WordPress.org

Ready to get started?Download WordPress

Forums

Anti-spam feature: IP limits? (6 posts)

  1. mmoncur
    Member
    Posted 9 years ago #

    After reading a few reports like this where people are getting thousands of spams from the same IP, I think WordPress needs the ability to limit the number of posts per IP.
    For example, limit 4 posts per IP per day. This would cut massive spam runs short and wouldn't harm most users...
    maybe I'll write a plug-in.

  2. NuclearMoose
    Member
    Posted 9 years ago #

    http://mookitty.co.uk/devblog/
    Check out Kitten's Spam tools. They are excellent, and you can use them to quickly and easily add IP addresses, keywords, and email addresses to the spam words list.

  3. mmoncur
    Member
    Posted 9 years ago #

    That looks helpful, but doesn't offer the feature I was talking about. What I want is a set limit on the number of comments any one IP can post.
    The scenario: While I'm out of town, a spammer tries to post 2,000 comments. Their first 5 post just fine (unless another spam tool catches them) and the rest are automatically blocked.

  4. Mark (podz)
    Support Maven
    Posted 9 years ago #

    Set that if a single link is put into a comment, then the comment automatically goes into moderation.
    You could restrict repeat comments by having a time limit, but otherwise, I really would use Kitten's plugin.
    Is a person is doing it, once they see that they are having no effect, they will move to another blog.
    Kitten's plugin also makes it very very easy to mass delete and then block that IP etc.
    http://photomatt.net/2004/08/13/tramadol-attack/

  5. mmoncur
    Member
    Posted 9 years ago #

    Actually it looks like WP is a step ahead of me. From wp-comments-post.php:

    // Simple flood-protection
    $lasttime = $wpdb->get_var("SELECT comment_date FROM $tablecomments WHERE comment_author_IP = '$user_ip' ORDER BY comment_date DESC LIMIT 1");
    if (!empty($lasttime)) {
    $time_lastcomment= mysql2date('U', $lasttime);
    $time_newcomment= mysql2date('U', $now);
    if (($time_newcomment - $time_lastcomment) < 10)
    die( __('Sorry, you can only post a new comment once every 10 seconds. Slow down cowboy.') );
    }

    So setting this to every 5 minutes or so instead of 10 seconds would put a serious crimp in these attacks...

  6. Mark (podz)
    Support Maven
    Posted 9 years ago #

    You could also add Comment Preview.
    http://weblogtoolscollection.com/archives/2004/05/20/coment-preview-for-wordpress-12/
    I think the thing about an individual site is to just make another site look more attractive for the people that do this.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.