Closed (won't fix)
Project:
Fivestar
Version:
6.x-1.19
Component:
Code
Priority:
Major
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
21 Jan 2011 at 13:56 UTC
Updated:
4 Mar 2014 at 08:13 UTC
Jump to comment: Most recent
I'll try to explain this mystery with as much detail as I have, pardon if it gets long.
I've been having issues with voting API / Fivestar as queries counting votes to nodes have been locking up. I've treid adding indexes and that sort of thing, but it didn't help.
Last night I decided to do a voodoo-shake, that is delete it all and let a reinstall sort it out. So I shut off votingapi and fivestar, and uninstalled. Before I did this I saved my votingapi_vote and other related tables to make sure I didn't loose any legit votes.
I installed the modules again -but did not set them up that is they did not appear on any node types at this time (!!)- now with fresh tables, ad went about my business importing only the data (not table structure) from my backup. As I insrted this I get the "duplicate entry" error.
I checked the table in mysql select * from votingapi_vote; and it spat back 600 entries. Wait, what? Voting and fivestar aren't turned on/configured on nodes yet, how can someone be voting, that must be a mistake I thought and just ran select * from votingapi_vote; whereby it spat back 800 votes. Scuse me? select * from votingapi_vote; and now it gave me 900 votes. Clearly non-humans were voting en masse, this was happening within a minute.
Here's the really interesting part, I dumped those 800-odd votes to see where these bots came from and they're 66.249.71.97 and 67.195.112.98 are showing up most often. That's Google and Yahoo folks. Friendly bots... who are voting?
I've turned off anonymous voting and only add the total vote data at crontime now, but the question is, how can google and yahoo vote - and how did they do it when the fivestar widget wasn't even appearing on the node pages?
Ha anyone else seen anything like it. My previous settings were to allow anonymous voting, and tally vote total at voting time, which became quite the hassle for the server when bots voted on every page they visited.
(should I try a dev version? Got: ; version = "6.x-1.19")
Comments
Comment #1
Rhino commentedMinor correction (though I wish I could correct all those typos) - the biggest voting sinner is 64.74.254.21 who I see now was responsible for 1400 votes in less than a minute. I can not find any information on who owns that IP.
http://whois.domaintools.com/64.74.254.21
Comment #2
Rhino commentedI take it nobody else has seen this phenomena?
Comment #3
Rhino commentedThis is getting stranger. Just now, despite having "anonymous voting" set to OFF - I received 72 votes on a new post in less than a minute - now that I don't tally votes until cron time, this isn't a server-crashing issue as it was, but I find it very strange that they *can* vote at all. Especially when 72 people haven't read that page yet according to counter.
Since anonymous mass-voting cause many locked tables which eventually crash a server, I'm upping this to major, hope that's OK.
Comment #4
queryblitz commentedJust one question: how are they voting? Like, one star, two, five? Just curious as to Google's taste in content. jk.
Comment #5
Rhino commentedVaries, and I see no particular pattern in it. :)
(this is a bit choppy, ignore the beginning where I've mucked up the node number - the number before percent is the vote %)
(156('','node',150594,50,'percent','vote',0,1295578754,'64.74.254.21'),
(157('','node',108838,91,'percent','vote',0,1295578754,'64.74.254.21'),
(158('','node',108860,84,'percent','vote',0,1295578754,'64.74.254.21'),
(159('','node',108829,94,'percent','vote',0,1295578754,'64.74.254.21'),
(160('','node',108854,87,'percent','vote',0,1295578754,'64.74.254.21'),
(161('','node',108839,96,'percent','vote',0,1295578754,'64.74.254.21'),
(162('','node',108843,76,'percent','vote',0,1295578754,'64.74.254.21'),
(163('','node',108853,88,'percent','vote',0,1295578754,'64.74.254.21'),
(164('','node',108837,95,'percent','vote',0,1295578754,'64.74.254.21'),
(165('','node',108822,86,'percent','vote',0,1295578755,'64.74.254.21'),
(166('','node',108845,55,'percent','vote',0,1295578755,'64.74.254.21'),
(167('','node',108852,55,'percent','vote',0,1295578755,'64.74.254.21'),
(168('','node',108836,84,'percent','vote',0,1295578755,'64.74.254.21'),
(169('','node',108847,61,'percent','vote',0,1295578755,'64.74.254.21'),
(170('','node',108851,99,'percent','vote',0,1295578755,'64.74.254.21'),
(171('','node',108824,57,'percent','vote',0,1295578755,'64.74.254.21'),
(172('','node',108846,83,'percent','vote',0,1295578755,'64.74.254.21'),
(173('','node',108629,92,'percent','vote',0,1295578756,'64.74.254.21'),
(174('','node',108832,79,'percent','vote',0,1295578756,'64.74.254.21'),
(175('','node',108842,50,'percent','vote',0,1295578756,'64.74.254.21'),
(176('','node',108849,89,'percent','vote',0,1295578756,'64.74.254.21'),
(177('','node',108831,74,'percent','vote',0,1295578756,'64.74.254.21'),
(178('','node',108856,58,'percent','vote',0,1295578756,'64.74.254.21'),
Comment #6
queryblitz commented64.74.254.21 goes to OVguide.com. Here's some info about the IP. Apparently, it's hosted on domaincontrol.com, which is registered to wildwestdomains.com, which is hosted on secureserver.net, which is registered to Special Domain Services, Inc. Anyway nothing related to Google or Yahoo. They shouldn't be indexing your site, or voting on your content.
edit: Apparently OVguide does index sites. Perhaps you or someone else has submitted your site to them. Here's their contact page to request removal: http://www.ovguide.com/info/contact
That is really weird that there's no apparent pattern. I don't know how robots crawl but you'd think there'd be some consistency.
Comment #7
EvanDonovan commentedSounds like some kind of CAPTCHA is needed on the widget to confirm anonymous votes, but I think that would be a feature request, not a bug.
Don't know about how they could do it when it wasn't set to show up - possibly they were seeing a different version of the page (page caching?).
Comment #8
queryblitz commentedThat's what I was going to suggest but it almost sounds like the votes must be generated by your own server. Do you have a shared hosting account?
Comment #9
Dabitch commentedHey
No shared hosting account, but it's possible they saw a cached page as I use both cloud files and cloud server, and caching was done on several levels.
Still haven't figured out how that voting went crazy, haven't seen the phenomena since. I now allow anonymous voting again and it's not happened since.
Comment #10
erikwegner commentedHey Rhino,
I also had the problem, that many many ratings occured. Worst of all, all ratings were given with one star :-(
My votes came from a Swedish internet provider, nearly 2,500 rates on different nodes. It also sounds like http://drupal.org/node/192059.
Comment #11
MPankau commentedI just experienced this as well. Turns out my host was having some penetration testing done on their datacenter and some script the tester used rated everything as a 1, trying to break it or get in some how. I just went into the SQL table, deleted all the ratings from that particular IP and moved on.
A report/view within drupal would be handy here. I guess that is what Views is for though!
Comment #12
whiteph commentedWe can no longer support the Drupal 6 version of Fivestar. It is in security maintenance mode only. When the Drupal 8 version of Fivestar is released, the Drupal 6 version will be officially deprecated.
Comment #13
whiteph commentedSee Help testing Drupal 6 patches.