So, after a steady amount of traffic and comments to my site, within 10 minutes early this morning, my blog was hit by 15-20 people, and spam comments were left by several ‘casinos’ and other spamming entities. Why? Where was it listed that I was suddenly targeted? What’s the easiest way to prevent this from happening again?
Right now there is no way of preventing it, unless taking down your site is an option, which obviously it isn’t. Why did this happen? Because spammers want to raise the profile and visibility of their sites. The fact that you are online means you are automatically targetted. Everybody gets nailed by these boneheads.
There are ways to fight back, however. There are a number of plugins available, most notably Kitten’s at http://mookitty.co.uk/devblog/ and Dougal’s Spam Tar Pit at http://dougal.gunters.org/blog/2004/08/25/spammer-tar-pit. LaughingLizard just unveiled his new plugin as well: http://wordpress.org/support/10/13483
NM, there was a thread here recently about renaming the actual comment script. But then someone mentioned a couple of other WP templates where this script name might be called and wondered if the name should be changed there — or if changing the name would somehow upset the program. I suspect the answer is “Go ahead and change the script name everywhere it appears in the program.” But I’m not about to perform this surgery on my own blog yet.
This seems like the easiest and most foolproof (of course the problem with that is when you’ve made something foolproof, along comes a smarter fool!) way of combatting spammers.
P.S. Thread is here: http://wordpress.org/support/3/13443
I’d be very interested in this as a solution or in hearing reasons why it might fail or is inferior to other measures/plugins available.
Thanks for the link to the thread. Currently I see a lot of discussion about comment spam and possible approaches to managing it going on in the hackers mailing list. As you said, eventually a smarter fool will come along to defeat the method(s) du jour, but with the pool of talented folks around here who have ideas and suggestions for better tools, the Spam Wars will continue. “We shall overcome.”Anonymous
All of the rename-file tricks will be defeated – the spammer will just end up parsing the HTML properly.
Version 1: I’ve had some success with user-agent checks (some spammers have a “perl” user-agent or even just “-“). My current additions to wp-comments-post.php looklike this (added around line 53 in wp1.2):
//No perl for us, please!
error_log("".$_SERVER['REMOTE_ADDR']." - - [".date("j/M/Y:H:i:s O")."]: Tried to post with perl. Agent: '".$agent."'.\n", 3, "/usr/virtualweb/www.jesperjuul.dk/var/wordpress.log");
die( __('Internal error.') );
//Agent cannot be "-" or other small stuff
error_log("".$_SERVER['REMOTE_ADDR']." - - [".date("j/M/Y:H:i:s O")."]: Tried to post with short agent. Agent: '".$agent."'.\n", 3, "/usr/virtualweb/www.jesperjuul.dk/var/wordpress.log");
die( __('Internal error.') );
Version 2: Now this is starting to get defeated. A better solution is to add cookies, which will defeat people who are not using proper browsers:
At the top of index.php, add:
setcookie ("dainfo",time(), time()+36000);
And in wp-comments-post.php somewhere below the lines also around line 53:
//Must have cookie set
die( __('You must have cookies enabled to post here. Sorry. Drop me a line if you think this is in error.') );
Nobody has tried to spam since, so I don’t know how many will pass through.
At the end of the day, it’s just an arms race, and we will eventually have to use the turing-type check with some oddly rendered text displayed as graphics that the user then has to type to prove that he/she is human. I think we might as well implement it now and get it over with.
Oh, sorry, the error_log line is just if you want to log spam attempts. Remove or modify the path to fit your local setup.
Just setup a wordfilter in wp. Works like a charm for me. Daily al the trash get’s trashed instantly. Especially if you combine words with urls and ips.
Why the heck are you posting (mainly) non-sense replies to year old topics???
moshu… what was wrong with his response? its not nonsense if he just trying to help and give support. having a word filter list and changing the number of links required to hold a message for moderation is a great first step to stop spam… next step, it that doesn’t help, a plugin is your best bet…
Kahil – the fact is that the user hit many posts very fast and like the one above – very very old posts. Given that people will have moved on, that WP has had releases since, the post has zero value.
still, that is no reason to be an asshole and jump him… The fact is that you just don’t know if he is spamming or is just new here and is only trying to help… You know as well as anyone else in the world, that you wouldn’t like someone bashing you like that…
Kahil – I posted immediately before Moshu.
I’m saying pretty much the same thing.
That poster – by their actions of posting to old threads has not helped the forum.
That poster hit several threads with what I thought were unhelpful additions because the threads were old, WP has been released since and they added no value. As a consequence, those rapidly hit threads will have knocked some posts off the front page. People don’t like that when they do not yet have an answer, and they may feel the need to bump their post. That’s also fairly pointless and frowned upon.
I had deleted some posts by that user that I felt were just gratuitous typing so the impact that they had will appear much less than it was.
We are trying to answer valid current issues that people are having and the behaviour I have described above harms what we try to do. That’s why we do what we do, and why sometimes we get a bit frustrated when people seem to be undoing our hard work.
then wouldn’t the best approach to that problem would be to delete those threads? delete all the out of date and pointless threads? cause no matter how hard you try or frown upon it, there is going to be someone making a post that someone finds pointless and then they are going to just be a jerk to them, no matter how harmless their intent was or wasn’t…
I can’t delete old threads – when is old classed as old ?
When would I close threads ? When is old then ? Who decides when it is resolved if the OP does not return ?
If you have taken offence, so be it, but at least try to understand just why someone might have reacted that way.
- The topic ‘Blog Spamming?’ is closed to new replies.