Search spam in logs

  • AndrewNYC

    (@andrewnyc)


    4 years, 4 months ago

    Hello, I am having a problem weeding out certain spammy search entries which are showing up in my logs, sometimes up to 30 times a day. the search query consists of a long string of pipe characaters: | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |

    I have used the code you provided below to block unwanted search in functions.php but it doesn’t stop this particular search. How do I block special characters?

    add_filter( 'pre_get_posts', 'rlv_block_search' );
function rlv_block_search( $query ) {
    if (!empty($query->query_vars['s'])) {
        $blacklist = array( 'index/thinkapp/invokefunction', '/index/thinkapp/invokefunction', '1 1 1 1', '||||', 'home/thinkapp/invokefunction', '/home/thinkapp/invokefunction', 'captcha' ); // add blacklist entries here; no need for whole words, use the smallest part you can
        foreach( $blacklist as $term ) {
            if( mb_stripos( $query->query_vars['s'], $term ) !== false ) exit();
        }
     }
}
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Mikko Saari

    (@msaari)

    4 years, 4 months ago

    For starters, it’s a good idea to look at the server access logs to figure who is doing this and to see if you can block them before WordPress even starts.

    Is it a string of pipes, or a string of pipes with spaces in between? At least you’ve pasted it here with spaces in between, in which case ‘| | |’ would do the trick.

    Your current blacklist can be optimized to this, by the way:

    $blacklist = array( 'thinkapp/invokefunction', '1 1 1 1', '||||', 'captcha' ); // add blacklist entries here; no need for whole words, use the smallest part you can

    Thread Starter AndrewNYC

    (@andrewnyc)

    4 years, 4 months ago

    This doesn’t work. I’ve tried with both spaces and without…the series of 1 1 1 is stopped, as are the others, but the pipes do not work. I will look at the server access logs, but this search is every day all day, so I suspect various IP addresses thanks

    Plugin Author Mikko Saari

    (@msaari)

    4 years, 4 months ago

    If that string doesn’t work, then there’s probably some invisible characters involved. Check the logs, you should see the exact search query there – it may be there’s something else that isn’t visible in the Relevanssi logs.

    Thread Starter AndrewNYC

    (@andrewnyc)

    4 years, 2 months ago

    The issue continues and my site search is continually being hit with these strange search strings…sometimes up to 400+ times a week. I went through my logs and did an IP lookup and found that the IP addresses belong to Google. I disallowed my search page from bots in robots.txt and that should end it.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Search spam in logs’ is closed to new replies.