[wp-hackers] Fwd: [kunjan.net] Comment: "The Ansari X Prize"

[Owen Winkler]

Mark Jaquith wrote:
>>> One solution would be to have a hidden value in the form that is checked
>>> by a plugin when the comment is submitted.  This value could be
>>> something like the hash of the raw entry text.  Sure, he could figure it
>>> out by looking at the form, but most spammers don't... they post
>>> comments directly.  This wouldn't penalize those who don't send 
>>> referrers.

 From my experience in doing this, this isn't necessarily true.  That 
is, the holdem guy has already figured his way around special form fields.

My comment spam blocker ("OSA") is a plugin for WP 1.3.  You drop it in, 
activate it, add a single line in the wp-comments-post.php file 
(instructions are on the plugin config page), and configure your options 
from the OSA Options tab in the admin.

You can (all optional):
* Delete every comment except those written by logged-in WP users of a 
level you specify.
* Delete comments based on IP (plain text or regex)
* Delete comments based on content, email, or URL (plain text or regex)
* Send comments to moderation that fail to include the special OSA form 
fields (auto-generated hash unique for each comment).
* Send comments to moderation for incorrect referer.
* Send comments to moderation for including HTML entities (a common 
spammer tactic for eluding text filters).
* Send comments to moderation that were sent through a labeled proxy 
(when HTTP_VIA header is included).
* Send comments to moderation that were submitted for posts older than a 
number of days you specify.
* Close comments for old posts entirely based on your setting.
* Set a maximum time between receiving the comment form and submitting it.
* Set a minimum time before submitting a comment.
* Delete comments that fail any OSA check.
* Delete comments that fail any Discussion tab checks.
* Append diagnostic info (server variables and form elements) to 
moderated comment email.
* Keep a count of the number of deleted comments.  Mine is currently at 897.

All "please approve this" comment email includes the reason why OSA 
moved it into moderation, which drives me nuts about the default 
WordPress stuff.

The spam wordlists (2 separate lists for IP and comment/name/email/URL) 
in OSA are separate from the wordlist built into WordPress, so you can 
define different behaviors for each.

This plugin probably shares a lot of features with Kitty's Spaminator, 
but my thinking is that diverse spam prevention gives the spammers 
different targets to shoot at.  The more, the merrier.

The download is here: http://www.asymptomatic.net/wp-hacks
Your comments are welcome here: http://www.asymptomatic.net/articles/993.htm

Would anyone like to collaborate on a distributed XML-RPC spam wordlist, 
ala "Blam!", that has actual source?

Owen