Apache-based Comment Spam Fix for Word Press and other software — works!

  • johncdvorak

    (@johncdvorak)


    18 years, 7 months ago

    I blogged this at http://www.dvorak.org

    Marc Perkel at ctyme.com – my host � was floored, he said, when he realized a simple command to the Apache software would kill most of it � and it does indeed work!

    Here is the short code running on the ctyme server for my dvorak.org using WordPress-based blogging software. Altering it for other blog software and other blogs should be simple for anyone running Apache.

    <Location /blog/wp-comments-newpost.php>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^.*dvorak.org/.*
    RewriteRule ^.* http://www.ctyme.com/comment-spam.html
    </Location>

    (this may not render correctly in this comment box — go to the blog to see it)

    Essentially it makes the basic condition for any post rigid: it has to be coming from a link within the blog itself, the “comment� link. Most spam does not.

    My spam count on the blog has dropped from 50-100 to 2 per day without any other tricks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • whooami

    (@whooami)

    18 years, 7 months ago

    yes its a good trick, .. I mentioned it 4 months ago (it fell on deaf ears)

    http://wordpress.org/support/topic/33646

    Ive been doing that for quite some time.

    Its ALSO a wonderful way to hide little tidbits of code that you dont want folks to have access to directly but still need to work. I use a similar rule for something like that as well.

    themarco

    (@themarco)

    18 years, 7 months ago

    That’s neat but it won’t take long before the spammers beat that because they can easily change their scripts to send the requested page in the referrer. I could write a script that spams your site in 10 minutes 😉

    As long as the spammers haven’t done this we’re ok. They’re not evolving all that fast really. Even Owen’s Spam Action still works fine. For those who don’t know it: It adds a <input type=”hidden” name=”osakey” value=”some_md5_hash” /> to your commentform which is then checked server-side. I could write a spamscript to bypass that as well in 10 minutes but I guess we’re lucky they’re stupid eh? 😉

    whooami

    (@whooami)

    18 years, 7 months ago

    TheMarco,

    I can use a simple windows program thats already sitting on my desktop to circumvent it – theres not even a need to write a script.

    the point, atleast I how Ive always seen it is to throw up roadblocks.. but thats another thread that already covered elsewhere.

    themarco

    (@themarco)

    18 years, 7 months ago

    You’re 100% right. I wasn’t saying it’s not good or anything. Just pointing out that these solutions are merely temporary, until they find a way around. I’m putting my money on (WP-)Hashcash or trivial questions in the comment form to prevent comment-spam. Those won’t be cracked for quite a while I think.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Apache-based Comment Spam Fix for Word Press and other software — works!’ is closed to new replies.