Forums

WordPress › Support » Plugins and Hacks

Apache-based Comment Spam Fix for Word Press and other software -- works! (5 posts)

  1. johncdvorak
    Member
    Posted 6 years ago #

    I blogged this at http://www.dvorak.org --

    Marc Perkel at ctyme.com – my host � was floored, he said, when he realized a simple command to the Apache software would kill most of it � and it does indeed work!

    Here is the short code running on the ctyme server for my dvorak.org using WordPress-based blogging software. Altering it for other blog software and other blogs should be simple for anyone running Apache.

    <Location /blog/wp-comments-newpost.php>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^.*dvorak.org/.*
    RewriteRule ^.* http://www.ctyme.com/comment-spam.html
    </Location>

    (this may not render correctly in this comment box -- go to the blog to see it)

    Essentially it makes the basic condition for any post rigid: it has to be coming from a link within the blog itself, the “comment� link. Most spam does not.

    My spam count on the blog has dropped from 50-100 to 2 per day without any other tricks.

  2. whooami
    Member
    Posted 6 years ago #

    yes its a good trick, .. I mentioned it 4 months ago (it fell on deaf ears)

    http://wordpress.org/support/topic/33646

    Ive been doing that for quite some time.

    Its ALSO a wonderful way to hide little tidbits of code that you dont want folks to have access to directly but still need to work. I use a similar rule for something like that as well.

  3. TheMarco
    Member
    Posted 6 years ago #

    That's neat but it won't take long before the spammers beat that because they can easily change their scripts to send the requested page in the referrer. I could write a script that spams your site in 10 minutes ;)

    As long as the spammers haven't done this we're ok. They're not evolving all that fast really. Even Owen's Spam Action still works fine. For those who don't know it: It adds a <input type="hidden" name="osakey" value="some_md5_hash" /> to your commentform which is then checked server-side. I could write a spamscript to bypass that as well in 10 minutes but I guess we're lucky they're stupid eh? ;)

  4. whooami
    Member
    Posted 6 years ago #

    TheMarco,

    I can use a simple windows program thats already sitting on my desktop to circumvent it - theres not even a need to write a script.

    the point, atleast I how Ive always seen it is to throw up roadblocks.. but thats another thread that already covered elsewhere.

  5. TheMarco
    Member
    Posted 6 years ago #

    You're 100% right. I wasn't saying it's not good or anything. Just pointing out that these solutions are merely temporary, until they find a way around. I'm putting my money on (WP-)Hashcash or trivial questions in the comment form to prevent comment-spam. Those won't be cracked for quite a while I think.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags