Support » Fixing WordPress » Reducing Comment Spam

  • Hi all,
    I’ve come up with a quick solution to greatly reduce spam. I’ve noticed that a lot of it has the referer 12.163.72.13. Obviously this site contains a hugggee list of WordPress site URLs so the spammers can just point their script at it and spam the world. (This site cannot be accessed by the likes of you and me; presumably they only allow access to spammer IPs).
    I reckon about 99% of my comment spam is posted with a referer from that site.
    So here’s the solution. Add the following lines to a .htaccess file in your WordPress directory:
    SetEnvIfNoCase Referer “^http://12\.163\.72\.13/” bad_referer=1
    deny from env=bad_referer
    [SetEnv and bad_referer=1 should be on the same line]
    Of course this is yet another temporary solution. Eventually they’ll change the IP of their site… but every little helps.

Viewing 14 replies - 1 through 14 (of 14 total)
  • I’m wondering if the Poker Jokers have found a way to embed some sort of malware in WP. I have made all the changes that have been posted here and my site is no longer being bombarded.
    However, as soon as I post an entry a single comment from the spammers appears. INSTANTLY! It does not generate an email.
    Thoughts?

    Onethumb,
    Check inside your database with phpMyAdmin, or some such, there’s probably a bunch of spam waiting for a post ID for it to match to.

    There’s been quite a large discussion on how to stop spammers. A couple of us have put together some code to the wp-comments-post.php page being access directly, others have decided to redirect the spammer to Google.
    Have a read of the thread: http://wordpress.org/support/4/15365

    I think there needs to be a wiki page somewhere containing ALL the various anti-spam tactics people have come up with. It’s far too time-consuming to scan through all the threads in this forum to find the various methods.
    I think having a central reference point will make it much easier to win the fight against the spammers.

    http://www.tamba2.org.uk/wordpress/spam/
    Apart from TG’s code – which I shall add later – that’s got all the accepted stuff so far.

    I think having a central reference point will make it much easier to win the fight against the spammers.
    a central reference would also benefit the spammers. they can see all the comment spam fighting techniques and develop countermeasures.

    By the way, the wp wiki is open and waiting 🙂
    If anyone does want to create such a page, the wiki will happily take all the text.

    hmm. A central reference may help the spammers. But if our techniques are good, they still won’t be able to do anything about it. And there’s nothing to stop them reading through these forums to find out what we’re doing (but I get the impression they don’t; it always takes a while for them to react to our countermeasures).
    Perhaps I’ll start a page in the wiki…

    But if you use all the techniques at your disposal, you can prevent 99.9% of comment spam (for a while at least).
    If we have a central resource, then everyone can be kept up to date. As soon as they beat our defenses, we can come up with something else which everyone can find out about immediately. They probably wouldn’t get more than a few comments posted before everyone catches up. Then they have to think of something else.
    What do other people think? Is a central resource a way to keep everyone up to date or a way to help the spammers defeat our defenses?

    Thanks Welward. Nuff said… 🙂

    Thank you, Wellard1981, for the wonderful fix for those of us who are not PHP Gurus, and are CSS noobies. I too, was hearing way too much from ‘online poker dud’, and I just managed to get WordPress 1.2.1 working less than 24 hours ago. Had received about 35 posts from the above in a bit over 30 minutes, and I’m still trying to figure out how to change colors, never mind dealing with spam. So I certainly didn’t need the headache.
    http://
    Again, Thanks.

    Heh! It’s was just an idea i’ve been throwing around. It’s not perfect but it does work. It doesn’t stop it totally as I later discovered, but it does slow it down! 🙂

    if everyone were to employ the same comment spam fighting tools, then the spammers would have a field day. the reason why spammers hit wordpress blogs is because there are alot of people using the system, so it’s worthwhile for them to attack wordpress users. a central reference for comment spam fighting techniques will only spur homogeniety, something spammers would just drool over.

    podz … thanks for posting that link where all of the anti-spam info is together. very helpful

Viewing 14 replies - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.