sounds bad, but is no worse than any of the others -- presumably Drupal allows NONE of this set of tags to have event attributes Do not confuse the code tag pair with script tags
(NOT allowed).
(if Drupal allow that of any, as they are available, most all the html standard-allowed tags would be problematic.
Thanks for the citation of those other anti-spam modules.
Can you link to a page where
Can you link to a page where this is happening? seeing it in action would help id how it's happening.
--
David Needham
Team Lead of Training at Datadog
Since I block the IP range of the offender ...
Since I block the IP range of the offender actually doing anything about the only result is (or was) that sometimes (in some browsers) you can see the remnant of the insertion via http://mynichecomputing.org/drupal6/user/autocomplete (seeing this is not dangerous -- I saw this remnant several times). Older IE browsers pop up something to allow the download (also apparently the download , just text, is not dangerous). The only other effect you can see is that my autocompletes had to be shut down not to see an error (due to malfunctioning of returns from the autocomplete function(s) involved) -- which somehow 'coincidentally' occurred at the same time (and both involving 'autocomplete' or at least the word). THIS IS A LASTING EFFECT: no autocomplete. Thanks evil spammer and drupal defect!! There was also a seeble videotrailers.co iframe html insertion on the main page of my web site (not Drupal); this has been deleted but you could see it in the html source view; how a spammer got to my raw personally-built nearly-w3c-standards html page, I do not know, but I have changed my FTP passwords. Whether this was related, or an effect or a PART of the cause of the original problem I cited (beginning this discussion topic) is not known.
But, there is a way you can see more --indicating something is still going on or is amiss: Here is how you can see a continuing effect of the hack and still citing the
mynichecomputing.org/drupal6/user/autocomplete page:
Go to http://mynichecomputing.org/drupal6/ and simply register.
Then go to My Account. Once there, click: Notifications and then select
adding an Author notification and start typing in some letters in the author name textbox (this is an area where I have not figured out how to shut off the still-malfunctioning autocomplete). With each letter, you will still get the following pop-up alert:
An error occurred.
http://mynichecomputing.org/drupal6/user/autocomplete
(no information available)
This used to happen whenever autocomplete was -- but I shut it off everywhere else (i.e. wherever I could by eliminating autocomplete parts of modules -- everywhere, but that place noted above). In truth: I also threw away the Private Messaging module because I could not turn off the autocomplete there ( and PM was seldom, if ever, used).
I guess I would say autocomplete is/was clearly involved . Know that http://mynichecomputing.org/drupal6/user/autocomplete is NOT a page (or an alias to a page) but rather seems to be a trigger of of a couple of includes (*.inc files): I examined them, but could see no hack (I wish I could remember what their names were) .
Truly, I have now told you all I know. Apparent page addresses triggering includes is something Drupal 'engineers' have used and maybe this is a dangerous thing, susceptible to hacking.