WordPress.org

Ready to get started?Download WordPress

Forums

Blocking Unregistered Spammers, Porn, Gambling (52 posts)

  1. abductions
    Member
    Posted 10 years ago #

    Our former public discussion board was always being spammed by porn and gambling advertisements. Switching to Word Press was supposed to solve the problem because we set it up to require user registration. However, today's Blog was flooded with spam for their products. What is the solution to prevent unregistered users from posting?

  2. wellard1981
    Member
    Posted 10 years ago #

    I've already developed something that requires users to regiter to enable them to comment.
    See: http://www.wellardsworld.com/content/wphacks
    Here's the registered users comment hack: http://www.wellardsworld.com/content/wphacks#wp-comments.php
    And here's modified version of wp-register.php to generate random passwords to new members: http://www.wellardsworld.com/content/wphacks#wp-register.php
    Hope that helps!
    -Wellard

  3. abductions
    Member
    Posted 10 years ago #

    Hi Wellardsworld,
    I tried your various modified WP files and they almost worked. I liked your formatting and layout visually better.
    But today, the spammers bypassed the registration process and posted anyway. Then when I went to myPhpAdmin to delete their phony registrations and postings - they were not there! But their postings for more online gambling were on the Blog. Yikes! Am I losing it? Now I am wondering whose DB their junk got posted to, unless it is one of my earlier MySql Databases which should not be accessible because there are no more WP files linked to it?

  4. Fahim
    Member
    Posted 10 years ago #

    Maybe a silly question but are you sure these are posts and not comments?

  5. abductions
    Member
    Posted 10 years ago #

    Good question. I checked and it was a comment that had not shown up in the database, so I read it in the Blog first. However, unlike yesterday, there was no registration to accompany that post as there was yesterday, where every online poker or Texas hokem spam had a matching registration.
    Experimentally, I have changed the wp_options to in the MySql database to "No" for "users_can_register" and "use_fileupload." I had initially turned these off in the WP Admin window, but after a crash weekend of learning about this program, have realized its flimsy Admin controls do not work at all, and that the settings do not seem to change the MySql database which only seems to be set if I make the changes manually.

  6. Anonymous
    Unregistered
    Posted 10 years ago #

    @wellard1981 that looks like a good script. i wonder why the WP authors didn't originally do this.
    All pages that expect to be posted from a specific page or set of pages should always check to make sure that's where they're being posted from.
    I think the script can be made by redirecting the spammer to the 404 page because if you show an error, the spammer knows the page exists and will try again. If you do a 404 they might not come back.

  7. Anonymous
    Unregistered
    Posted 10 years ago #

    Sorry.. The above line should read "I think the script can be made BETTER by..."

  8. Anonymous
    Unregistered
    Posted 10 years ago #

    HTTP_REFERER, like ip addresses, can be easily spoofed.

  9. nekkidfish
    Member
    Posted 10 years ago #

    >> Here's an example, add this to wp-comments-post.php directly under the first <?php tag;
    Can you tell me where to find the <?php tag in the code? I cannot find it in my code.
    I also got blammed by the gaming spam comments. :(
    Thanks and HUGz! Jules

  10. Anonymous
    Unregistered
    Posted 10 years ago #

    Just rename wp-comments-post.php.

  11. Nothlit
    Member
    Posted 10 years ago #

    Renaming wp-comments-post.php is not a fail-safe solution. I renamed it a couple of days ago because I have been getting so much comment spam, and it hasn't slowed the spam down at all...

  12. nekkidfish
    Member
    Posted 10 years ago #

    Thanks Wellard1981. I followed your instructions.
    Does this mean I can now allow 'comments' ... or is it best to just not allow comments?
    I had over 50 this morning from some online gaming joint ... and I'm trying to stop that.
    Thanks and hugz! Jules

  13. pIng
    Member
    Posted 10 years ago #

    I got smacked this morning as well with about 100 comments in an hour. Stopped the bleeding by selecting to manually approve comments, then I inserted the code above and uploading. The spams immediately ceased allowing me to delete and get back to normal.
    Thanks for the great tips guys.

  14. Nothlit
    Member
    Posted 10 years ago #

    So far, so good. I put the HTTP_REFERER code into place about four hours ago and haven't received any spam since. I'm sure it's only a matter of time until the spammers wise up to our little trick and write code to circumvent it, but until then, I will revel in not having to constantly delete this stuff!

  15. charle97
    Member
    Posted 10 years ago #

    maybe you should wait a few days before declaring victory.

  16. OperaManiac
    Member
    Posted 10 years ago #

    i would hate to enable referrer spamming to just post comments on certain blogs.

  17. Anonymous
    Unregistered
    Posted 10 years ago #

    I guess another way to do it is to:
    1) if your site allows comments then on the comments page, have another page (maybe the homepage or a page that only logged in users get sent to during the process) plant a cookie.
    2) on the wp-comments-post.php page, check for the referrer AND the presence of the cookie before going on. No cookie=no comment post.
    There is no method that is going to be foolproof because the spammer can always write a smarter and smarter program that can emulate a real human browsing thru and posting comments...

  18. Anonymous
    Unregistered
    Posted 10 years ago #

    @wellard1981 - yes just like that.. I'm a ASP.NET C# programmer (breaks so much it creates jobs for people like me), not PHP so pardon my ignorance.

  19. michelv
    Member
    Posted 10 years ago #

    Checking for a referrer is never going to work.
    Simply because many actual users just choose not to send referrers out of unsensed fears about privacy and black helicopters hovering around.
    Likewise, checking for a cookie is not going to go well with people who browse with cookies disabled or selectively enabled.
    The actual bug is that we accept comments on non-existing posts, and this shall be fixed.
    Any other solution is going to be a nuisance for too many real commenters, IMHO.

  20. michelv
    Member
    Posted 10 years ago #

    Or we could implement some basic accesslog table. It would be used for stuff like checking if the comment posting script is accessed directly, but also for stuff like letting people edit their comments some minutes after they made them.
    It could be an event logging table aswell, that could be filtered by type of event.
    Just throwing random ideas around, that wouldn't likely be done before 1.3 ships...

  21. TechGnome
    Moderator
    Posted 10 years ago #

    And there are other solutions too. I've posted a similar "fix" to help prevent comments from being loaded on non-existant posts. There isn't any one thing to solve the problem, but rather it's going to take a number of ideas.
    Personaly, I think this spamming incident has been helpful in a way. Now we all know that the wp-comment-post.php file is vulnerable to outside intervention. Problem is, no one will truly know if any of our fixes really work. Am I not begin spammed because I wasn't targeted? Or is it because the prevention I've put into place sufficent to ward off such attacks? I don't know. I suspect it's more the former than the latter.
    Something I learnd while in the military regarding attacks: If some one is determined enough, you can't stop him. The most you can do is to make as difficult as possible in an effort to slow him down that he gives up, you can catch him and deal with him.
    Same kind of thing applies here. There's very little that can be done to 100% lock things down, but you can make it difficult. Hopefully to the point where it becomes more of a bother for them that they give up.
    TG

  22. michelv
    Member
    Posted 10 years ago #

    wellard1981: the average Joe doesn't know, but very vocal Joes install placebos like Zone Alarm that block sending of referrers, and think they're fine and WP is the one with the problem. Or they block cookies because they discovered that they could.
    And since they're very vocal, they go claiming WP has a fundamental flaw and soon profess their love to $other_blogware.

  23. wellard1981
    Member
    Posted 10 years ago #

    @michel v: Agreed, but thats the same with everything. For example, look how many Linux Distro's are out there. Gentoo, Debian, RedHat, SuSE, just to name a few. If something doesn't work in one, they'll move onto the next.
    As TechGnome pointed out, if some is determined to get in they will. There is no ulitmate solution to this problem, and there probably never will be.
    The code I have submitted is just an idea to make things just that little bit harder for a spammer to do his/her job, and I have not touted it to be the ultimate solution to the problem either.
    I'm just trying to help people who are getting these problems. I've been a victim of this spam myself, and have put in preventative measures to stop it, so far it's been quite successful, however if the spammer was determined enough to spam my site, they will, there is very little I can do about it.

  24. wellard1981
    Member
    Posted 10 years ago #

    LOL! Love the idea of sending spammers to Google!
    I've been playing again and currently writing an AuthCode hack. I know there is one out there which uses GD, however I can't get PHP to complile with GD support very well, so I am writing one to work with ImageMagik. So far it's been working and can be seen working on my site (http://www.wellardsworld.com).
    It means making changes to wp-comment.php and wp-comments-post.php to look for the new vars (and currently a cron job to clean up which I will change). If the authcode is not passed over or incorrect, the wp-comment-post.php halts. It's using an MD5 so hopefully spammers wont be sensible enough decrypt it too quickly.
    Once I'm happy with the code, I will release it for anyone to use if anyone want's to give it a go.

  25. samzuni
    Member
    Posted 10 years ago #

    Wellard1981: I have installed the two hacks mentioned on your website, and have not experienced any spam yet. Perhaps they went to bed or something? In any case, I will see what gives in the morning... :|
    The post is at e-ZUNI.

  26. Anonymous
    Unregistered
    Posted 10 years ago #

    Has anyone seen a plugin like the security code addin window to MT, where you have to type in the obscured random number for a comment to be accepted?
    I hope that makes sense to someone. :-(
    Also since we all seem to be getting hit by the same advertiser. (Advertisers hire the spammers) Does anyone have any knowledge about class action suits against spammers like this? I'll bet that we could get quite a few bloggers who would be willing to share information with a lawyer. I'm not looking to make any money from a law suit, the lawyers can have that. I'd be quite happy watching the Holdem Poker company get their pants sued off.

  27. charle97
    Member
    Posted 10 years ago #

  28. Anonymous
    Unregistered
    Posted 10 years ago #

    A few thoughts on this issue (I'm getting spammed as well :-()
    1) Would it be possible to require commenters to *approve* their comment before it gets posted to the site. Ie. sending the commenter a mail that require them to click on a link for a approval.
    1.1) Make a "trusted users"-category, that don't need to go through the tiresome 1).
    2) Looks like the spammer is using compromised machines. As a service to the ISP's, why not sending automated responses to the ISP's/owner about their problem?
    - Bjarne

  29. Kitten
    Member
    Posted 10 years ago #

    1.1) Make a "trusted users"-category, that don't need to go through the tiresome 1).
    1.3 has an option to auto whitelist, so that only email addresses that have a previously approved comment will get posted.
    Mostly it seems that this latest golimar/poker-x spammer is annoying people beceause of needing to clean up the mess in the mod queue, not because they're making it past the filters.
    Here's a IP deny list that will catch about 99% of this assclown's botnet:
    Order Deny,Allow
    Deny from 134.214.77
    Deny from 148.244.150
    Deny from 150.101.110
    Deny from 158.42.52
    Deny from 164.100.11
    Deny from 168.37.253
    Deny from 192.114.189
    Deny from 193.41.248
    Deny from 194.126.30
    Deny from 195.117.196
    Deny from 195.141.64
    Deny from 195.172.182
    Deny from 195.224.127
    Deny from 195.38.127
    Deny from 200.193.237
    Deny from 200.208.68
    Deny from 200.31.17
    Deny from 200.32.86
    Deny from 200.35.81
    Deny from 202.47.247
    Deny from 202.88.149
    Deny from 202.97.150
    Deny from 203.101.30
    Deny from 203.172.181
    Deny from 209.150.203
    Deny from 209.158.113
    Deny from 209.161.205
    Deny from 210.0.209
    Deny from 210.212.205
    Deny from 210.240.188
    Deny from 211.147.225
    Deny from 211.250.81
    Deny from 212.219.119
    Deny from 212.235.126
    Deny from 212.235.31
    Deny from 212.235.40
    Deny from 212.235.41
    Deny from 212.235.85
    Deny from 213.130.53
    Deny from 213.172.36
    Deny from 213.254.42
    Deny from 217.172.65
    Deny from 217.52.41
    Deny from 217.66.177
    Deny from 217.97.128
    Deny from 218.59.146
    Deny from 220.65.209
    Deny from 221.194.28
    Deny from 24.106.23
    Deny from 24.63.28
    Deny from 24.73.149
    Deny from 38.113.198
    Deny from 61.197.242
    Deny from 61.30.47
    Deny from 61.95.221
    Deny from 62.121.99
    Deny from 62.87.152
    Deny from 64.172.167
    Deny from 65.30.11
    Deny from 66.122.214
    Deny from 66.98.152
    Deny from 66.98.226
    Deny from 68.162.220
    Deny from 80.16.106
    Deny from 80.18.225
    Deny from 80.247.76
    Deny from 80.53.171
    Deny from 80.58.11
    Deny from 80.58.22
    Deny from 81.117.178
    Deny from 81.118.4
    Deny from 81.5.140
    Deny from 82.112.196
    Deny from 82.133.96
    Deny from 82.185.182
    Deny from 82.81.204

  30. michelv
    Member
    Posted 10 years ago #

    Bjarne: 2) Because ISPs will never do a thing about it, they don't want to block customers' access to the internet for fear of losing business, and that's understandable...

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.