- Posts: 6
COMMUNITY FORUM
spammers targetting /component/k2/itemlist/user/
- glenbovert
- Topic Author
- Offline
- New Member
Less
More
9 years 1 month ago #147715
by glenbovert
spammers targetting /component/k2/itemlist/user/ was created by glenbovert
Hi I have a problem.
On my website I don't have a login or comments. But because joomla sets registrations on yes as default, spammers filled up the user box with thousands. they don't seem many rights, so I deleted them all and set the registration to no. This solved the problem of users coming in.
There are still a lot of spammers though targetting /component/k2/itemlist/user/
what happens is that from spam sites they make a redirect to my site, for example:
www.epopular.com.sg/dynamic/offsite.php?site=http://big5.icbc-ltd.com/gate/big5/[[/color]color=#0000FF]www.lwbsmile.nl/component/k2/itemlist/user/1567[/color]
the red part is the spam part, the rest is from my site. It still generates a page.. They can't login.. see link.
www.epopular.com.sg/dynamic/offsite.php?site=http://big5.icbc-ltd.com/gate/big5/www.lwbsmile.nl/component/k2/itemlist/user/1567
Two question:
1 - How serious is this? Did they hack k2? Or is it just spam?
2- How can I solve this? I wanted to remove the path " component/k2/itemlist/user/*" all together, but it does not seem to be a path in my folders, or I can't find it. Another solution would be to restrict access to that path. But again I am not sure how?
Could you please give me advice on how I can solve this? the traffic from that spammers is not nice.
Thank you in advance.
Kevin
to do so i have to restrict the path i think, but I can't seem to figure out how, because component/k2/itemlist/user I can't find in the folders.
On my website I don't have a login or comments. But because joomla sets registrations on yes as default, spammers filled up the user box with thousands. they don't seem many rights, so I deleted them all and set the registration to no. This solved the problem of users coming in.
There are still a lot of spammers though targetting /component/k2/itemlist/user/
what happens is that from spam sites they make a redirect to my site, for example:
www.epopular.com.sg/dynamic/offsite.php?site=http://big5.icbc-ltd.com/gate/big5/[[/color]color=#0000FF]www.lwbsmile.nl/component/k2/itemlist/user/1567[/color]
the red part is the spam part, the rest is from my site. It still generates a page.. They can't login.. see link.
www.epopular.com.sg/dynamic/offsite.php?site=http://big5.icbc-ltd.com/gate/big5/www.lwbsmile.nl/component/k2/itemlist/user/1567
Two question:
1 - How serious is this? Did they hack k2? Or is it just spam?
2- How can I solve this? I wanted to remove the path " component/k2/itemlist/user/*" all together, but it does not seem to be a path in my folders, or I can't find it. Another solution would be to restrict access to that path. But again I am not sure how?
Could you please give me advice on how I can solve this? the traffic from that spammers is not nice.
Thank you in advance.
Kevin
to do so i have to restrict the path i think, but I can't seem to figure out how, because component/k2/itemlist/user I can't find in the folders.
The topic has been locked.
- Krikor Boghossian
- Offline
- Platinum Member
Less
More
- Posts: 15920
9 years 1 month ago #147736
by Krikor Boghossian
JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by Krikor Boghossian on topic spammers targetting /component/k2/itemlist/user/
The /component/k2/itemlist/user/ pattern shows you that these links are from spammers who signed up for your site.
Removing these (Joomla!) users will remove these links as well.
Removing these (Joomla!) users will remove these links as well.
JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
The topic has been locked.
- glenbovert
- Topic Author
- Offline
- New Member
Less
More
- Posts: 6
9 years 1 month ago #147777
by glenbovert
Replied by glenbovert on topic spammers targetting /component/k2/itemlist/user/
No it does not remove them, robots will still go to the link, and the link is still accessible.. you still get traffic from them and as you can see on the link i provided they made internal links from there websites to my site. Not nice with all the crap that is out there. As I pointed out in my message, all users were already deleted. Still the k2 link is accessible.
But I found the answer, and because I am not the only one who will have this problem, this might solve it for others too, if you don't make use of comments, logins, users in your site.. You can make the link forbidden in your .htaccess file.
RewriteRule ^component/k2/itemlist/user/\d* - [F,L]
Have a good spammer free day ;-)
But I found the answer, and because I am not the only one who will have this problem, this might solve it for others too, if you don't make use of comments, logins, users in your site.. You can make the link forbidden in your .htaccess file.
RewriteRule ^component/k2/itemlist/user/\d* - [F,L]
Have a good spammer free day ;-)
The topic has been locked.
- Krikor Boghossian
- Offline
- Platinum Member
Less
More
- Posts: 15920
9 years 1 month ago #147785
by Krikor Boghossian
JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by Krikor Boghossian on topic spammers targetting /component/k2/itemlist/user/
Your users won't be able to access your own user page if it is not mapped into a menu item. It could lead to issues even then.
If you are not using this view then you can safely use this method.
If you are not using this view then you can safely use this method.
JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
The topic has been locked.
- Slartibartfast
- Offline
- Junior Member
Less
More
- Posts: 25
9 years 1 month ago #148653
by Slartibartfast
Replied by Slartibartfast on topic spammers targetting /component/k2/itemlist/user/
Hi, i have the exact same problem and i want to point two important things
1. the non sef url is /?option=com_k2&view=itemlist&task=user&id=* (some user id at the end)
2. except of the dead pages that are still there even after deleting the users, the result is thousands of spam backlinks -which is bad for seo...
so
1. is there a way to block these links (/?option=com_k2&view=itemlist&task=user&id=) permanently or better disable them?
I can see- except of the spam users- even if iput the id of the super admin at the end of the link still there is a page...!! i don't want that
2. now that we are full of unwanted backlinks is there any walkthrough to get rid of these?
thank you in advance
1. the non sef url is /?option=com_k2&view=itemlist&task=user&id=* (some user id at the end)
2. except of the dead pages that are still there even after deleting the users, the result is thousands of spam backlinks -which is bad for seo...
so
1. is there a way to block these links (/?option=com_k2&view=itemlist&task=user&id=) permanently or better disable them?
I can see- except of the spam users- even if iput the id of the super admin at the end of the link still there is a page...!! i don't want that
2. now that we are full of unwanted backlinks is there any walkthrough to get rid of these?
thank you in advance
The topic has been locked.
- Krikor Boghossian
- Offline
- Platinum Member
Less
More
- Posts: 15920
9 years 1 month ago #148659
by Krikor Boghossian
JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by Krikor Boghossian on topic spammers targetting /component/k2/itemlist/user/
You can try glenbovert's .htaccess solution to block access to a specific pattern of URLs.
JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
The topic has been locked.
- Slartibartfast
- Offline
- Junior Member
Less
More
- Posts: 25
9 years 1 month ago #148661
by Slartibartfast
Replied by Slartibartfast on topic spammers targetting /component/k2/itemlist/user/
Thank you for your answer. Here is a strange thing
the spam URL is ?option=com_k2&view=itemlist&task=user&id=(some number)
it doesn't include "index.php" but still joomla can recognize it.
in htaccess i can't put aURl starting with "?"
Same thing in sh404, it asks for index.php at the begging in order to create a redirect link
i also found out that every site that runs k2 returns a page when the url is /?option=com_k2&view=itemlist&task=user&id=somenumber
i really need help with this one
the spam URL is ?option=com_k2&view=itemlist&task=user&id=(some number)
it doesn't include "index.php" but still joomla can recognize it.
in htaccess i can't put aURl starting with "?"
Same thing in sh404, it asks for index.php at the begging in order to create a redirect link
i also found out that every site that runs k2 returns a page when the url is /?option=com_k2&view=itemlist&task=user&id=somenumber
i really need help with this one
The topic has been locked.
- Krikor Boghossian
- Offline
- Platinum Member
Less
More
- Posts: 15920
9 years 4 weeks ago #148663
by Krikor Boghossian
JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by Krikor Boghossian on topic spammers targetting /component/k2/itemlist/user/
You can start it with index.php?com_k2view=itemlist&task=user etc, add the SEF url as well (component/k2/itemlist/user/).
JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
The topic has been locked.
- nikola
- Offline
- New Member
Less
More
- Posts: 1
6 years 2 months ago #169063
by nikola
Replied by nikola on topic spammers targetting /component/k2/itemlist/user/
I have that same problem
The topic has been locked.
- JoomlaWorks
- Offline
- Admin
Less
More
- Posts: 6218
6 years 2 months ago #169064
by JoomlaWorks
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by JoomlaWorks on topic spammers targetting /component/k2/itemlist/user/
This is pretty common anywhere someone can create a profile page and add whatever spam HTML they want. E.g. in forum software. In K2 we resolved this sometime ago. Make sure you're using K2 latest and then set this option to "disabled": jmp.sh/pVtGSmF
This will make sure that no actual users, aka users without at least 1 K2 item created, are not able to display their profile pages.
This will make sure that no actual users, aka users without at least 1 K2 item created, are not able to display their profile pages.
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
The topic has been locked.