WordPress.org

Ready to get started?Download WordPress

Forums

[closed] Spambot Stopper (48 posts)

  1. Matt Mullenweg
    Troublemaker
    Posted 9 years ago #

    I've written a plugin that is meant to stop the current generation of spambots that are currently hammering WordPress blogs around the world. This plugin is very conservative, that is that no legitimate commenter should be stopped by the measures, but it has been completely effective in stopping the spam flood I've been experiencing on several sites. This plugin is fully compatible with versions 1.2 and 1.3, and it requires no additional files or lookups; it's entirely self-contained. The plugin works by embedding a random hidden field in the comment form that is then checked for on posting. It also fixes the bug where comments can be sent to posts that don't exist yet. This won't work forever, but I think it is a good stopgap measure until 1.3 is finished and widely available.
    Reasons this plugin may not work for you:

    • You don't have the <?php wp_head(); ?> call in the <head> of your template.
    • You have heavily modified your comment form.

    Don't forget to test out commenting after you activate it. Without further ado, please try this out:
    Download Spam Stopgap »

  2. Umm....this same exact thing was created three days ago by someone else.
    http://wordpress.org/support/3/16384

  3. shepherg
    Member
    Posted 9 years ago #

    thank you Macmanx,
    I felt with my creation of the concept I should atleast recieve some bit of recognition for it. However Matt didn't even leave a comment mentioning my name in the source.
    Gene Shepherd
    http://www.imporium.org

  4. Mark (podz)
    Support Maven
    Posted 9 years ago #

    @shepherg - I can find at least 1 reference to this 'concept' in an email to the hackers list dated 26/9 - nearly 6 weeks ago.

  5. shepherg
    Member
    Posted 9 years ago #

    podz,
    I am in not trying to say this may not have been known before, and from your initial post to my original topic discussing this it seemed as though that email you are talking about must have slipped your mind. I brought this here, made it a bit popular and it was clear that Matt made the hack based on my presenting it to the forums. He posted in the topic I presented saying he made that hack into a plugin. I just felt that I should have atleast been given some sort of recognition for the 'presentation' of the concept. I went through the trouble of writing up a tutorial on how to implement it, if I hadn't done that it wouldn't be a big deal to me, but because I actually took time out of my schedule to help out this community I feel as though a little recognition is in order.
    Gene Shepherd

  6. shelleyp
    Member
    Posted 9 years ago #

    Shepherg, you didn't invent this concept. We started talking about hidden fields in forms when the spammers first hit MT, as per my first post on this http://weblog.burningbird.net/archives/2002/10/29/comment-spam-quick-fix/ back in 2002.
    Took just a sec for most spammers to learn to scrape a form first for all fields before submitting the spam. Random or not, didn't matter.
    So you might want to check your sense of umbrage at the door.

  7. allthewhile
    Member
    Posted 9 years ago #

    Doesn't work for me. I have neither edited my comment field nor deleted the php call in the head of my template; just checked.
    When you post a comment, it sends you to an absolutely blank page.
    Is the comment field even supposed to look different, because it doesn't, btw.
    Thanks,
    ATW

  8. drdan01
    Member
    Posted 9 years ago #

    Well, you're a step further than I am. I'm not a hacker and after reading the d/l file can't even figure out what I'm supposed to do where. Any chance of a "hacker-to-idiot" translated set of instructions?
    Dan

  9. drdan01
    Member
    Posted 9 years ago #

    Thanks Beel...that does sound easy. Here's why I'm still confused though -- the above d/l zip file unpacks only one file -- spam-stopgap.php. I'm seeing that on my Macintosh as a text file. Sometimes in zip files using a Macintosh you don't necessarily "see" all the files, so is that the file then?
    Thanks!

  10. shepherg
    Member
    Posted 9 years ago #

    @shelleyp: I never claimed to invent the concept as I stated in my above posts. Please read before you make false claims.

  11. Anonymous
    Unregistered
    Posted 9 years ago #

    drdan01: The only file needed for the plugin is spam-stopgap.php.
    Put the file in your wp-content/plugins folder on your server.
    Then go to the Plugins screen on your WordPress admin page and activate the plugin.
    It's that simple. I love plugins and how they work, because they are usually so simple to get going. What would make it even better is in the future have the ability to upload a plugin directly from the plugins page.

  12. Anonymous
    Unregistered
    Posted 9 years ago #

    I should note also that this plugin works so far for me. I can post comments fine and no comment spam has gotten through yet. Then again, I am one of the lucky ones that haven't gotten slammed by comment spam in a long time.

  13. shadow
    Member
    Posted 9 years ago #

    @allthewhile - Did you have any success working this out?
    I had the same result as you...
    Will post back here if I discover a remedy :)

  14. allthewhile
    Member
    Posted 9 years ago #

    still haven't gotten it to work. same problem when using firefox or internet explorer btw.

  15. Anonymous
    Unregistered
    Posted 9 years ago #

    "I felt with my creation of the concept I should atleast recieve some bit of recognition for it."
    Sounds to me like you're claiming creation of the concept with this statement. However, I don't blame you for feeling like you didn't get your pat on the head with this plugin.
    If I were folks, I wouldn't put a lot of time into implementing this. The smarter of the comment spammers defeated this within a week when we implemented it in MT.

  16. Anonymous
    Unregistered
    Posted 9 years ago #

    thx

  17. dozer
    Member
    Posted 9 years ago #

    In my situation these spambots were driving me fu*** mad and I whould like to thank shepherg for taking a time out to the hack. Thanks allusion also for turning it into a plug in.
    For me it has stopped spambots cold for 1 week. I'll post an alarm it it gets defeated.

  18. Anonymous
    Unregistered
    Posted 9 years ago #

    So far so good with me. As long as we keep the spammers working hard, then we are succeeding.

  19. dkaye315
    Member
    Posted 9 years ago #

    sheeez!!
    what is it with these spammers? to exert domination? cause exasperation? assnine cowards hiding behind anonymity, is what they are. stupid, weak "virtual bullies" who are obviously discontent with their own lives. cockbite sumbitches!
    alas ....
    i, too, could not get the plug-in to work - get the blank screen situation. i thought maybe because comments have to be approved - disabled that feature and still nothing. i've removed the plug-in and disabled commenting until such time as the current attack my blog is under has passed.
    why not have someone figure out a way to do a reverse spam attack back to the originator. surely there's a way to do that. and, it could be fun.
    or post an ip blacklist here that can be shared. i'll even start it with a few from tonite:
    211.185.38.61
    80.58.4.111
    80.58.4.44
    165.138.213.230

  20. Stick away from IP blocking. IPs can be spoof and are usually shelled out again to other users after a week. You could block the spammer for now, but you'll be blocking future legitimate users later. You should only block an IP for 24 hours in order to break up a SPAM flood. There are better methods, located here: http://www.tamba2.org.uk/wordpress/spam/
    Here's an article that goes into detail about why IP banning (spider-traps included) is a bad idea and I do suggest that everyone at least read the first two paragraphs. http://kalsey.com/2004/02/why_ip_banning_is_useless/

  21. dkaye315
    Member
    Posted 9 years ago #

    macman - i deferred to the first link you posted earlier, and installed a couple of plugins. at the most recent mail check, had 10 spams to the site that had been blocked - 5 from the same ip. a countrycheck.com search identified it as:
    Results for 165.138.213.230
    Country: ANON PROXY
    City: SYRACUSE
    Region: INDIANA
    ISP: INDIANA HIGHER EDUCATION TELECOMMUNICATION SYSTEM
    the other block received at the same time came from:
    Results for 80.58.4.111
    Country: SPAIN
    City: MADRID
    Region: MADRID
    ISP: TELEFONICA DE ESPANA SAU
    both sets of spammers are posting the same identical spam re: p.o.k.e.r. and p.h.a.r.m. links

  22. That doesn't matter. They could be using a proxy. In which case, you've just blocked all users under that proxy (including legitimate ones). Again, please read this: http://kalsey.com/2004/02/why_ip_banning_is_useless/

  23. dkaye315
    Member
    Posted 9 years ago #

    considering the fact that my blog gets very little commenting, and all of a sudden i have 7 from 165.138.213.230 and 9 from 80.58.4.111 - frankly, i don't honestly see how it's going to affect those who do post. however, when this rash has passed, then i will purge the "banned" ip list.
    moreso, it's the blacklisted spam words that determine whether or not blocking of the comment occurs, not just the ip address itself.

  24. dkaye315, trust me, you will find IP blocking ultimately futile in the long run. Some of these bots even run off of randomly spoofed IPs. IP blocking has been around almost since the beginning of blog comments. Consequently, ways of getting around IP blocking have been around just as long.

  25. Anonymous
    Unregistered
    Posted 9 years ago #

    I installed this last night. Ever since, Apache has been segfaulting left and right, taking down my server every few hours. I finally put 2+2 together, realizing that the segfaulting began the very minute that I installed this plugin (as confirmed by the file's timestamp, correlated with Apache's error log). I've removed the plugin. I'm too busy this week to debug it, but suffice it to say, I don't recommend installing this.

  26. Matt Mullenweg
    Troublemaker
    Posted 9 years ago #

    Anonymous, Apache segfaulting is definitely something I would have noticed by now. Could you post more details about your setup?
    dravine, that pushes the boundaries of good taste. Let's keep it PG.

  27. Anonymous
    Unregistered
    Posted 9 years ago #

    Will this work on version 1.0.1?

  28. Anonymous
    Unregistered
    Posted 9 years ago #

    I just had 4 comment spam from the same person (although different IP's) all within the same minute, so I think at least one spammer has gotten around this plugin already.

  29. Stryke11
    Member
    Posted 9 years ago #

    Just curious what other useful spam stopping measures work in tandem with this plugin, and which are incompatible. For example, would doing the rename wp-comments-post file trick cause this plugin to go nuts. I guess I just want the most spam protection possible without messing everything up :)
    Michael

  30. Anonymous
    Unregistered
    Posted 9 years ago #

    a spam comment just got through :/

Topic Closed

This topic has been closed to new replies.

About this Topic