WordPress.org

Forums

Comment spam with control characters (10 posts)

  1. dbowen
    Member
    Posted 10 years ago #

    Just saw a comment spam come through with encoded HTML to avoid the spam moderation/keyword list. Very sneaky.

    See http://www.geekrant.org/2005/01/14/comment-spammers/

    Perhaps this code can be modified to first parse any &# encoding (convert to ASCII) before running through the filter.

    Daniel

  2. Kitten
    Member
    Posted 10 years ago #

    Spaminator Checks for this sort of thing.

    http://blog.mookitty.co.uk/wordpress/spaminator/

  3. dbowen
    Member
    Posted 10 years ago #

    Thanks, I'll check it out.

  4. tomhanna
    Member
    Posted 10 years ago #

    I just got this several times and and I'm running spaminator.

  5. tomhanna
    Member
    Posted 10 years ago #

    Is this what the January 10 update to Spaminator was for? I'm upgrading to that now.

  6. Kitten
    Member
    Posted 10 years ago #

    Each character entity is treated as a point, so there has to be more than a couple to kill the comment. I'm thinking of changing the default to 2 points/per.

    Also as I improve the admin page, the points for each kind of offense will be user settable.

  7. Mark (podz)
    Support Maven
    Posted 10 years ago #

    @Kitten - I'm using cvs code, and the latest version of Spaminator.
    Noticed last night when I edited a comment that I saw the Spaminator 'comments' it uses, and then this morning a comment emailed to me has the same stuff:

    <-- X-spaminator-strike: whitelist, -3 --><-- X-spaminator-passed: IP check --><-- X-spaminator-passed: email check --><-- X-spaminator-strike: empty field - author url, 1 --><-- X-spaminator-passed: author url --><-- X-spaminator-passed: comment body --><-- X-spaminator-strike: url dashes, 1 -->

    It is not the slightest problem as everything on the blog appears just fine, but I thought I'd mention it.

    (Note: The ! character has been removed from the above so it displays)

  8. Kitten
    Member
    Posted 10 years ago #

    Yeah, that's kinda cool, ain't it :-)

    It's documented in the change log. It does 3 things:

    1. Gives you more info about what processing was done.

    2. Provides meta data about a comment's 'spaminess' and could be extended by further processing of the comment, like Spam Assassin headers in your email.

    3. Proves that it's working to the skeptical.

  9. Mark (podz)
    Support Maven
    Posted 10 years ago #

    Apologies - I didn't read the changelog.

    And yes - it is cool :)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.