WordPress.org

Ready to get started?Download WordPress

Forums

Blog Spamming? (24 posts)

  1. ccheaton
    Member
    Posted 9 years ago #

    So, after a steady amount of traffic and comments to my site, within 10 minutes early this morning, my blog was hit by 15-20 people, and spam comments were left by several 'casinos' and other spamming entities. Why? Where was it listed that I was suddenly targeted? What's the easiest way to prevent this from happening again?

  2. NuclearMoose
    Member
    Posted 9 years ago #

    ccheaton,
    Right now there is no way of preventing it, unless taking down your site is an option, which obviously it isn't. Why did this happen? Because spammers want to raise the profile and visibility of their sites. The fact that you are online means you are automatically targetted. Everybody gets nailed by these boneheads.
    There are ways to fight back, however. There are a number of plugins available, most notably Kitten's at http://mookitty.co.uk/devblog/ and Dougal's Spam Tar Pit at http://dougal.gunters.org/blog/2004/08/25/spammer-tar-pit. LaughingLizard just unveiled his new plugin as well: http://wordpress.org/support/10/13483

  3. Joni
    Member
    Posted 9 years ago #

    NM, there was a thread here recently about renaming the actual comment script. But then someone mentioned a couple of other WP templates where this script name might be called and wondered if the name should be changed there -- or if changing the name would somehow upset the program. I suspect the answer is "Go ahead and change the script name everywhere it appears in the program." But I'm not about to perform this surgery on my own blog yet.
    This seems like the easiest and most foolproof (of course the problem with that is when you've made something foolproof, along comes a smarter fool!) way of combatting spammers.
    Joni
    P.S. Thread is here: http://wordpress.org/support/3/13443
    I'd be very interested in this as a solution or in hearing reasons why it might fail or is inferior to other measures/plugins available.

  4. NuclearMoose
    Member
    Posted 9 years ago #

    Joni,
    Thanks for the link to the thread. Currently I see a lot of discussion about comment spam and possible approaches to managing it going on in the hackers mailing list. As you said, eventually a smarter fool will come along to defeat the method(s) du jour, but with the pool of talented folks around here who have ideas and suggestions for better tools, the Spam Wars will continue. "We shall overcome."

  5. Anonymous
    Unregistered
    Posted 9 years ago #

    All of the rename-file tricks will be defeated - the spammer will just end up parsing the HTML properly.
    Version 1: I've had some success with user-agent checks (some spammers have a "perl" user-agent or even just "-"). My current additions to wp-comments-post.php looklike this (added around line 53 in wp1.2):
    //No perl for us, please!
    $agent=$_SERVER['HTTP_USER_AGENT'];
    if (strpos($agent,'perl')!==false)
    {
    error_log("".$_SERVER['REMOTE_ADDR']." - - [".date("j/M/Y:H:i:s O")."]: Tried to post with perl. Agent: '".$agent."'.\n", 3, "/usr/virtualweb/www.jesperjuul.dk/var/wordpress.log");
    die( __('Internal error.') );
    }
    //Agent cannot be "-" or other small stuff
    if (strlen($agent)<3)
    {
    error_log("".$_SERVER['REMOTE_ADDR']." - - [".date("j/M/Y:H:i:s O")."]: Tried to post with short agent. Agent: '".$agent."'.\n", 3, "/usr/virtualweb/www.jesperjuul.dk/var/wordpress.log");
    die( __('Internal error.') );
    }

    Version 2: Now this is starting to get defeated. A better solution is to add cookies, which will defeat people who are not using proper browsers:
    At the top of index.php, add:
    setcookie ("dainfo",time(), time()+36000);
    And in wp-comments-post.php somewhere below the lines also around line 53:
    //Must have cookie set
    if (!isset($_COOKIE['dainfo']))
    {
    die( __('You must have cookies enabled to post here. Sorry. Drop me a line if you think this is in error.') );
    }

    Nobody has tried to spam since, so I don't know how many will pass through.
    At the end of the day, it's just an arms race, and we will eventually have to use the turing-type check with some oddly rendered text displayed as graphics that the user then has to type to prove that he/she is human. I think we might as well implement it now and get it over with.
    -Jesper

  6. Anonymous
    Unregistered
    Posted 9 years ago #

    Oh, sorry, the error_log line is just if you want to log spam attempts. Remove or modify the path to fit your local setup.

  7. nieuws
    Member
    Posted 8 years ago #

    Just setup a wordfilter in wp. Works like a charm for me. Daily al the trash get's trashed instantly. Especially if you combine words with urls and ips.

  8. Mark (podz)
    Support Maven
    Posted 8 years ago #

    niuews - STOP FORUM SPAMMING.

  9. moshu
    Member
    Posted 8 years ago #

    @nieuws,
    Why the heck are you posting (mainly) non-sense replies to year old topics???

  10. Kahil
    Member
    Posted 8 years ago #

    moshu... what was wrong with his response? its not nonsense if he just trying to help and give support. having a word filter list and changing the number of links required to hold a message for moderation is a great first step to stop spam... next step, it that doesn't help, a plugin is your best bet...

    thank you

  11. Mark (podz)
    Support Maven
    Posted 8 years ago #

    Kahil - the fact is that the user hit many posts very fast and like the one above - very very old posts. Given that people will have moved on, that WP has had releases since, the post has zero value.

  12. Kahil
    Member
    Posted 8 years ago #

    still, that is no reason to be an asshole and jump him... The fact is that you just don't know if he is spamming or is just new here and is only trying to help... You know as well as anyone else in the world, that you wouldn't like someone bashing you like that...

  13. Mark (podz)
    Support Maven
    Posted 8 years ago #

    Kahil - I posted immediately before Moshu.
    I'm saying pretty much the same thing.
    That poster - by their actions of posting to old threads has not helped the forum.
    That poster hit several threads with what I thought were unhelpful additions because the threads were old, WP has been released since and they added no value. As a consequence, those rapidly hit threads will have knocked some posts off the front page. People don't like that when they do not yet have an answer, and they may feel the need to bump their post. That's also fairly pointless and frowned upon.
    I had deleted some posts by that user that I felt were just gratuitous typing so the impact that they had will appear much less than it was.

    We are trying to answer valid current issues that people are having and the behaviour I have described above harms what we try to do. That's why we do what we do, and why sometimes we get a bit frustrated when people seem to be undoing our hard work.

  14. Kahil
    Member
    Posted 8 years ago #

    then wouldn't the best approach to that problem would be to delete those threads? delete all the out of date and pointless threads? cause no matter how hard you try or frown upon it, there is going to be someone making a post that someone finds pointless and then they are going to just be a jerk to them, no matter how harmless their intent was or wasn't...

  15. Mark (podz)
    Support Maven
    Posted 8 years ago #

    I can't delete old threads - when is old classed as old ?
    When would I close threads ? When is old then ? Who decides when it is resolved if the OP does not return ?

    If you have taken offence, so be it, but at least try to understand just why someone might have reacted that way.

  16. Mark (podz)
    Support Maven
    Posted 8 years ago #

    Kahil - your exact solution is .. ? How should we do things differently ?

  17. Kahil
    Member
    Posted 8 years ago #

    true, but there is a huge difference between feeling strongly about something and reacting maturly... instead of jumping someone, try asking politely...

    an old thread would be one that no one has replied to in a significant time frame... a thread with a subject matter that is no longer relavant due to updated versions of wordpress... etc...

  18. Mark (podz)
    Support Maven
    Posted 8 years ago #

    Agreed about the approach, but I too - like many regular helpers here (time given freely, putting up with jibes here and there) sometimes get frustrated. Sometimes. Not enough coffee, too tired, frustrated because helping in another thread is taking too long and we snap a bit. Just like life. It's not pretty but it happens - and the medium of text is appallingly bad for carrying meaning and context.
    If someone regularly posted snidely, had a pop at people then I would email them about it, I could block them from the forum for a space of time. I have done both. But for a regular person here to snap a bit, I cut some slack - wouldn't you ? Note: 'some' - not all :)

    Threads:
    I agree to a point, but the majority of time people aren't daft enough to resurrect these posts, and certainly not as many in such a short space of time.
    Closing threads is answer in part - though there are a LOT of threads, so I prefer to do that only in circumstances that are more appropriate.
    And old versions - I run a 1.2.2 blog, I know people with b2 blogs so leaving threads open to them can be helpful should they ever post.

    It is difficult striking a balance here - and sometimes we get it wrong. All of us do, but hopefully that brief moment of wrong can be mitigated by the more plentiful moments of advice and support :)

  19. Kahil
    Member
    Posted 8 years ago #

    i can understand people just having bad days, but remember, like you said you are giving your time freely. That means no one here has to come here and post. If someone finds themself getting irritated, just close the window. Its a complete waste of time and energy to snap at someone you don't even know let alone their intentions on posting... all it takes is for a newbie to do a search, fina a post that happens to be old, and make a harmless post. Thats the point i'm trying to make. no one is offering any kind of support by snapping...

    i have been running sites for years now, and one approach that has always worked is to either delete the post or move it. maybe have a separate place for older threads and for support of older versions. That would help a lot with the unintented spamming and help people to get the support they need for their version of wordpress...

  20. Mark (podz)
    Support Maven
    Posted 8 years ago #

    "That means no one here has to come here and post."
    These forums have a PR of 9.
    We get lots and lots of postings from people JUST so they get that google juice.

    Delete posts:
    Yes, but when do I start / stop. This thread illustrates perfectly how difficult tht would be.

    Moving threads:
    To where ? (see below)

    Separate places:
    Yes, I've seen this approach on other product forums. But they tend to be for products that are quite different and usually for products that involve money.

    And while I'm not entirely disagreeing with you on the 'harmless', what if someone now started posting to many old threads with "Worked for me" "I had that too but I'm okay now" "Change the theme ?" "Move hosts" "LOL !!!" - all perfectly harmless and supremely useless. All they do is bump people down in the forums - and get lots of PR9 backlinks.

    I think on this we will have to agree to disagree, but I will post this thread to the Forums mailing list and hopefully some good will result from it.

  21. Kahil
    Member
    Posted 8 years ago #

    maybe, if it can be done, make a thread for suggestions... Leave it open for a while and then take the most requested or reasonable suggestions and put them to a vote by our peers...

  22. Mark (podz)
    Support Maven
    Posted 8 years ago #

    Go for it :)

  23. vkaryl
    Member
    Posted 8 years ago #

    You need to look back at the poster's "body" of posts too.... not meaning this one in particular, but others that have had similar consequences. Maybe you don't care what pr your blogs and pages and sites have (I don't, for instance), but many many people do - you need to consider whether a poster is consistently posting basic dreck BECAUSE heesh has a site or sites from which heesh expects to make money, which is helped along by high-pr backlinks from here etc.

    And podz, btw, is the LEAST likely individual around here to "snap" without reason....

  24. moshu
    Member
    Posted 8 years ago #

    Ah, I missed this nice thread - again; was dragged from the computer (the shrink in the house says I am addicted to this forum, LOL)
    @vkaryl, I am the one who supposedly "snaps"...

    @Kahil, I know exactly when somebody posts 10 replies in 5 minutes to year old threads (and as Podz mentioned he deleted some of them already) - it is not about helping people. Just click on "member" under the user's name and see the last five posts. One of them is on a thread from June 2004 and the last reply before him is from a blogger you cannot even find his blog anymore. Help my a**

    I am not having a bad day - actually it was very nice until he showed up in the forum. On the other hand, yes, this kind of behaviour irritates me and I will never apologize for "kicking" them... or call it whatever you want. I will do it again - I promise, if the posts are not genuine help requests :)
    Now let's get back to help people who really need help, rather than wasting time here. All the best for everyone!

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.