I think it’d be worth doing. I take it this Texas Holdem bot struck everyone today, eh?
Yah – me and four of the five other blogs I host.
So what is the fix for the “Texas Holdem”.
A fairly effective method seems to be to change your wp-comments-post.php file name to something else (as well as change the comments form input names as well) and then change (I think two) core WP files to allow for the changes you made. Since I’ve done that, the amount of spam I get has been reduced drastically. Then of course, you can rely on a blacklist as your second line of defence. Which is what I do – but I’ve also put a spider trap in the middle to catch any spiders which still try to use the old wp-comments-post.php file and ban their IPs.
I got hit by this bot 2,000 times in 3 days. I blocked all of it by Kitten’s spam comments (Big Thank You to MooKitty).
I would love to have a centralized service but I have found relying on another’s server is not always optimal because it may go down or be overrun by bandwidth. Although if the service was hosted here on WP.org it might work quite well.
I think it would be great if you could sync your local blacklist with the hosted blacklist.
I think that’s what they were talking about bambam… a central server that items could be submitted to, and new data downloaded locally. Sounds like a good idea.
TG
Sounds like a good idea to me. A regularly updated XML file would do the trick. Then just have the plugin download a new XML file every day or by request (to alivieate server load).
But how would you deal with people submitting bogus information (real posters)?
Yah I have been putting a lot of thought into the whole process and I think ultimatly it’d be an interesting experiment but it would never be perfect. I think with the strength of thousands of people supplying data it could work really well but folk would get caught in the cross fire by people not being careful with what they submit. I guess it wouldn’t be to hard to rank offenders if you actually apply some arbitrary rules to the whole thing.
A good example would be the fact that a big attack like this Texas Holdem thing would wind up getting reported time and time again and ultimatly there would be a pattern – we’d see that this occured x number of times over a period of time and would be able to ban that comments from that source for an extended period of time, a solitary poster who just happened to piss somebody off might get an arbitrary day or two. Its worth thought at any rate – with some kind of ranking in terms of the threat level users could potentially set a tolerance level for what they will allow and what they will not.
As for stability and uptime, I think if this worked and became popular we could setup mirrors or have a minor network of server sharing the load – I certainly don’t have the infrastructure to handle it alone and I’d welcome any suggestions on how this can be handled.
Either way I have been looking for something that I can work on project wise so I think I’ll just go ahead and do it however I’d like input and suggestions and so on, on a regular basis to ensure that at least on paper we my time is spent producing something that people will actually want to use.
You would have to do some kind of bandwidth limiting, no matter your fleet of servers (because that’s what you’d need) you can’t sustain hundreds of thousands of hits per second on the same file constantly.
If you developed a smart algorithm for getting rid of rouge submissions it could work. Maybe if you had to register, and you check the submissions by IP of blog and IP os poster, compare those to overall and give it mandatory X submissions before it’s on the blacklist. It wouldn’t be too bad, might take a night to develop the formula. In fact, the whole project is going to be pretty easy to make if someone makes it, the hard part is going to be putting it into WP transparently.
If anybody wants to help me test this drop me an email at starritt@gmail.com — it should be ready sometime this coming weekend if not the week after.
Is this kind of thing not what you’re looking for?
Chris.
Well its what I’ve built ;-D –I’ll keep an eye on that to see how it goes.
Fahim,
Could you detail what you changed when you changed the wp-comments-post.php file? I’d like to try that and if you have some clearer instructions that would be great.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Tchansen, it’s the first post here: http://wordpress.org/support/3/13443
Thanks macmanx. I thought I had read it but couldn’t find it in searching.
