gpshewan

@ AuntiAlias – that’s okay, it seems like it was a Verio reseller and it’s being looked into now (so don’t mail Verio). Regardless, it looks like the spammer is in the process of moving from that box to another one.

I had a similar issue after a nightly upgrade when I forgot to comment out these lines in wp-login

// If someone has moved WordPress leta€?s try to detect it
if ( isset( $_SERVER[a€?PATH_INFOa€?] ) )
$_SERVER[a€?PHP_SELFa€?] = str_replace( $_SERVER[a€?PATH_INFOa€?], a€?a€?, $_SERVER[a€?PHP_SELFa€?] );

Tricky few lines…but it killed the referrers problem.

Sorry glo, didn’t mean to sound patronising…missed out a smiley on my post there ??

I’ve tracked all those little so-and-sos down but just being in the contact info can’t get it shut down for spamming (unfortunately). I had somebody referral spam me from his works network (as he thought it was a legitimate way to get traffic…uh-huh…) so there’s a defence there. It’s the 161.58.59.8 IP which is at the centre of it. Document what you have and suvmit it to Verio…the more that do that the better,

@ Error – It’s all about ranking, but of course there are people clicking through. It makes sense when comparing cost + effort against reward.

That’s spam 101 mate.

@kyte -Yeah, that’s the guy. I’d suggest heavy moderation if you can’t upgrade to 1.5 nightlies.

@glo – Are you tracking this correctly? All the spam will come from ‘legitimate’ IP’s that are either proxies or zombie PC’s. Backtrack the referral URL and you’ll probably end up at the same IP (161.58.59.8) as everyone else. It’s no good blocking the IP’s it’s coming from because believe me they have a lot. You’d be better off tracking down an abuse contact if it’s not a proxy – but damn that’s a full time job.

The bogus TOS screen has probably kept that spammer box running for ages. Hopefully enough people gathering the correct evidence and reporting it to Verio will get it shut down.

@kyte – DreamerFi is probably referring to 1.2.2

Tactics which a few people are looking at.

I would think they are trying to get around comment moderation. They use zombies or open proxies to initiate the attack (so you can’t backtrack them) but the URL referring actually exists. This is probably an attempt to get through some form of DNS moderation. If you investigate the domain it seems as if it’s breached TOS so you stop there…but now you know that any TOS statement is bogus and they all sit on one IP which seems to be co-located with Verio.

If you’ve protected your blog using any of the available plugins and have moderation enabled then you’re going to be okay. The problem is that a large number of requests and referrals are appearing n private referral logs – which is just plain annoying. But another downside is the attempts themselves are wasting bandwidth.

This spammer is a bandwidth leech – but there are probably enough unprotected sites to still make it worthwhile. It’s suspected that they are a group as it’s been seen that changes to the approach have happened quick when certain measures have been put in place, and it’s a pretty large zombie/proxy resource they have access to. It’s also not specific to WP.

But if you have plugins installed and you don’t monitor server logs on an obsessive basis – ?? – you’d probably never notice it most of the time.

Nice, saved me a bit of time this weekend. Still going to try and get Verio to nuke that server though. MT sites are also being hit by that scumbag.

Try 127.0.0.1…otherwise you need to contact your host

The Genie can’t be half in and half out of the bottle. ??
Hehehe! That’s impatience not good development practice ??
Thanks for that…now I’m humming Christina Aguilera o_O

Don’t take this the wrong way, but DUH! I’m not stupid enough to do that. Development is what I do for a living, so I know better than that
Nah it’s grand. Project Management (managing developers) is what I do for a living and it’s a rare occasion when developers want to rush things – that’s normally my job ??
I just don’t get the panic for dates or the rush to beta and release. Look at it from the point of view of you acting like a user (or a PM even) asking when a release is going to be or for further info so manuals could be written and UAT started. Surely you’d turn around to them as a developer and explain it’s in alpha and there’s nothing going to be firm so there’s no point starting that stage yet?
I’m not having a go or anything (I know sometimes it can be a touchy subject). Like I said I run projects for a living and I’m fascinated by the pressures on open source projects. Can you see as a developer how you’re asking for what could amount to UAT information at such an early stage?
Anyway, I’ve said enough – this probably isn’t the best place to start such an open ended discussion ??
Gary

Imagine my surprise when my 1.2 upgraded to 1.3 site no longer functioned as expected.
It wouldn’t surprise me. 1.3 is still in Alpha.
I don’t understand why everybody wants 1.3 as it is now on live sites. On a test server fine, but using alpha software on a live site isn’t the best idea. There’s no big hurry – wait for beta at least ??

Never seen that on a forum before… something new ??

<meta name="robots" content="all" />
Works for me
Here’s a more detailed explanation
https://www.robotstxt.org/wc/meta-user.html

Strange, why is my post appearing in bold italics when I’ve used no tags….curious…