ebonmuse

I’m not speaking of blocking an IP or limiting the number of simultaneous connections. I had in mind a plugin that would limit how many page requests a given IP could make in a specified period of time. Is there any such thing?

Well, I’m sorry to report that this fix didn’t work. The IP addresses I tried to block, even using the suggestions from this thread, are still showing up in my spam filter. I know I *can* block by IP address, since I was able to do so successfully with a friend, as I mentioned, but these people are somehow getting around it. Does anyone have any more ideas? Could this be some heretofore unknown security flaw in WordPress or Apache that enables spammers to bypass htaccess rules?

Yes, I am using GoDaddy, but I don’t think that was the problem. war59312 seems to have hit on it – I tried testing it with a friend, and I was able to ban them once I followed his suggestion. Thanks for the tips, everyone! Now let’s just hope this stops the spammers…

I have Akismet, which catches a great deal of spam, but on occasion a few do slip through. It’d be nice if I could cut out the middleman and just block these IPs directly. Is there a plugin that does that? I didn’t see one in the sticky thread.

I tried it without the asterisks first, actually, and that didn’t work either (I looked into this before posting here and I found some sites that say to use them, others that don’t). Could there be some way to bypass htaccess, or is there any other error in my code?

You could create a Page and not link to it from anywhere.

Well, I’ve disabled SecureImage for the time being, since it’s really not stopping any spammers as is. I have another solution that doesn’t rely on referrer strings: I’ve renamed wp-comments-post.php to something else, and modified my theme files accordingly. This will help, I think, since automated attacks against standard WordPress blogs will now fail; the spammers would have to parse the code on my site to figure out where to aim their bots.

HandySolo: Yes, SecureImage is a captcha plugin (see https://dev.wp-plugins.org/wiki/SecureImage). I allow readers to my site to register, which requires only a valid e-mail address, and bypass the captcha entirely from that point on, so I’m not concerned that visually impaired readers are being excluded. I’ll check out Bad Behavior as well, thanks.

whooami: That seems like a good temporary solution, but what happens if someone’s browser doesn’t send referrer strings, or sends them improperly? They won’t be able to comment at all then. Also, this solution could be trivially bypassed by a spambot, simply by setting it up to send referrer strings corresponding to the domain of the site being spammed.

I’m glad I know how the spammers are doing this now, but I’m surprised that SecureImage can be bypassed so easily just by directly invoking wp-comments-post. What’s the point of a captcha that doesn’t hook into that file? It seems to me like the only thing that would do is inconvenience legitimate users. I’m going to give rewriting that file a try so it interfaces more directly with the captcha.

Anyone else have any ideas? Strangely, I’m seeing this same query string showing up in my logs from multiple IP addresses, but a Google search doesn’t turn up anything informative. Is this some sort of automated scan?

I originally did this on my blog by creating several different category-X.php pages, but that required a lot of duplicate code and so seemed inelegant to me.

If you want a cleaner way to do it and aren’t afraid of some hacking, you could try using the fetch_category_id function I wrote. Right now I have this in my sidebar.php file:

<?php if(is_category()) {
echo_cat_heading(fetch_category_id());
}
?>

where echo_cat_heading is another function I wrote, via a very quick and dirty plugin, that uses the category ID number as an index into an array of category-specific text strings and prints the appropriate one, like so:

function echo_cat_heading($cat) {
$categoriesd = array(
3 => "test",
4 => "test 2",
5 => "etc.",
);
$desc = '<p class="justify"><i>' . $categoriesd[$cat] . '</i></p>';
echo $desc;

Does that help?

Not exactly. That function returns a list of the categories associated with a specific post; what I want is something associated with a general category page. For example, if my categories are 3: “cooking”, 4: “reading” and 5: “miscellaneous”, and I’m on the page “/category/cooking”, I want a function I can call on the template for that page that returns “3”.

I was grappling with a similar issue on my site, and I came across some code on this forum (I can’t remember exactly where I found it or I’d post a link) that lets you do something like that. Try this, replacing CAT_ID with the appropriate numeric category ID:

<?php
$temp_query = $wp_query;
$catposts = ‘cat=CAT_ID&paged=1&order=DESC’;
query_posts($catposts);
while (have_posts()) : the_post();
echo ‘<a href=”‘;
the_permalink();
echo ‘”>’;
the_title();
echo “”;
endwhile;
$wp_query = $temp_query;
?>

This code only lists recent posts belonging to a single, specified category, which may not be exactly what you want. However, you could put it in a function and call that function repeatedly.