SPAM upload

[israkaif]

🎯Description of the issue

I have a problem with a spammer who uploads pictures to my site.
Spammer uploads:

• several dozen images anonymously every hour;
• 3 or 4 different pictures which have different random file names at every upload;
• from different ipv4 from the pools /22- /24 at every upload.

Thus, the spammer bypasses the protection of the site from re-loading images.

My site is hidden behind Сloudflare. The log looks like the images are loaded through the standard site loading system. The site uses upload user interface "On-page container".
Perhaps the spammer uses software solutions that understand and modify the JS of the site to spoof the ip.

It would help me if the site determines the reload of images by file size too, not only by ip and/or file name.



▶🚶‍Reproduction steps

...Spammer makes that every days some times.

😢Unexpected result

He does it successfully.

📃Error log message

[Provide any relevant error log entry. You may check our documentation for help on this]

 

[Rodolfo]

For now, turn on recaptcha and block the IP via CloudFlare.

Chevereto 3.14.0 will feature security enhancements that will stop IP spoofing spammers.

 

[mkerala]

Cloudflare has a feature to block IP ASN. This will block entire IP owned by that particular ISP. This is more effective than wildcard IP blocking as this specifically target a single ISP and all of their IP ranges.

Looking forward to more spam control features in Chevereto such as email domain blacklist and image hash blocking as IP blocking is turning out to be less effective these days.

 

[israkaif]

I write again. EVERY file upload "has" NEW IP usually from new provider. IP blocking is impossible because I do not see real IP behind Cloudflare and I do not block tons of providers spoofed IPs here.
OK. I try turn on recaptcha. I am waiting PI v3.14. And I hope image hash blocking can be added more quickly

 

[Rodolfo]

IP blocking is turning out to be less effective these days.

IP blocking has never been effective. It can be easily faked, which I didn't knew. I assumed that these attacks where just new IPs but after all it is just an exploit in the system. The problem is in the G\get_client_ip function, which parses HTTP_* headers set by reverse proxies like CloudFlare. The problem is that these headers are sent by the client, not by the server.

This was reported about one week ago and I started to work on it asap. At this time, the patch is already live on the demo (among with several other stuff added in 3.14.0).

For now, you can edit /lib/G/functions.php

    function get_client_ip()
    {
        return $_SERVER['REMOTE_ADDR'];
    }

Make sure that the get_client_ip function reflect the code above.

You will need to enable mod_remoteip (Apache), ngx_http_realip_module (Nginx). This applies to any remote proxy you may be using, for local proxies you may also need to set the actual REMOTE_ADDR value.

 

[twm]

How to disabled image upload based on MD5?

 

[Rodolfo]

How to disabled image upload based on MD5?

The system already detects duplicates based on md5, but that rely in IP detection. If you read my previous post I explain this problem and how to avoid the situation.

 

[Support]

Unfortunately, this ticket has more than seven days without a reply or feedback from the original poster. We will now consider this ticket abandoned and its now closed.

Don't hesitate to create a new ticket if this matter is still causing you issues.

Ticket closed.