WordPress.org

Ready to get started?Download WordPress

Forums

Blacklist Comment Service (18 posts)

  1. starritt
    Member
    Posted 9 years ago #

    I see there are a couple of mods out there that help deal with comment spam but I was wondering if there was an actual live service online that would enable people to expand their own personal bans to everybody else that uses WP. I was thinking about this as my personal site is being plagued by a bot and wondering just how many thousands of other people might have been affected on the net at large.
    Basically it would work like this. A central database sits somewhere and stores IP address, URL and email information as well as comment content that can be used to determine if a comment is spam or not.
    As users using WordPress block IP addresses it could sent this information to the central server which would store it.
    New comments posted would be checked against the WP filter first, if it passes that test then WP would ping the database (we could use an XML to send info back and forward just like the pings) to see if its reported as spam there. WordPress would recieve either a green light back that would allow the comment to be posted or stick it in the moderation queue (for the really anal) or would send a red light back which would add the post info to the perminent local filter and either delete the comment and stick it in the moderate queue (for the unsure).
    Complex but I'm up for the challenge, I reckon it would take about a week to code max. I just need to know if folk think its worth doing, and am trying to make sure it does not exist already.

  2. Jed
    Member
    Posted 9 years ago #

    I think it'd be worth doing. I take it this Texas Holdem bot struck everyone today, eh?

  3. starritt
    Member
    Posted 9 years ago #

    Yah - me and four of the five other blogs I host.

  4. tctech
    Member
    Posted 9 years ago #

    So what is the fix for the "Texas Holdem".

  5. Fahim
    Member
    Posted 9 years ago #

    A fairly effective method seems to be to change your wp-comments-post.php file name to something else (as well as change the comments form input names as well) and then change (I think two) core WP files to allow for the changes you made. Since I've done that, the amount of spam I get has been reduced drastically. Then of course, you can rely on a blacklist as your second line of defence. Which is what I do - but I've also put a spider trap in the middle to catch any spiders which still try to use the old wp-comments-post.php file and ban their IPs.

  6. bambam4479
    Member
    Posted 9 years ago #

    I got hit by this bot 2,000 times in 3 days. I blocked all of it by Kitten's spam comments (Big Thank You to MooKitty).
    I would love to have a centralized service but I have found relying on another's server is not always optimal because it may go down or be overrun by bandwidth. Although if the service was hosted here on WP.org it might work quite well.
    I think it would be great if you could sync your local blacklist with the hosted blacklist.

  7. TechGnome
    Moderator
    Posted 9 years ago #

    I think that's what they were talking about bambam... a central server that items could be submitted to, and new data downloaded locally. Sounds like a good idea.
    TG

  8. Brak
    Member
    Posted 9 years ago #

    Sounds like a good idea to me. A regularly updated XML file would do the trick. Then just have the plugin download a new XML file every day or by request (to alivieate server load).
    But how would you deal with people submitting bogus information (real posters)?

  9. starritt
    Member
    Posted 9 years ago #

    Yah I have been putting a lot of thought into the whole process and I think ultimatly it'd be an interesting experiment but it would never be perfect. I think with the strength of thousands of people supplying data it could work really well but folk would get caught in the cross fire by people not being careful with what they submit. I guess it wouldn't be to hard to rank offenders if you actually apply some arbitrary rules to the whole thing.
    A good example would be the fact that a big attack like this Texas Holdem thing would wind up getting reported time and time again and ultimatly there would be a pattern - we'd see that this occured x number of times over a period of time and would be able to ban that comments from that source for an extended period of time, a solitary poster who just happened to piss somebody off might get an arbitrary day or two. Its worth thought at any rate - with some kind of ranking in terms of the threat level users could potentially set a tolerance level for what they will allow and what they will not.
    As for stability and uptime, I think if this worked and became popular we could setup mirrors or have a minor network of server sharing the load - I certainly don't have the infrastructure to handle it alone and I'd welcome any suggestions on how this can be handled.
    Either way I have been looking for something that I can work on project wise so I think I'll just go ahead and do it however I'd like input and suggestions and so on, on a regular basis to ensure that at least on paper we my time is spent producing something that people will actually want to use.

  10. Brak
    Member
    Posted 9 years ago #

    You would have to do some kind of bandwidth limiting, no matter your fleet of servers (because that's what you'd need) you can't sustain hundreds of thousands of hits per second on the same file constantly.
    If you developed a smart algorithm for getting rid of rouge submissions it could work. Maybe if you had to register, and you check the submissions by IP of blog and IP os poster, compare those to overall and give it mandatory X submissions before it's on the blacklist. It wouldn't be too bad, might take a night to develop the formula. In fact, the whole project is going to be pretty easy to make if someone makes it, the hard part is going to be putting it into WP transparently.

  11. starritt
    Member
    Posted 9 years ago #

    If anybody wants to help me test this drop me an email at starritt@gmail.com -- it should be ready sometime this coming weekend if not the week after.

  12. ChrisBoulton
    Member
    Posted 9 years ago #

    Is this kind of thing not what you're looking for?
    Chris.

  13. starritt
    Member
    Posted 9 years ago #

    Well its what I've built ;-D --I'll keep an eye on that to see how it goes.

  14. tchansen
    Member
    Posted 9 years ago #

    Fahim,
    Could you detail what you changed when you changed the wp-comments-post.php file? I'd like to try that and if you have some clearer instructions that would be great.

  15. Tchansen, it's the first post here: http://wordpress.org/support/3/13443

  16. tchansen
    Member
    Posted 9 years ago #

    Thanks macmanx. I thought I had read it but couldn't find it in searching.

  17. joemadeus
    Member
    Posted 9 years ago #

    I guess I'm more fed up than I thought :)
    I'm modifying wp_comments_post.php to see if I can put this in. Before I can, though, I have to get the user's ip or host (preferably ip). I tried this:
    YOUR IP or HOST: <?php $_SERVER["REMOTE_ADDR"]; ?>
    but it prints
    YOUR IP or HOST:
    followed by what I assume is a null string. How do I get the ip? Isn't that available in the global $_SERVER?
    And, I know this should be basic PHP - I did look at the docs, but it said to do what I'm doing.
    Thanks!
    -j

  18. Matt Mullenweg
    Troublemaker
    Posted 9 years ago #

    joemadeus, you need to echo.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.