Keyword

spammers targetting /component/k2/itemlist/user/

  • glenbovert
  • glenbovert's Avatar Topic Author
  • Offline
  • New Member
More
3 years 4 weeks ago #147715 by glenbovert
glenbovert created the topic: spammers targetting /component/k2/itemlist/user/
Hi I have a problem.

On my website I don't have a login or comments. But because joomla sets registrations on yes as default, spammers filled up the user box with thousands. they don't seem many rights, so I deleted them all and set the registration to no. This solved the problem of users coming in.

There are still a lot of spammers though targetting /component/k2/itemlist/user/

what happens is that from spam sites they make a redirect to my site, for example:

www.epopular.com.sg/dynamic/offsite.php?site=http://big5.icbc-ltd.com/gate/big5/ [[/color]color=#0000FF] www.lwbsmile.nl/component/k2/itemlist/user/1567 [/color]

the red part is the spam part, the rest is from my site. It still generates a page.. They can't login.. see link.
www.epopular.com.sg/dynamic/offsite.php?site=http://big5.icbc-ltd.com/gate/big5/www.lwbsmile.nl/component/k2/itemlist/user/1567

Two question:

1 - How serious is this? Did they hack k2? Or is it just spam?

2- How can I solve this? I wanted to remove the path " component/k2/itemlist/user/*" all together, but it does not seem to be a path in my folders, or I can't find it. Another solution would be to restrict access to that path. But again I am not sure how?

Could you please give me advice on how I can solve this? the traffic from that spammers is not nice.

Thank you in advance.

Kevin

to do so i have to restrict the path i think, but I can't seem to figure out how, because component/k2/itemlist/user I can't find in the folders.

Please Log in or Create an account to join the conversation.

More
3 years 4 weeks ago #147736 by Krikor Boghossian
Krikor Boghossian replied the topic: spammers targetting /component/k2/itemlist/user/
The /component/k2/itemlist/user/ pattern shows you that these links are from spammers who signed up for your site.
Removing these (Joomla!) users will remove these links as well.

IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

---
JoomlaWorks
www.joomlaworks.net/

Please Log in or Create an account to join the conversation.

  • glenbovert
  • glenbovert's Avatar Topic Author
  • Offline
  • New Member
More
3 years 4 weeks ago #147777 by glenbovert
glenbovert replied the topic: spammers targetting /component/k2/itemlist/user/
No it does not remove them, robots will still go to the link, and the link is still accessible.. you still get traffic from them and as you can see on the link i provided they made internal links from there websites to my site. Not nice with all the crap that is out there. As I pointed out in my message, all users were already deleted. Still the k2 link is accessible.

But I found the answer, and because I am not the only one who will have this problem, this might solve it for others too, if you don't make use of comments, logins, users in your site.. You can make the link forbidden in your .htaccess file.

RewriteRule ^component/k2/itemlist/user/\d* - [F,L]

Have a good spammer free day ;-)

Please Log in or Create an account to join the conversation.

More
3 years 4 weeks ago #147785 by Krikor Boghossian
Krikor Boghossian replied the topic: spammers targetting /component/k2/itemlist/user/
Your users won't be able to access your own user page if it is not mapped into a menu item. It could lead to issues even then.

If you are not using this view then you can safely use this method.

IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

---
JoomlaWorks
www.joomlaworks.net/

Please Log in or Create an account to join the conversation.

More
3 years 1 day ago #148653 by Slartibartfast
Slartibartfast replied the topic: spammers targetting /component/k2/itemlist/user/
Hi, i have the exact same problem and i want to point two important things
1. the non sef url is /?option=com_k2&view=itemlist&task=user&id=* (some user id at the end)
2. except of the dead pages that are still there even after deleting the users, the result is thousands of spam backlinks -which is bad for seo...

so
1. is there a way to block these links (/?option=com_k2&view=itemlist&task=user&id=) permanently or better disable them?
I can see- except of the spam users- even if iput the id of the super admin at the end of the link still there is a page...!! i don't want that

2. now that we are full of unwanted backlinks is there any walkthrough to get rid of these?

thank you in advance

Please Log in or Create an account to join the conversation.

More
3 years 14 hours ago #148659 by Krikor Boghossian
Krikor Boghossian replied the topic: spammers targetting /component/k2/itemlist/user/
You can try glenbovert's .htaccess solution to block access to a specific pattern of URLs.

IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

---
JoomlaWorks
www.joomlaworks.net/

Please Log in or Create an account to join the conversation.

More
3 years 13 hours ago #148661 by Slartibartfast
Slartibartfast replied the topic: spammers targetting /component/k2/itemlist/user/
Thank you for your answer. Here is a strange thing
the spam URL is ?option=com_k2&view=itemlist&task=user&id=(some number)
it doesn't include "index.php" but still joomla can recognize it.
in htaccess i can't put aURl starting with "?"
Same thing in sh404, it asks for index.php at the begging in order to create a redirect link

i also found out that every site that runs k2 returns a page when the url is /?option=com_k2&view=itemlist&task=user&id=somenumber

i really need help with this one

Please Log in or Create an account to join the conversation.

More
3 years 12 hours ago #148663 by Krikor Boghossian
Krikor Boghossian replied the topic: spammers targetting /component/k2/itemlist/user/
You can start it with index.php?com_k2view=itemlist&task=user etc, add the SEF url as well (component/k2/itemlist/user/).

IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

---
JoomlaWorks
www.joomlaworks.net/

Please Log in or Create an account to join the conversation.

More
1 month 1 week ago #169063 by nikola
nikola replied the topic: spammers targetting /component/k2/itemlist/user/
I have that same problem

Please Log in or Create an account to join the conversation.

  • Fotis
  • Fotis's Avatar
  • Offline
  • Administrator
  • JoomlaWorks Support Team
More
1 month 1 week ago #169064 by Fotis
Fotis replied the topic: spammers targetting /component/k2/itemlist/user/
This is pretty common anywhere someone can create a profile page and add whatever spam HTML they want. E.g. in forum software. In K2 we resolved this sometime ago. Make sure you're using K2 latest and then set this option to "disabled": jmp.sh/pVtGSmF

This will make sure that no actual users, aka users without at least 1 K2 item created, are not able to display their profile pages.


If you use & love K2, please take a moment to add your review and rate it
at the Joomla Extensions Directory: extensions.joomla.org/extension/k2/


IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

Please Log in or Create an account to join the conversation.

Moderators: william white