[wp-hackers] Another anti-spam technique
Dougal Campbell
dougal at gunters.org
Fri Oct 29 15:21:29 UTC 2004
Owen Winkler wrote:
> [...]
>
> Also, has anyone received comment spam that did not have the "HTTP_VIA"
> header? I have configured WordPress to send a complete set of server
> variables ($_SERVER[]) in every admin comment notification email so that
> I can examine these. Every spam I've received has had this header,
> indicating that a proxy was used to submit the comment.
I had added code to the local copy of my TarPit plugin recently to send
me the full $_SERVER[] output, in order to narrow down the headers for
proxy connections. But the spam I've been getting lately has started
coming from a new set of IPs that I didn't already have blocked yet.
I'm fairly certain that all of the comment spam I've been seeing lately
(and there's been a lot of it) has come via proxies. I've also seen a
common Referer: 12.163.72.13, and I've added referer checks.
--
Ernest MacDougal Campbell III, MCP+I, MCSE <dougal at gunters.org>
http://dougal.gunters.org/ http://spam.gunters.org/
Web Design & Development: http://www.mentalcollective.com/
This message is guaranteed to be 100% eror frea!
More information about the hackers
mailing list