Home » Blogs » Thomas Hesselberg's blog

How (not) to get 20.000 spam entries on your website

Submitted by Thomas Hesselberg on Sat, 11/27/2010 - 17:46

OK so I know that progress on this website is incredibly slow rate and sadly this entry has nothing do to with progress or indeed photography.

I just thought, I wanted to share a funny (or maybe not that funny) little incident happening on this site. A month ago or so when I last worked on the website (yes that is why progress is so slow), I worked on the User Settings and User Profiles. I must have been distracted because I ended up accidentally allowing visitors to create profiles and post entries without requiring any administrator approval or giving me any notifications.

Then I forgot about the website again.

Today, I checked Google Analytics for my websites and was very surprised to observe a sharp peak in visitors (basically from around 0-1 per day – well there is no really content on this page yet is there? – to about 20-30 per day in only 25 days). Although I’m definitely self-delusional even I could tell that something fishy was going on.

So I logged in as administrator.

In 25 days I had gotten around 30 new profiles and an amazing 20,000 new entries. ALL SPAM!

Unfortunately, my CMS (Drupal) only allows me to delete 25 entries at a time (or at least I haven’t figured out any other way of doing it), so I know what to do for the next couple of hours.

Well anyway I just wanted to warn you! NEVER play around with user settings so you allow visitors to create profiles and blog entries without administrator approval, not even on websites in development without hardly any visitors. You WILL regret it!

-------
NB!

Although Drupal does not allow the deletion of more than 25 entries at a time, I (well ok ok Girlfriend) found a clever way to do it automatically. There is a Firefox add-on called iOpus iMacro, which allows you to record a macro and then play it back.

Here is how I did it. I went to the Content Management in Drupal. Started to record the macro, then selected all blog entries, deleted them and confirmed it. Then I stopped the recording and played it back in a loop with 800 iterations.

I can now sit back and relax while the spam entries are deleted automatically!