WordPress.org

1. richards1052
   Member
   Posted 6 years ago #

   I'm plagued periodically by floods of comments originating at various forum sites. I'm pretty sure there isn't yet a way to do this, but I wanted to try to plant the seed (for a plugin?) in someone's mind:

   I'd like to be able to ban anyone from commenting (or visiting?) who comes to my site from a specific url or domain. Let's say my commenter is coming to my post from http://www.exampleforum.com/discussions/thread.php?t=331697.

   I don't know the technical issues involved in this & perhaps it's not feasible. But it would sure work wonders for me in preventing blog assaults.

   To be clear, I don't mean that I want to ban commenters who use a specific domain or url in their comment ID info. I want to somehow connect the URL or domain they CAME FROM to preventing a comment.

   I don't think you can do this w. cPanelx. I know you can deny access by IP. But I don't believe you can deny access by domain...or can you?

2. Mark (podz)
   Support Maven
   Posted 6 years ago #

   You can ban, using .htaccess, by looking at the referring domain.
   I don't know enough about it to advise (a search at webmasterworld will turn stuff up).
   But
   If someone sees that happen, all they do is copy/paste the url into a fresh tab and your ban will not work.

   Banning by IP is also fairly pointless - it's very easy to work round.

   You've posted about this before so it is obviously a serious problem - have your host helped at all ? Is this hassle worth open commenting ?

3. tomhanna
   Member
   Posted 6 years ago #

   Given the amount of trouble you've been having and the seriousness of it, maybe you ought to consider requiring that commenters register.

4. richards1052
   Member
   Posted 6 years ago #

   Is this hassle worth open commenting ?

   Good question. The attacks come in waves (maybe once every 6-8 wks) & aren't regular. Usually, they don't last all that long (maybe 1-2 days). Then the trolls (w. a few malignant exceptions) move on to the next flavor of the month.

   Responding to Tomhanna's suggestion: I've got a philosophical problem w. mandatory registration. I think it would pretty much kill most commenting at my blog. Overall, maybe 1 out of 30 commenters are abusive. To use such a draconian solution for such a spotty problem doesn't seem the right way to go.

   Westi's working on an SpamKarma2-related plugin which will allow me to continue to use it for spam purposes while also allowing WP's comment moderation features to work as well. As soon as he's completed that I'll once again be able to force first time commenters into moderation (which will squelch 90% of the abusive comments). Right now, SK2 disables all of WP's comment settings which is a drag.

   I've had to choose bet. stopping spam & stopping abuse & I've chosen (for now) the former because there's a lot more comment spam than there is comment abuse.

5. richards1052
   Member
   Posted 6 years ago #

   Thanks Podz. You were right about webmasterworld.com. I found this thread:
   http://www.webmasterworld.com/forum92/258.htm
   which suggests using this mod_rewrite rule:

   RewriteCond %{HTTP_REFERER} xxx.com [NC,OR]
RewriteCond %{HTTP_REFERER} anotherdomain.com
RewriteRule .* - [F]

   You are also right that a stubborn stalker can work around this defense in the way you mention. Some stalkers are stubborn in this way, but some just want to make a propaganda point & aren't going to be bothered to figure out a way around your defense. My current unwanted ones are in this category I believe (& hope).

6. richards1052
   Member
   Posted 6 years ago #

   The solution above is causing a conflict w. other mod_rewite rules in my .htaccess files giving me 500 errors when I try to access anything fr. my site.

   A member of the HostDime.com forum suggested I use this php script to ban domain access:

   <?php
$urls[0]='http://www.domainreferring.com/page';
$urls[1]='http://domainaddressagainwithoutwww.com/page';
$ref=strtolower($_SERVER['HTTP_REFERER']);
$url='http://www.yourdomain.com/or where youwant themtogo.html';
if(!in_array($ref, $urls)){
header('Location: '.$url);
}
?>

   Can someone tell me which file/folder this should be installed in? Doesn't look like it goes in .htaccess since it's not a mod_rewrite rule, right?

7. Alex Mills (Viper007Bond)
   Moderator
   Posted 6 years ago #

   It's PHP. Drop it at the top of your header.php file in your theme folder.

8. richards1052
   Member
   Posted 6 years ago #

   Viper007Bond: Thanks for clarifying that.

   By "drop it at the top of the header.php file" do you mean placing it right after the 'DOCTYPE html' code which ends w. 'www.w3.org/1999/xhtml'?

   Can you tell me what the script would look like for multiple banned domains? Say, how would it look if I wanted to ban 2 separate domains? I'm envisioning a number of domains I might in future want to ban based on past experience (though I only want to ban one now).

   BTW, is there any way to see what ea. of my error pgs. says? I'm trying to figure out which one I should refer banned visitors to when they try to access my site.

Topic Closed

This topic has been closed to new replies.