[wp-hackers] Spam results

David Chait davebytes at comcast.net
Sat Dec 4 06:58:54 UTC 2004

I'm using a multi-step solution:
- rename wp-comments-post.php. ;)  I now store the filename in a variable, 
so I can rename the file if needed again, and change in one and only one 
place.  I think this alone nails a lot of spam...  (an MD5 hashy thingy 
probably would do as well)
- I additionally then run filter tests, and toss any flagged comments:
  - test URIs against my blacklist from CG-Referer -- originally made to 
block referral spamming, now does double duty to filter spam URIs.  it's a 
tight list of partial-URI constructs, not just singular keywords.  So, gets 
harder to 'make up' useful site names that aren't already partial-hits.
  - back to back links with only whitespace between.  That was an early 
catch, I've kept it in.
  - multiple URLs provided (I think I use a high number, like 4)
  - test that the refererring page is wp-comments-popup (for me -- I use a 
modded popup form).

In theory, tests 1-3 >could< go to captcha for self-moderation.

The thing I last saw was obviously one spammer using a bunch of zombies or 
proxies, so I got hit every n mins by a different machine in cycle.  Have 
enough machines, and 'wait for n mins between posts' doesn't work well.

The only reason that I don't like auto-closing is due to the nature of my 
site -- I want people to find, and comment, on even the oldest posts.  The 
only things I'd close commenting on would be administrative type things, or 
date-specific things, and if I was going to waste time doing that, I can 
just as easily move them to be private or nuke em. ;)

The no-direct-spamming catchers (non-specific filename for the posting code, 
md5 hashy thingy, test referring page maybe just for 'scoring', etc.) is an 
'easy' first pass.  My blacklist stuff was providing a decent first pass, 
but changing the filename has basically shut off spam for the moment. 
Blacklist is a nice backup, in case they use the post-popup form to post it 
auto-manual -- and blacklist will catch most of the link cases.  And since 
my last flood of spamming was singular links with garbage prose quotations 
in the body, multiple-link-checking isn't a deterrent.

Oh yeah, and manually forwarding messages to abuse@ addresses at the owner 
of the IP of spammers to try and get them shut down. ;)


----- Original Message ----- 
From: "Matt Mullenweg" <m at mullenweg.com>
To: <hackers at wordpress.org>
Sent: Friday, December 03, 2004 8:32 PM
Subject: [wp-hackers] Spam results

> I'm curious what spam methods are working best for everyone? I see lots of 
> comments people saying they're using something but not many saying what's 
> working. Namely, what would be the best methods to roll in? Obviously 
> something like captcha doesn't fit the WP philosophy, but some of the 
> other approaches (scoring comments, better management of floods, 
> auto-closing) I think could be very effective even when mass-deployed. 
> Thoughts?
> -- 
> Matt Mullenweg
> http://photomatt.net  | http://wordpress.org
> http://pingomatic.com | http://cnet.com
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org

More information about the hackers mailing list