Forums

WordPress › Support » Plugins and Hacks

12

Referrer spammer caught (50 posts)

  1. JonRosebaugh
    Member
    Posted 7 years ago #

    Adding those ampersand-number codes to the blacklist causes errors, at least in 1.2. I've been meaning to upgrade, but I think I'll wait until 1.5 is released.

  2. Echo
    Member
    Posted 7 years ago #

    Quick question: how do you know that his spam bots honor the redirect? If I were the spammer, I'd make my bot ignore any such thing the target server tells me.

  3. AuntiAlias
    Member
    Posted 7 years ago #

    Attn gpshewan:

    Document what you have and suvmit it to Verio...the more that do that the better

    I'm not uber-experienced with the ins and outs of this. But I've been getting tons of referer spams with the web4u.gb.com etc. and I'd like to do my part to report this abuse (I have access to several days' worth of logs).
    Would you be so kind as to explain in a little more detail what precisely I should document? I guess I'd send it to abuse@verio.com, no?

  4. gpshewan
    Member
    Posted 7 years ago #

    @ AuntiAlias - that's okay, it seems like it was a Verio reseller and it's being looked into now (so don't mail Verio). Regardless, it looks like the spammer is in the process of moving from that box to another one.

  5. AuntiAlias
    Member
    Posted 7 years ago #

    @ glshewan: aaah, so when the [expletive deleted] spammer gets a new box, we'll change the index.php code snippet from the given IP to a different IP, then?

  6. Glo
    Member
    Posted 7 years ago #

    The new IP the spammer is using as of today is 219.150.118.16

  7. Membranophonist
    Member
    Posted 7 years ago #

    Has anyone tracked down the IP of the "online-deals-4u [dot] info" referral spammer?

  8. kyte
    Member
    Posted 7 years ago #

    I'm dumping all those IPs and the ascii-munged names and the URLs and the spam words into the comment blacklist we now have in 1.5. BINGO!

  9. Lorelle
    Member
    Posted 7 years ago #

    ph &#101 ; &# 101 ; rm& #10 5; n &# 101 ;

    Excellent. Those have been slipping through my email spam collector, too and it wasn't until I took a closer look that I spotted it.

    Ah, but I see in the posts that this won't work in the spam filter....is there a way to make this work?

    Thanks!

  10. DreamerFi
    Member
    Posted 7 years ago #

    "online-deals-4u [dot] info" - not yet - most of his sites are not up yet, and the domain has only two (non-functioning) name servers at this point. I suspect it'll take us a few hours at most once he turns on his domains...

  11. Membranophonist
    Member
    Posted 7 years ago #

    Thanks for the info, DreamerFi.

  12. navid
    Member
    Posted 7 years ago #

    I think it would be ideal if this information was centralized. As in, someone with special authority adds a new IP to this global blacklist, and from there, everyone would aggregate that information. Does that even sound feasible?

  13. gpshewan
    Member
    Posted 7 years ago #

    Isn't there already a blacklist plugin?

    Personally I'm not keen on IP blacklisting. It's a little like plugging holes in a very leaky bucket...pointless if someone keeps poking new ones - but turn off the water (try and pinpoint and shut down the server) and life get's much easier.

    Remember, a lot of us are seeing this from server logs - but if you don't check them and have moderation enabled you shouldn't be bothered by this guy.

  14. Lorelle
    Member
    Posted 7 years ago #

    Someone mentioned that you can't add the extended character spellings of titles used by spammers in the spam words filter with WP.

    Has anyone come up with a way to do that yet?

  15. Lorelle
    Member
    Posted 7 years ago #

    anything on extended characters in the WP spam list? I got hit by these.

  16. angsuman
    Member
    Posted 7 years ago #

    My major source of referer spam is with referer as different sub-domains of best-xp-software.biz ( 211.144.164.201 ). So I have added that too.

    Thanlks for the tip.

  17. angsuman
    Member
    Posted 7 years ago #

    I used a slightly modified code:

    /* Spam Guard */
    if (strpos($HTTP_REFERER, 'ttp://') > 0)
    {
    $pieces=explode("/", $HTTP_REFERER);
    $lookup = gethostbyname($pieces[2]);
    if ($lookup == "219.150.118.16" or $lookup == "161.58.59.8" or $lookup == "211.144.164.201" or $lookup ="216.34.38.81")
    {
    syslog(LOG_ALERT,"redirected $pieces[2]");
    header("Location: " . $HTTP_REFERER);
    exit();
    }
    }

    /* End Spam Guard */

    However I realized that it somehow prevented coming to my blog from any links! It is sending it back to itself. Now I understand that is what is being done for these particular IP's only. Why is it being so generic?

  18. James
    Happiness Engineer
    Posted 7 years ago #

    Keep your eyes on Referrer Karma: http://unknowngenius.com/blog/wordpress/ref-karma/

  19. jalal
    Member
    Posted 7 years ago #

    if ($lookup == "219.150.118.16" or $lookup == "161.58.59.8" or $lookup == "211.144.164.201" or $lookup ="216.34.38.81")

    Ya need another '=' sign on the last comparison. As it is its an assignment, which is always true...

    :)

  20. angsuman
    Member
    Posted 7 years ago #

    Thanks Jalal. That was a duh mistake :)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.