openid_temp table storing a lot of spam?

[Michael]

Was curious about the health of my database and so I searched for which tables in my database were the biggest in terms of total size of data storage. Saw that the openid_temp table was one of the biggest tables on my site, which surprised me since I only enabled the OpenID login method as an afterthought. Checking that table out I see that on my small site it has nearly 10,000 rows of data in it, and is a few MB in size. Browsing the contents of the table, I see what looks to me like a ton of spam URLs.

Is there any benefit to maybe doing something like pruning this table as part of a task? Certainly, there shouldn't be any need to keep these junk signing attempts, should there? The only thing that concerns me about throwing together a quick script for that is that it unfortunately isn't storing the timestamp of when the row was inserted into the table, as you'd probably want to prune all items older than X days.

Should I not even worry about this data, or is it something that you might want to look into shoring up in a future version?

[Amy T]

I just looked at mine and wow there are some pretty funny url's in there.
Considering my new site went live yesterday I am surprised by the amount as well.

[*Salvo*]

And mine too--
Do you know a way to clean that table? I have only porn websites :blush: recorded on those rows..

[bfarber]

You can truncate the table periodically if you want.

3.1.3 added a key to the login form to prevent the spam login attempts via OpenID, so this shouldn't be a big issue moving forward.

Ref: http://community.invisionpower.com/tracker/issue-24346-ipbotnet-through-openid-in-ipboard/

[Amy T]

I am using 3.1.4, that is the one I started with.

So if it was fixed in 3.1.3 why was it unfixed in 3.1.4? Unless I understand wrong.

[Michael]

You can truncate the table periodically if you want.

3.1.3 added a key to the login form to prevent the spam login attempts via OpenID, so this shouldn't be a big issue moving forward.

Ref: http://community.invisionpower.com/tracker/issue-24346-ipbotnet-through-openid-in-ipboard/

Thanks :)

[bfarber]

I am using 3.1.4, that is the one I started with.

So if it was fixed in 3.1.3 why was it unfixed in 3.1.4? Unless I understand wrong.

Keep in mind, it's entirely possible for HUMANS to still go to the OpenID form and put in a spam URL. The fix would only stop automated bots from doing it.

If you are facing any issues you are free to submit a ticket.

[Amy T]

Nah not to big an issue. I just noticed after this topic was made about there being spam in there.
I will just empty the table every so often.

[*Salvo*]

Is it a big loss if one disable the OpenId?
Second answer:
Is this the query?

TRUNCATE TABLE pref_openid_temp;

where pref_ is the prefix of the table?

[bfarber]

Is it a big loss if one disable the OpenId?

Second answer:

Is this the query?

TRUNCATE TABLE pref_openid_temp;

where pref_ is the prefix of the table?

1) No one can answer but you. :)

2) Yes, that is the query. Or just "DELETE FROM pref_openid_temp;"