- Posts: 6
COMMUNITY FORUM
spammers targetting /component/k2/itemlist/user/
- Roberto
-
- Offline
- New Member
Less
More
6 years 1 month ago #169531
by Roberto
Replied by Roberto on topic spammers targetting /component/k2/itemlist/user/
I have the same problem.
I appreciate the last solution to set the new option, but this is only to prevent new hackering.
My site is already affected by this problem, I removed all the unwanted users, but the links are still there.
I need to block the unwanted links before they are elaborated by joomla, because they are a huge quantity and are creating a lot of traffic slowing my site.
In .htaccess I tested the solution suggested by Glenbovert above:
RewriteRule ^component/k2/itemlist/user/\d* - [F,L]
But I do not understand why it is not working.
I thought it should have to show an error page, instead the links are still elaborated by Joomla, showing a Joomla page and creating traffic.
Any suggestion ?
Thanks
I appreciate the last solution to set the new option, but this is only to prevent new hackering.
My site is already affected by this problem, I removed all the unwanted users, but the links are still there.
I need to block the unwanted links before they are elaborated by joomla, because they are a huge quantity and are creating a lot of traffic slowing my site.
In .htaccess I tested the solution suggested by Glenbovert above:
RewriteRule ^component/k2/itemlist/user/\d* - [F,L]
But I do not understand why it is not working.
I thought it should have to show an error page, instead the links are still elaborated by Joomla, showing a Joomla page and creating traffic.
Any suggestion ?
Thanks
The topic has been locked.
- JoomlaWorks
-
- Offline
- Admin
Less
More
- Posts: 6218
6 years 1 month ago #169532
by JoomlaWorks
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by JoomlaWorks on topic spammers targetting /component/k2/itemlist/user/
If you are using the latest K2 release (v2.9.0) and have this option jmp.sh/4mwcBTa set to "Disabled" in K2 Parameters/Settings, then you won't have any issues.
Can you verify that's the case for you please?
Can you verify that's the case for you please?
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
The topic has been locked.
- Roberto
-
- Offline
- New Member
Less
More
- Posts: 6
6 years 1 month ago #169533
by Roberto
Replied by Roberto on topic spammers targetting /component/k2/itemlist/user/
Hello
Thanks for your very fast reply.
Actually I am still using an old version (2.6.9), I will try to upgrade in couple of days and keep you informed about the results.
Thank you.
Thanks for your very fast reply.
Actually I am still using an old version (2.6.9), I will try to upgrade in couple of days and keep you informed about the results.
Thank you.
The topic has been locked.
- JoomlaWorks
-
- Offline
- Admin
Less
More
- Posts: 6218
6 years 1 month ago #169534
by JoomlaWorks
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by JoomlaWorks on topic spammers targetting /component/k2/itemlist/user/
This feature was added in 2.7.0 or 2.7.1 if I recall correctly.
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
The topic has been locked.
- Roberto
-
- Offline
- New Member
Less
More
- Posts: 6
6 years 1 month ago #169552
by Roberto
Replied by Roberto on topic spammers targetting /component/k2/itemlist/user/
Hello
A few hours ago we have upgraded
Joomla to 3.7.5
K2 to version 2.9.0
In Global Configuration / K2 / Advanced we changed Control-K2-User... to Enabled
The traffic problem seems improved a little, but it is still there.
When the site is on, the server registers a lot of I/O usage traffic, when it is off, the traffic is low.
This is a very simple site and its own normal traffic should be very low.
I think the I/O usage high rate is due to the elaboration of calls made by the spamming links that point to /component/k2/itemlist/user/
Even if user is not accessible, the link calls are using resources.
The spamming users had ID from 200 to about 450. I would like to block all of them in the .htaccess.
Let me know how I can stop them before they are elaborated by the system.
Thanks
A few hours ago we have upgraded
Joomla to 3.7.5
K2 to version 2.9.0
In Global Configuration / K2 / Advanced we changed Control-K2-User... to Enabled
The traffic problem seems improved a little, but it is still there.
When the site is on, the server registers a lot of I/O usage traffic, when it is off, the traffic is low.
This is a very simple site and its own normal traffic should be very low.
I think the I/O usage high rate is due to the elaboration of calls made by the spamming links that point to /component/k2/itemlist/user/
Even if user is not accessible, the link calls are using resources.
The spamming users had ID from 200 to about 450. I would like to block all of them in the .htaccess.
Let me know how I can stop them before they are elaborated by the system.
Thanks
The topic has been locked.
- JoomlaWorks
-
- Offline
- Admin
Less
More
- Posts: 6218
6 years 1 month ago #169554
by JoomlaWorks
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by JoomlaWorks on topic spammers targetting /component/k2/itemlist/user/
This is a simple redirect. No items are retrieved. The user ID is picked by the URL. It's quite fast.
Your bottleneck is somewhere else.
Since you know the URL pattern, it won't be difficult to figure out a regex in .htaccess or Nginx rules to block or redirect it. But it's really out of the scope of the support we provide here as it's not a bug in K2.
Your bottleneck is somewhere else.
Since you know the URL pattern, it won't be difficult to figure out a regex in .htaccess or Nginx rules to block or redirect it. But it's really out of the scope of the support we provide here as it's not a bug in K2.
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
The topic has been locked.
- Roberto
-
- Offline
- New Member
Less
More
- Posts: 6
6 years 1 month ago #169556
by Roberto
Replied by Roberto on topic spammers targetting /component/k2/itemlist/user/
I agree with you only in part.
If it was not because of k2, I am not in this situation.
If it was not because of k2, I am not in this situation.
The topic has been locked.
- JoomlaWorks
-
- Offline
- Admin
Less
More
- Posts: 6218
6 years 1 month ago #169557
by JoomlaWorks
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by JoomlaWorks on topic spammers targetting /component/k2/itemlist/user/
Spammers will always find creative ways to spread URLs. K2 does have a solution for that unlike other extensions (e.g Kunena - where we delete spammers EVERY day).
You don't say that K2's solution does not work. You say it causes load to your server as a side-effect. I disagree and I explained why. Your problem could be some 3rd party system plugin, did you consider that?
You don't say that K2's solution does not work. You say it causes load to your server as a side-effect. I disagree and I explained why. Your problem could be some 3rd party system plugin, did you consider that?
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
The topic has been locked.
- Roberto
-
- Offline
- New Member
Less
More
- Posts: 6
6 years 4 weeks ago #169877
by Roberto
Replied by Roberto on topic spammers targetting /component/k2/itemlist/user/
I want to share my experience because now I found the solution to my problem.
Fotis, you are right, K2 was only one of my problems and it was settled controlling better the access of users, hackers continue trying to login, but they are stopped.
My second problem that was increasing I/O usage, in my case, was the System Cache setting.
I changed from Progressive Caching to Conservative Caching and the result is a huge benefit, now I have very low I/O usage.
I have still a doubt about K2 Option Parameter setting.
Please confirm again that Control K2 User Profile have to be setted DISABLED, as specified in your former note.
The program help note is not very clear and seems to lead to a different understanding.
Thanks
Fotis, you are right, K2 was only one of my problems and it was settled controlling better the access of users, hackers continue trying to login, but they are stopped.
My second problem that was increasing I/O usage, in my case, was the System Cache setting.
I changed from Progressive Caching to Conservative Caching and the result is a huge benefit, now I have very low I/O usage.
I have still a doubt about K2 Option Parameter setting.
Please confirm again that Control K2 User Profile have to be setted DISABLED, as specified in your former note.
The program help note is not very clear and seems to lead to a different understanding.
Thanks
The topic has been locked.
- JoomlaWorks
-
- Offline
- Admin
Less
More
- Posts: 6218
6 years 4 weeks ago #169893
by JoomlaWorks
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
Replied by JoomlaWorks on topic spammers targetting /component/k2/itemlist/user/
Disabled is what you want.
Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)
The topic has been locked.