Heh. Shows what I know. I never did that. 🙂
You do need to edit the bad-behavior-wordpress.php file in a text editor, and turn off the logging. That really should default to false.
Same thing here. I upgraded to WP 2.0.2 last weekend because I was still using WP 1.5.2 and with the number of spam trapped in moderation queue on Wednesday and Thursday thought it was because that WP version was now unsafe.
http://mhc.insidestretch.com/2006/05/18/well-isnt-this-lovely/
http://mhc.insidestretch.com/2006/05/18/mortgage-time-now/
I had already set my blog to members-only commenting but that never stopped the trapped spam but before a week ago it wan’t too bad. Now it’s even worse. I installed Akismet with WP 2.0.2 and while awed by the number of spam it caught, it isn’t foolproof.
Tonight I deleted about 20 to 30 supposed trackbacks that all have the same characteristic: they cite a couple of sentences from my article, there is no link to any outside website. The link takes you back to another one of my articles or it links back itself.
One very nice feature on the next update of WP would be an add-on that would shut down all comments (and trackbacks) in all pages and articles of a blog in case of emergencies like tonight, if that could be possible.
I went, at some time, to my Admin CP to close down comments in the Options/Discussion but was totally bummed out to see the mention of (These settings may be overridden for individual articles.) Big whoop! I have over 600 articles in there…
So it’s late and I certainly won’t be installing anything else tonight to secure my blog but I’ll be looking tomorrow morning for an Akismet helper for sure. If the blog is still there tomorrow that is. LOL
switch off comments plugin. fairly sure it will take care of trackbacks too. i have disabled comments and trackbacks on my public blogs, so there is no way for me to test it in the wild. in my test environment, it blocked the one trackback i sent to another test blog.
Thanks charle97. I copy/pasted the code in BBEdit, saved it as switch-off-comments.php, uploaded and dropped into the plugins folder but I can’t activate it because WP 2.0.2 doesn’t list it in the plugins list…
Anyway I’m completely knackered so this will have to wait.
A simple plugin / option in WordPress could help “common” users:
It should allow for a user-defined number of seconds, where the submitting is disabled (simple javascript on the submit-button on the front end). A timestamp should be set and sent to the system upon submitting (hidden field). WordPress should then check if the amount of time between the page load and the submit is less than the user-defined time. If so, the comment should not go through and an error displayed.
This would prevent bots, that reads out the rendered HTML and works through the headers, and potentially hired humans that won’t spend 10-15 seconds on your site – right?
Ok. Short night’s sleep. I added last night the IP address to my .htaccess file to block the trackback guy but he is still back this a.m.! Funny thing that IP says it’s from the web host. Anyway.
I am downloading Bad Behaviour but am on a Mac and I can’t understand this If you are unpacking the zip file directly on a Macintosh or Unix-based computer using the command-line unzip utility, be sure to use the -a option, e.g. unzip -a bad-behavior-1.2.1.zip. What the heck?… I need Terminal to decompress a file here? I don’t know how to use Terminal!
Darn! Can anyone help me? I seem to recall I came across a WordPress plugin that automatically shut down commenting in entries older than an amount of time entirely to the blog owner’s discretion.
I saw that the other day been looking all over to find it and simply can’t. I don’t even remember the name!… *rolleyes*
How do I “-Put the Bad Behavior directory into your plugins directory.”?
dpaulin, you should see in your WordPress installation a folder called wp-content. You will find the plugins folder in there. That’s where you’ll drop your BadBehaviour folder.
I earlier posted about having to use the Terminal perhaps to decompress the BB plugin and that is not the case. I decompressed it and uploaded and dropped the BB folder with no problems whatsoever and it is running fine right along side Akismet and SpamKarma.
Also I suspect that the trackback problem I posted about last night was caused by either someone going into the web host server and re-sending those old trackbacks all over again or he/she got in somehow into my WP installation and resent the notifications.
I didn’t download WordPress onto my computer. The webmaster of the site did, and then I just post in the blog. I guess that’s why I can’t put in Bad Behaviour.
dpaullin. Download BB to your computer. Then use FTP to upload it to your server.
Just like installing any other plugin. As I recall, there are even directions and stuff at the BB site.
Found it!
For anyone wondering like I did about the comment plugin that disables commenting on entries past 21 days, it’s Auto-Close Comments and it’s available here:
http://codex.wordpress.org/Plugins/Auto_shutoff_comments
Works fine in WP 2.02!
dpaulin, you have to upload the BB decompressed folder to your WordPress installation on the server where your blog is hosted not on your computer. You’ll have to use an ftp client to drop the BB folder in your WordPress plugins folder like all the other plugins you have installed just like HandySolo says.
Path is like I posted before:
Your WordPress directory/wp-content/plugins
Fresh Install On Local Server – Strange Incoming Links in Dashboard (Spam?)
Someone please help put my mind at ease here. I just did my first install of WP on a test box that has Apache configured to listen for local connections only and is behind a router with no ports set to forward. I have no intentions of trying to serve pages to the world at large from my own machine. The server is for design purposes only.
Anywho, the install was quick and easy. Thanks guys. I found my way to the Dashboard and noticed the Incoming Links section. There were “incoming links.” What? I haven’t even published anything. Maybe these are just examples, I thought. Sure, most of them were in cuneiform, but… The one that gave me pause–and really, I’m no prude–was something about “fapping” and free porn, something like that. That didn’t seem like the sort of thing that would be included as an example. Oh nooz, I thought. I’ve already been haxored.
So, I’m thinking it’s maybe some sort of link spam. But maybe not? I mean, what is there for them to link to? I’m guessing maybe WP reaches out to check some database for “incoming links?” I don’t really understand the trackback/pingback/link stuff yet. Heck, I’m just trying to learn my way around. Is this normal? Should I be concerned?
I’ve never posted a question on a board supporting free software before but, in the past, have found others’ questions and answers extremely helpful. I managed to find some other off-site postings mentioning “strange” incoming links, though they’re not specific. Also, they appear to be on WP blogs that were public and actually had content to link to. Is this related? The posts offer a fix but I don’t know if we’re experiencing the same problems. Is this related to the posts in the SPAM sticky? Thanks for your patience.
uggg. My first post and I think I’ve screwed up but I can’t delete it. Should I post the above questions under another topic? Mercy please?
