[wp-hackers] wp-denyhost

Alexander Beutl xel at netgra.de
Fri Apr 18 09:29:21 GMT 2008


whatever you do with this - when you start loading php parser for it you may
as well not do it.
you know there is no benefit at all when you
1. start php parser for htaccess
2. start php parser for wordpress
every time a visitor hits a page.
This would (maybe as I do not know if there is any caching within apaches
.htaccess treatment) even slowdown images and css files loading.

The trick would be to hardcode it - well it might be oversized then - I am
not to sure about how fast apache does parse htaccess.


Coming to IP Blocking:
It is very unlikly one will create more then X spams with the same ip if he
has no static one - at least this is what I read out of my logs.
They spam my blog from the same IP adress month long - triggering about 500
spams average till today, while botnet/dynamic IP spam only does 2 or 3
spams from the same IP.

Maybe the value of 5 is to low to only filter real spammers but since I
clean the comments table every second month (moving spam to a seperate table
for logging purposos) I don't think there will be many false positives.

Besides since I am living in germany and am not getting much spam from
german IP's I think the risk having spammers in dynamic IP ranges is not
such great today - while it will surely rise withing the next cuple of
month. I do not belive they will risk being filtered by "to many comments
per day, IP and blog" so there will be none to only very few false positives
when you set the deny value high enogh (10 should do the trick).

I am using comment IP blacklisting for a while now and never got any
complains.



2008/4/18, Per Søderlind <per at soderlind.no>:
>
> Ozh wrote
>
> > >Alexander Beutl
> > >>
> > >> Cool. Very cool indeed!
> > >>
> > >> But maybe you could add an option to write this blocking to htaccess
> > >> after it was detected to be a "need to block" IP) - this would stop
> > >> spammers from even bothering to start the php parser and to load the
> > >> stuff wordpress loads before the init actions - when they knock on
> > the
> > >> door apache would just throw an errorcode after them and hopefully
> > hit
> > >> their head ;-)
> > >>
> >
> > >This might work (not tested :)
> > >
> > >In .htaccess:
> > >php_value auto_prepend_file suspect.php
> > >
> > >suspect.php:
> > ><?php
> > >define('WP_USE_THEMES', false);
> > >require('./wp-blog-header.php');
> > >
> > >$suspect = $_SERVER["REMOTE_ADDR"];
> > >$count = (int) $wpdb->get_var("SELECT COUNT(comment_ID) FROM
> > $wpdb->comments  WHERE comment_approved = 'spam' AND >comment_author_IP
> > LIKE ('%$suspect%')");
> > >
> > >if ($count >= 1) {
> > >                header("HTTP/1.1 403 Forbidden");
> > >                die();
> > >}
> > >?>
> >
>
> > This might work indeed but is totally overkill and offers no benefit
> > from
> > using a standard plugin: for any PHP page, including those that may not
> > be
> > WP related, you're including wp-blog-header.php with does all the WP
> > init
> > stuff including the 5 to 7 minimum SQL queries, plus all the extra
> > queries
> > triggered by plugins.
> >
> > A slightly more efficient way would be not to include wp-blog-
> > header.php
> > and to query directly wp_comments without using the $wpdb object (thus
> > making one SQL query only)
> >
> > What would be even more efficient is that a function within the plugin
> > would hardcode "deny from $ip" in the .htaccess itself, maybe with a
> > grace
> > period, or limited to latest XXX ips to prevent oversized .htaccess
> > files
> >
>
>
> I totally agree that my "pseudo" code is an overkill, a trimmed PHP script
> is needed. In real life I might use RewriteMap[1] in http.conf, and stop
> the
> spammer there.
>
> ../PerS
> [1]: http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritemap
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list