OpenID Login being Spammed - Either Update OpenID Library or Remove it from Geeklog #653
Comments
eSilverStrike
added
the
Bug
|
OpenID libraries shipped with Geeklog were created in 2005 and haven't been updated. How about reviewing them with Geeklog 2.2.0 or later? |
|
I agree. Maybe we should even consider removing OpenID? Not sure who uses it anymore. Live Journal Authentication #689 is also scheduled to be removed. |
|
Spam seems to be increasing on Geeklog.net in regards to this opened error. The error log is filled with the above errors |
|
How about disabling OpenID login feature temporarily on geeklog.net? |
|
There is also OpenID Connect which our OAuth class currently supports (but is unused by Geeklog): https://www.phpclasses.org/blog/package/7700/post/12-Faster-PHP-Social-Login-with-a-PHP-OpenID-Connect-PHP-OAuth-Library.html It's not the same thing but something to think about if/when we drop OpenID |
eSilverStrike
changed the title
eSilverStrike
added
Improvement
I noticed in the Geeklog error file that are OpenID feature is being spammed somehow with piles of different urls. We should see if we can block these fake attempts.
Mon Jan 11 14:20:19 2016 - 61.93.246.59 - Unable to find an OpenID server for the identity URL http://www.bedrettinyildirim.com.tr/?option=com_k2&view=itemlist&task=user&id=432494
Mon Jan 11 14:34:51 2016 - 187.160.129.67 - Unable to find an OpenID server for the identity URL http://www.comprayvende.cl/author/maryellenco/
Mon Jan 11 18:24:46 2016 - 185.104.219.211 - Unable to find an OpenID server for the identity URL https://plus.google.com/103816658567740702932/videos
Mon Jan 11 18:40:30 2016 - 187.161.150.76 - Unable to find an OpenID server for the identity URL http://jointpainrelief.knowledu.com
The text was updated successfully, but these errors were encountered: