churchtown

whooami: That .htaccess clause did not work against the criminals nor in my own telnet experiments with and without the Bad Behavior module loaded. I should surely be able to do a simple REFERER check on these POST attempts!? Assistance to effect this would be appreciated as I fear it is a matter of time before they realise or stumble upon a workaround;~/

podz: Any/all my plugins were suddenly not reliably responding to being activated/deactivated in admin. The topline response text ‘confirmed’ the actions to have occurred but they did *NOT ACTUALLY* occur.

webhost = self
define(‘DISABLE_CACHE’, true); // this resolved the issue

Disabling your (wp) cache worked and the plugins now respond appropriately and, indeed, their indicated status matches that promised by the disingenuous topline response text;~/

This has only just happened. I was working intensively to produce a working mechanism to (try to) deter my current injection email scripting ruffians, using PuTTY to telnet POST commands, the Bad Behaviour plugin was activated/disactivated, various site/s navigation and some site admin work.

I intend to keep disabled your (wp) cache as the sheer trouble it and those that ran before it have offered to ameliorate a few micro or milliseconds of response delay beggars my belief. We’re talking blogs here not the national archives at the BBC.

So the password vector is largely pointless or just simply irrelevant?

I had already hinted to the WP-ContactForm author about my own perceived need for at least a rudimentary paper trail check…

Was trying the .htaccess vector but only half got it right.;~/ A moderate improvement to your suggestion would be to use [F,L] and not just [F]. ‘[L]ast’ breaks any further local processing which might otherwise confuse things.

I’m curious and would like to see your secure contact script too…;~)

Here’s my ‘luck’ – your own mileage may vary.
Removed SpamKarma – it messed up ‘new commenter whitelisting’.
Stock WP v1.5 whitelisting is now working.
Incoming spam is TrackBack spam but still spam nevertheless.
Entered “tigerspice” into CommentBlackList area.
De-ticked future TrackBacks/PingBacks (never used hereabouts) in DiscussionOptions.
To resolve any further (legacy) TrackBacks/PingBacks (quickly/harshly) have installed the ModerateTrackBack plugin code (www.mtdewvirus.com/code) and, meanwhile, quietly working my way down my database. If I knew more about MySQL I expect I could clear the TB/PB ticks with one command, but I don’t;~/
Bottom line: no more trouble – no luck required.

a€￠ SpamKarma is/was takes out the TigerSpice trackbacks – good. However I found that (unfortunately) SpamKarma also messes up the stock WP functionality of first/new commenter being moderated after which commenter can go straight through without moderation. With SK activated all new commenting got straight on without being paused for initial moderation – not good.

a€￠ Now returned to stock WP (no SK) but with the <moderate-trackback.php> plugin. Contents of which are (plaudits to author)…

‘<?php
/*
Plugin Name: Moderate Trackbacks
Plugin URI: https://mtdewvirus.com/code/
Description: Puts trackbacks not marked as ‘spam’ into moderation.
Author: Nick Momrik
Version: 1.2
Author URI: https://mtdewvirus.com/
*/

function mdv_moderate_trackback($approved) {
global $wp_query;

if (1 == $approved && $wp_query->is_trackback)
$approved = 0;

return $approved;
}

add_filter(‘pre_comment_approved’, ‘mdv_moderate_trackback’);
?>’

This is holding the TS people’s trackback attempts in the moderation queue (ie out of sight).

The problem seems to be the legacy posts (ie that have PingBack/TrackBack ticked). All new posts are going out with that unticked:~|

Got to go out now and leave the site running…

I’m now using v1.5 and the SpamKarma plugin has correctly caught every single one of the ‘Texas/TigerSpice’ trackback attempts;~) Despite that plugin’s honest declaration of its experimental flavour.

If it’s of any help… updated 1.2 to 1.5 and the only plugin is SpamKarma.

Whitelisting is shot. Last night 3 cam sex commentspams (their 1st comments) went on-line without being held for moderation. I got a newbie to check from their location… after messing up the CAPTCHA a few times (profile is set for strict at the moment) their first comment went straight to line. It’s also in the moderation queue too;~|

I adopted WP for my use a few days ago. Have been seeing quite a bit of p o k e r spam incoming. I think it is being automatically generated. So… how about this for a containment strategy? Will it be any good in the long term?
SUMMMARY:
1) in robots.txt disallow the normal wp-comments-post.php
2) change the name of the actual wp-comments-post.php
3) allow only REFERERs from my own site
4) include disable script in (honey trap) wp-comments-post.php
This strategy immediately disables any IP specifically and inappropriately calling the wp-comments.php file.
There are no 404s to clean up, each directly (ie automatically) called posting attempt immediately fails, the calling IP is immediately banned, and an optional email is sent flagging, what amounts to, an undesirable intrusion attempt.
SCRIPT:
[wp-comments-post.php]
<?php
$filename = “/home/e-smith/files/ibays/bb/html/wordpress/.htaccess”;
$content = “# direct access to wp-comments-post.php\r\nRewriteCond %{REMOTE_ADDR} ^”.str_replace(“.”,”\.”,$_SERVER[“REMOTE_ADDR”]).”$\r\nRewriteRule .* – [G]\r\n\r\n”;
$handle = fopen($filename, ‘r’);
$content .= fread($handle,filesize($filename));
fclose($handle);
$handle = fopen($filename, ‘w+’);
fwrite($handle, $content,strlen($content));
fclose($handle);
mail(“[email protected]”,
“comments spam”,
“comments spammer on IP “.$_SERVER[“REMOTE_ADDR”].”\r\n”.$_SERVER[“HTTP_USER_AGENT”].”\r\n”.$_SERVER[“HTTP_REFERER”]
,”FROM: [email protected]”);
print “bye”;
?>
TODO:
1) cron event to rename working wp-comments-post.php