WordPress.org

Ready to get started?Download WordPress

Forums

124

Comment Spam (91 posts)

  1. Anonymous
    Unregistered
    Posted 9 years ago #

    Looks good, but what did you really rename your file to?
    stopsapm-post.php
    or
    stopspam-post.php
    ?

  2. LisaS
    Member
    Posted 9 years ago #

    typo in the first line. I renamed it stopspam-post.php
    Really, you can rename it to anything you want to, it doesn't matter as long as it matches the code line in your wp-comments.php
    :)

  3. Anonymous
    Unregistered
    Posted 9 years ago #

    Oh no! My reply just hit the ether.
    I'm obviously new to this stuff, and thot there was something needful with "sapm". I see now it doesn't.
    In going thru all my files, i see that wp-comments-post.php is called in a couple of other files:
    wp-comments-popup.php
    wp-comments-reply.php
    Should the file name be changed there too?

  4. LisaS
    Member
    Posted 9 years ago #

    You can change the line in wp-popup-comments.php if you use popup comments. I don't use popup comments, so I didn't include that . . but should have.
    I did not change it in wp-comments-reply.php -- haven't had any issues with that at all. Not sure what that file does, but I would imagine it should be changed there too. :)

  5. Anonymous
    Unregistered
    Posted 9 years ago #

    This is very helpful, but is there a way to set wordpress so that only those who have registered can post a comment?

  6. chiensavant
    Member
    Posted 9 years ago #

    I love to read from someone who actually searched for a solution prior to post a request. Good example.
    I'm also touched by comment spam since a few days. Nothing too ugly so far.
    But I might create a comment form with security images included. You know, those images with digits you have to enter to be able to proceed with the form. That should stop most if not all of the automated spam. From the documentation I've read it isn't THAT complicated to implement. I'll work on that in the next weeks. I'm pretty sure everyone prefers that type of solution rather than to have everyone to register.

  7. Anonymous
    Unregistered
    Posted 9 years ago #

    I've followed the instructions in this post and renamed the files, but I'm still getting spam.

  8. Anonymous
    Unregistered
    Posted 9 years ago #

    I did the rename described here - just renamed it to something else. (perhaps the spammers are reading support and adapted to 'stopspam-post.php' - just a guess). Since doing the rename process described here, no spam has come through. It would seem that if everyone picks some random 'rename' of the files/script parts - then the spammers cannot adapt to all. Of course, if someone wants to zap a specific site, they can see what to adapt to within the script. So, I'm going to try and implement some of the other 'comment spam' fixes, too.

  9. Anonymous
    Unregistered
    Posted 9 years ago #

    I also followed the suggestion and renamed the .php file to a unique name. I am still getting tons of comment spam.

  10. minezamac
    Member
    Posted 9 years ago #

    I too renamed mine to something completely unrelated to anything and I am still getting this spam, is there a way to just dump the comments instead of moderateing them? The innocous comment with less than 2 links seems to work just fine, I haven't had a real commetn get moderated yet. At this point I would just prefer a delete all button or toss them into the dumper. When your getting 15 a day it is still a pain to go in and click delete on each of them.
    Thanks

  11. Root
    Member
    Posted 9 years ago #

    Whats the verdict guys ? Does the renaming trick work ? What is causing the breakages ?

  12. Root
    Member
    Posted 9 years ago #

    The answer is no. It doesnt't. Thanks for the interest.

  13. Anonymous
    Unregistered
    Posted 9 years ago #

    FYI, I've found that renaming it from wp-comment-post.php has stopped a bunch of subsequent attempts that someone has been making.

  14. Anonymous
    Unregistered
    Posted 9 years ago #

    One of the reasons that spams still reaches you is because you have not deleted wp-comments-post.php from the server.

  15. NuclearMoose
    Member
    Posted 9 years ago #

    There is a lot of work going into spam management for the next release, but we all have to understand that this is a Cold War...as hard as we work to counteract their efforts, the spammers are equal to the task in looking for methods to circumvent everything we throw at them.
    Your only guaranteed method to stop this is to turn of your comments totally, or don't have a blog that is open to the internet.

  16. xqus
    Member
    Posted 9 years ago #

    It seems like the user-agent for the robot is Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)
    This code in my .htaccess has done the trick for me:
    SetEnvIfNoCase User-Agent "^Mozilla\/4.0 \(compatible; MSIE 5.5; Windows 98; Win 9x 4.90\)" denyThis
    <Limit GET POST>
    Order Allow,Deny
    Allow from all
    Deny from env=denyThis
    </Limit>

  17. Anonymous
    Unregistered
    Posted 9 years ago #

    http://sm.farook.org/files/WPBlacklist261.zip
    This is the newest Blacklist that just came out today. Seems to work for me, I have already caught 10 spam attempts by the poker freak.

  18. James
    Happiness Engineer
    Posted 9 years ago #

    xqus, you do realize that you're now blocking anyone from viewing your site with IE v5.5 under Windows 98, don't you?

  19. James
    Happiness Engineer
    Posted 9 years ago #

    The renaming trick working like a charm over here! Thanks!

  20. Fahim
    Member
    Posted 9 years ago #

    The renaming trick works for most of the spam robots - as long as you remember to delete wp-comments-post.php off your server too as somebody mentioned :p There are however, a few robots out there which seem to parse the entire index.php file to find what the comments file name is, I've also changed the comment form variables but still a few get through probably because the robot parses the comments form and gets the variable names too. So, as somebody mentioned, this is like the cold war where you have to adapt to constantly keep ahead of the spammers. A combination of methods is the best way to go - I mentioned the combination I use in a different thread here: http://wordpress.org/support/3/15232

  21. Anonymous
    Unregistered
    Posted 9 years ago #

    I'm wondering if it's possible to use .htaccess to protect wp-comments-post.php (or its renamed versions)?
    Since renaming it the comment spam seems to have stopped but I've gotten 404 errors on wp-comment-post.php so I think it's a matter of time before the spammer catches on and parses wp-comments.php to find the file.
    My idea is to have .htaccess prevent spambots from making direct requests to wp-comments-post.php (or similar), but allow requests made through the normal comment form.
    Does anyone know if this can be done? I'm afraid I know next to nothing about Apache, so it may just be wishful thinking here.
    Otherwise, chiensavant's security images (http://wordpress.org/support/3/13443#post-79307) sounds like a good idea. Maybe it should be implemented into the next version of WP?

  22. charle97
    Member
    Posted 9 years ago #

    i'd be surprised if a captcha were included in the wp core. the developers despise captchas due to accessibility issues.
    however, you can use the authimage hack.

  23. Dinthoniel
    Member
    Posted 9 years ago #

    I'm using an older WP version - 0.72. Is there any way for me (except updating, duh!) to do the same? I've tried renaming the b2comments files in the spirit of what is described above, but when I try to post a comment, I get hit by an error message. Any input?
    Cheers,
    Irina.

  24. LukeA83
    Member
    Posted 9 years ago #

    I would like to approve individual users and have only those I approve be allowed to post comments. Is there a plugin that will do this or should I try to figure out how to code this myself? I am new to php and don't really have a clue where I would begin.
    But I do feel that the only way I can stop the 20 spam comments I am getting every five minutes (and the moderator emails associated with them) will be to not allow any comments unless the person posting them is "trusted."

  25. Mark (podz)
    Support Maven
    Posted 9 years ago #

    There is something for this:
    "only registered and logged in users are able to post to your blog"
    http://www.tamba2.org.uk/wordpress/spam/#three

  26. Anonymous
    Unregistered
    Posted 9 years ago #

    The spammer who got to my site not only called wp-comments-post.php directly, they did if for future posts. So, that means that I immediately got a comment with their spam when I posted a new article. I used phpMyAdmin to remove all 25 or 30 of their stinkin’ posts and then set up some Apache mod_rewrite rules. No one can access wp-comments-post.php directly anymore. They must be refered from my site, which makes sense as the only way you should be able to post a comment is if you first see the story.
    I Added this to my Apache httpd.conf file for my blog site (blog.mecworks.com):

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} "!^http://my.site/.*$" [NC]
    RewriteCond %{REQUEST_URI} ".*wp-comments-post.php$"
    RewriteRule .* - [F]

    Remember to change "my.site" to your site and the 'wp-comments-post.php' file name to what ever you have called it if you have decided to change it's name as well. Notice that you may prevent legitimate users from making comments if their browser does not send the referer header - shame on them.
    --
    Marc Christensen: blog.mecworks.com

  27. Anonymous
    Unregistered
    Posted 9 years ago #

    Excellent. Twelve hours worth of comment spam has been replaced with twelve hours of 404 errors. That's fine by me. :)

  28. rscrawford
    Member
    Posted 9 years ago #

    I've renamed wp-comments-post.php to a random string of letters and numbers: something like qxx21227A.php. I've also used the Apache rewrite in an .htaccess file in my blog directories.
    We'll see if it works.

  29. mike3k
    Member
    Posted 9 years ago #

    I've been getting hit by a spammer constantly since Thursday. I find that I can block him by changing your condition to:
    SetEnvIfNoCase User-Agent "^Mozilla\/4.0 \(compatible; MSIE 6.0; Windows NT 4.0; PCUser\)" denyThis
    I've also written a plugin called from post_comment_text which looks for some unique spam words in the comment and calls die() with a nasty message before it even gets to be moderated.

  30. James
    Happiness Engineer
    Posted 9 years ago #

    Mike, with your hack you've just blocked anyone who wants to leave a comment with MSIE 6.0 under Windows NT v4.0. While that's probably the spammer most of the time. It's generally not a good idea to alienate your current and future viewers like that. There are better ways.

124

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.