Comment Spam

The authimage hack mentioned above worked like a charm on my blog. I also changed the name of the wp-comments-post.php file just for good measure. I’ll let you know how it works out in a few days.

I hacked my comment-post file to kill the poker spammers. I am working on a better solution I posted about in the one of the other forums.
if ($url == “https://video-poker.ownsthis.com”) {
die( __(‘Pwned — Sorry!’));
}
Its basic, but I pop it in the post file somewhere after the check for flooding and just tweak the URL depeding on the bot. It seems its using the same URL on mine for a couple of days. This stops stuff ever reaching my mod que, stops the emails – until they switch the URL.

The above might come in handy for those unable to edit the httpd.conf files —

Could someone here tell me why this guy is getting through a wordpress setting?
I have urls in comments set to 1 and this guy regularly posts 3 and gets through.
How? Is that feature broken? Is it fixed in 1.3?
I mean, all of these hacks are great but it would seem to me that this simple feature of off-the-shelf WordPress ought to work, yet it doesn’t.
Why? How is he getting through it?

It’s simple: the video poker guy is posting multiple urls in his comment spam. WP has a feature to deal with this. It does not work.
I have it set to 1. He’s still getting through.
I just tested this feature in 1.3 and it’s broken there too.
Again, why have a feature if it doesn’t work? Or, is this guy doing something that gets through it? Or, are there a combination of checkboxes above that need to be checked to make this work?
Sorry, but I’m reluctant to install hacks and go nuts with this until I know why a built in feature is not working.
Anyone?

As stated, many, many times, even in the first post of this thread, he has a way to get through. Just try some alternatives: https://www.tamba2.org.uk/wordpress/spam/ . I recommend changing the name of your wp-comments-post.php file. If you do it properly, it won’t harm anything.

I may be mistaken and I’m willing to hear how but at least for the time being, I’ve solved the spam problem with this one guy at least by using WordPress’s built in url counting filter.
What strikes me amazing is that I’ve posted numerous times about this and I’m being told that I’m not undersanding, this guy can get through anything, blah blah blah.
Here’s what I saw:
1. WordPress has a feature which should have worked but wasn’t (Options, discussion, limit urls in comments and any more go to moderation que)
2. WordPress somehow has a rather narrow view of what an url is: “http:…” and “… .com” etc.
2. This guy is posting three urls that look like this:
https://www.poker.com
https://www.somethingelse.com
https://www.anotherurl.com
Actually, there’s a number before the first one and I wasn’t sure what that meant but it’s irrelevant to what a friend and I did.
3. He’s getting through because WordPress is looking for http and he’s not using it. Duh.
4. I asked my friend David to dig around and find out where in WordPress the code is that looks at comments and sorts out the good from the bad.
5. David found that code/function and modified it to look at urls in a smarter way.
6. All of this guy’s comments are now going to moderation. He has not posted a comment yet that got through.
Now, I may be missing something and I’m sure you’ll all jump on me for being stupid but we added no hacks, we did nothing except make WordPress work the way it ought to.
If what we did is meaningful, I hope it gets into the next release of WordPress. Again, I may be mistaken but I’ve been hit a few hundred times by this guy and variants of this guy and the last 20 post this modifiction have gone to moderation where none were going there before.
I’ve asked David to follow this post with the name of the file and the code modifiction he made.

this forum is going to get real interesting when someone starts crapflooding. counting links isn’t going to help you then.

Thanks for your post – you may want to look at the latest spam catching plugins too.
There are 2 elements:
1 – stopping the crap appearing on your blog
2 – stopping having to delete tons of crap from the mod list
I can’t comment on the code (I don’t do code) but while there has been a flood of ‘help I’ve been spammed’ posts here, there has equally been a flood of ‘how the hell do I get rid ?’ – referring to the queue in mod.
I certainly don’t think that a single plugin can do the job right now, nor can a code mod. You need a few methods working.
Ringmaster’s link to the page on my site may be useful to you ?

It’s David here.
This feels like it is way too obvious, but all I did (because of Richard logic) was change line 1340 of ./wp-includes/functions.php to:
if ( (count(explode(‘href’, apply_filters(‘comment_text’, $comment))) – 1) >= get_settings(‘comment_max_links’) )
return false; // Check # of external links
if anyone sees a flaw in this approach, I would love to be corrected.
Thanks,

David:
The logic seems sound, although you’re running the filters on the comment twice (once for checking for links, once for output). Apart from the processor hit, it should do what it’s supposed to.
Alternatively, you could check for a regex that looks “domain-like” and bounce that? (I’m not going to get this right, but maybe ‘|\b([a-z0-9_-]+\.)+[a-z]{2,4}\b|i’ ?) Just thinking aloud.

Thanks Podz and Ringmaster for helping me sort this out.
I can see that if one were actively using the moderation list on all posts that the way I’m using it would be a drag and one would want another method.
I guess for me, I’m vaine enough so that even though my weblog is not all that popular, I don’t want “video-poker” posted publicly in an active comment list. Of course, I’d rather catch it before it gets in the database but until I get to that place, using the url number filter seems like a useful tool to me.
Since I’m new to comment spam, my question for all of you who have gotten a lot of it is: do you think this will get a lot worse before it gets better? If so, how much worse?
Just out of curiousity, what does Mr. Video poker get out of a click through? What’s in it for him besides digging into weblog directories to figure out the file names of comment engine files?

We don’t want you to have those comments, either, since you would be letting the spammers think they can get away with torquing their pagerank by spamming anyone’s blogs. The more they get the impression that this is too much work, the less we’ll have to worry.
That isn’t to say that it’s not going to get worse. And it also isn’t to say that it will ever get better. But we’ve got to try, right?
I don’t think the video poker guy is getting anything out of spamming us. I’ve probably totalled 600 or more messages from him since Friday, and I already had filtering in place to stop it, so they’ve not shown on my blog at all.
Besides that, the sites that he been pointing to have apparently all been shut down, so the page ranking isn’t even worth it for him.
In fact, the only thing it’s really doing is giving me a more complete list of open proxies whose IPs I can block.
Have you tried this yet? It’s kind of fascinating…
First, go to https://www.whatismyip.com/ and note your IP address.
Copy the IP address of the origin of one of your spam messages. Go into Firefox Options, General, Connection Settings. Click “Manual Proxy Configuration”. In the HTTP field, paste the spam IP. Set the port to 80 (or 8080 if 80 doesn’t work).
Go back to https://www.whatismyip.com/ and compare. Neat, huh?

I tried the suggestion of renaming the post.php and deleting the original, but I still get the automated spam that is hitting my e-mail, when I add a new blog. Any suggestions?

Use phpmyadmin and browse the table ‘wp-comments’, deleting the spam.
Then go grab TG’s code and some more protection:
https://www.tamba2.org.uk/wordpress/spam