Keyword

spammers targetting /component/k2/itemlist/user/

More
2 months 1 week ago #169531 by Roberto
Roberto replied the topic: spammers targetting /component/k2/itemlist/user/
I have the same problem.
I appreciate the last solution to set the new option, but this is only to prevent new hackering.

My site is already affected by this problem, I removed all the unwanted users, but the links are still there.
I need to block the unwanted links before they are elaborated by joomla, because they are a huge quantity and are creating a lot of traffic slowing my site.
In .htaccess I tested the solution suggested by Glenbovert above:
RewriteRule ^component/k2/itemlist/user/\d* - [F,L]

But I do not understand why it is not working.
I thought it should have to show an error page, instead the links are still elaborated by Joomla, showing a Joomla page and creating traffic.
Any suggestion ?
Thanks

Please Log in or Create an account to join the conversation.

  • Fotis
  • Fotis's Avatar
  • Offline
  • Administrator
  • JoomlaWorks Support Team
More
2 months 1 week ago #169532 by Fotis
Fotis replied the topic: spammers targetting /component/k2/itemlist/user/
If you are using the latest K2 release (v2.9.0) and have this option jmp.sh/4mwcBTa set to "Disabled" in K2 Parameters/Settings, then you won't have any issues.

Can you verify that's the case for you please?


If you use & love K2, please take a moment to add your review and rate it
at the Joomla Extensions Directory: extensions.joomla.org/extension/k2/


IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

Please Log in or Create an account to join the conversation.

More
2 months 1 week ago #169533 by Roberto
Roberto replied the topic: spammers targetting /component/k2/itemlist/user/
Hello
Thanks for your very fast reply.
Actually I am still using an old version (2.6.9), I will try to upgrade in couple of days and keep you informed about the results.
Thank you.

Please Log in or Create an account to join the conversation.

  • Fotis
  • Fotis's Avatar
  • Offline
  • Administrator
  • JoomlaWorks Support Team
More
2 months 1 week ago #169534 by Fotis
Fotis replied the topic: spammers targetting /component/k2/itemlist/user/
This feature was added in 2.7.0 or 2.7.1 if I recall correctly.


If you use & love K2, please take a moment to add your review and rate it
at the Joomla Extensions Directory: extensions.joomla.org/extension/k2/


IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

Please Log in or Create an account to join the conversation.

More
2 months 1 week ago #169552 by Roberto
Roberto replied the topic: spammers targetting /component/k2/itemlist/user/
Hello
A few hours ago we have upgraded
Joomla to 3.7.5
K2 to version 2.9.0
In Global Configuration / K2 / Advanced we changed Control-K2-User... to Enabled

The traffic problem seems improved a little, but it is still there.
When the site is on, the server registers a lot of I/O usage traffic, when it is off, the traffic is low.
This is a very simple site and its own normal traffic should be very low.

I think the I/O usage high rate is due to the elaboration of calls made by the spamming links that point to /component/k2/itemlist/user/
Even if user is not accessible, the link calls are using resources.
The spamming users had ID from 200 to about 450. I would like to block all of them in the .htaccess.
Let me know how I can stop them before they are elaborated by the system.

Thanks

Please Log in or Create an account to join the conversation.

  • Fotis
  • Fotis's Avatar
  • Offline
  • Administrator
  • JoomlaWorks Support Team
More
2 months 1 week ago #169554 by Fotis
Fotis replied the topic: spammers targetting /component/k2/itemlist/user/
This is a simple redirect. No items are retrieved. The user ID is picked by the URL. It's quite fast.

Your bottleneck is somewhere else.

Since you know the URL pattern, it won't be difficult to figure out a regex in .htaccess or Nginx rules to block or redirect it. But it's really out of the scope of the support we provide here as it's not a bug in K2.


If you use & love K2, please take a moment to add your review and rate it
at the Joomla Extensions Directory: extensions.joomla.org/extension/k2/


IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

Please Log in or Create an account to join the conversation.

More
2 months 1 week ago #169556 by Roberto
Roberto replied the topic: spammers targetting /component/k2/itemlist/user/
I agree with you only in part.
If it was not because of k2, I am not in this situation.

Please Log in or Create an account to join the conversation.

  • Fotis
  • Fotis's Avatar
  • Offline
  • Administrator
  • JoomlaWorks Support Team
More
2 months 1 week ago #169557 by Fotis
Fotis replied the topic: spammers targetting /component/k2/itemlist/user/
Spammers will always find creative ways to spread URLs. K2 does have a solution for that unlike other extensions (e.g Kunena - where we delete spammers EVERY day).

You don't say that K2's solution does not work. You say it causes load to your server as a side-effect. I disagree and I explained why. Your problem could be some 3rd party system plugin, did you consider that?


If you use & love K2, please take a moment to add your review and rate it
at the Joomla Extensions Directory: extensions.joomla.org/extension/k2/


IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

Please Log in or Create an account to join the conversation.

More
1 month 2 weeks ago #169877 by Roberto
Roberto replied the topic: spammers targetting /component/k2/itemlist/user/
I want to share my experience because now I found the solution to my problem.
Fotis, you are right, K2 was only one of my problems and it was settled controlling better the access of users, hackers continue trying to login, but they are stopped.

My second problem that was increasing I/O usage, in my case, was the System Cache setting.
I changed from Progressive Caching to Conservative Caching and the result is a huge benefit, now I have very low I/O usage.

I have still a doubt about K2 Option Parameter setting.
Please confirm again that Control K2 User Profile have to be setted DISABLED, as specified in your former note.
The program help note is not very clear and seems to lead to a different understanding.

Thanks

Please Log in or Create an account to join the conversation.

  • Fotis
  • Fotis's Avatar
  • Offline
  • Administrator
  • JoomlaWorks Support Team
More
1 month 2 weeks ago #169893 by Fotis
Fotis replied the topic: spammers targetting /component/k2/itemlist/user/
Disabled is what you want.


If you use & love K2, please take a moment to add your review and rate it
at the Joomla Extensions Directory: extensions.joomla.org/extension/k2/


IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

Please Log in or Create an account to join the conversation.

Moderators: william white