Combating Spam - Disable Trackbacks for Older Posts in Wordpress
I've been inundated with spam recently, up till the point I've had to install some stupid maths plug-in to annoy people try and stop it.
The main problem is not the spam, as it all ends up in Akismet, it's very accurate..the problem is when there is false positives and real comments end up in Akismet, there are just too many comments to go through and fish out the real ones, (200-400 per day)...so I just end up deleting all and often losing real comments.
I've decided most spam is not actual comments posted through the form but auto-generated Trackbacks, that's how it seems anyway.
I've installed a trackback validator plugin, but that's really not helping as it just ends up in Akismet with all the other crap, so I still have trouble spotting the real comments.
I also installed Did You Pass Math? (DYPM) But it just seems to annoy people and doesn't do anything about Trackback spam.
What I've come to think is the the most sensible solution is to disable old Trackbacks, as real Trackbacks are most likely to come on new posts.
So go to your database or in my case phpMyAdmin on my domain and bring up the SQL query box, then paste this in:
Update wp_posts
set ping_status = "closed"
where post_date < "2006-12-01"You can change the date to suit when you want to turn off Trackbacks, just make sure you keep the date in the same format.
phpMyAdmin returned "Affected rows: 593 (Query took 0.0375 sec)"
And that was that, Trackbacks were turned off for old posts before December 1st, 2006!
Even with this and DYPM disabled, I get about 60 spam comments a day, so the best solution is to disable old trackbacks and keep DYPM installed and active.
I'm loath to disable comments for old posts as I still get people popping up and commenting on old posts regularly.
This brings spam back down to a manageable level (just a few each day).
7 commentsDid Your Coppermine Gallery (CPG) Get Spammed? Eww Spam..
Mine did, really it sucks!
Anyway if yours did too, you can get rid of all the spam in a few seconds, go to your control panel or however you get to phpMyAdmin on your server (or command line MySQL interface), whichever you are comfortable with and run this SQL statement:
DELETE FROM `cpgXXX_comments`
WHERE
msg_body LIKE '%cialis%'
OR msg_body LIKE '%viagra%'
OR msg_body LIKE '%tinyurl%'
OR msg_body LIKE '%og-seote%'
OR msg_body LIKE '%custom-tshirts%'
cpgXXX will be whatever your table prefix is for coppermine, depending on when you installed it, mine is cpg131_
You will also have to adjust the words for example OR msg_body LIKE '%custom-tshirts%' can be changed to OR msg_body LIKE '%YOUR_SPAMWORD%' you can just keep adding OR statements on following lines according to any of the words that uniquely identify the spam comments.
I mean don't go deleting everything with 'the' in it for example.
Yah spammers are using tinyurl to spam their dirty generic viagra pills too, abusing a free service.
I hope it doesn't effect legitimate users.
6 commentsReferal Spam and Comment Spam & Site Updates
Ok so I finally got around to doing all the things I meant to do for a long time...
I also added the latest comments plugin on the index page, which although it's totally useless, it's pretty neat anyway.
The latest problem I've been having is with Referal Spam and Comment Spam.
For those that don't know:
Referer
A misspelling of "referrer" which somehow made it into the HTTP standard. A given web page's referer (sic) is the URL of whatever web page contains the link that the user followed to the current page. Most browsers pass this information as part of a request.
My referals were starting to look like this:
Which is not a good thing...
I found an addition to the .htaccess file which may stop this, I only started using it today though, so I'll wait and see the results..
This code sends back the '403 Forbidden' response for anyone who's asking for a header only and who is sending a referer.
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http [NC]
RewriteCond %{REQUEST_METHOD} ^HEAD$ [NC]
RewriteRule .* / [F,L]
There are some things out there which use the HEAD command like local proxies and webcaches but they generally don't send a referer when they do this.
Source is HERE
There is also one to block on specific words/domains:
SetEnvIfNoCase Referer ".*(anal|adulthost|latina|shemale|viagra|valium|fioricet|ebony|
hydrocodone|3d.net|v33|brad.com|ambien|xrated|tranny|phentermine|vicodin|credit|canadianlabels|
8gold|texas-hold|hold-em|holdem|fidelityfunding|condo|sportsparent|mortgage|spoodles|money|
cash|hotel|houseofseven|stmaryonline|newtruths|popwow|oiline|flafeber|thatwhichis|tmsathai|pisoc|
crepesuzette|mediavisor|commerce|easymoney|911|////.vi|gb////.com|4free|macsurfer|teen|pussy|
discount|blogincome|lillystar|aizzo|webdevsquare|laser-eye|escal8|xopy|vixen1|linkerdome|
youradulthosting|fick|inkjet-toner|fuck|ime.nu|perfume-cologne|italiancharmsbracelets|
shoesdiscount|psnarones|hasfun|casino|gambling|poker|porn|sex|paris|gabriola|nude|xxx|
hilton|pics|video|adminshop|devaddict|iaea|empathica|insuranceinfo|atelebanon|handy-sms|
peng|just-deals|pisx|rimpim).*" BadReferrer
order deny,allow
deny from env=BadReferrer
Will wait and see if it works, might have to tweak it a bit, note the first section should be all one line, so remove the carriage returns.
There is more info:
Killing Referer Spam
Sample .htaccess file
Block Referer Spam
Referer Spam
So my finished current (tested) .htaccess file looks like so (remember the spam words is all one line):
## shaolintiger.com Anti-spam .htaccess file © 2005
RewriteEngine On
RewriteBase /
## List of dirty spamming websites, matches any part of referer
SetEnvIfNoCase Referer ".*(anal|adulthost|latina|shemale|viagra|valium|fioricet|ebony|hydrocodone|
3d.net|v33|brad.com|ambien|xrated|tranny|phentermine|vicodin|credit|canadianlabels|8gold|texas-hold|
hold-em|holdem|fidelityfunding|condo|sportsparent|mortgage|spoodles|money|cash|hotel|houseofseven|
stmaryonline|newtruths|popwow|oiline|flafeber|thatwhichis|tmsathai|pisoc|crepesuzette|mediavisor|
commerce|easymoney|911|////.vi|gb////.com|4free|macsurfer|teen|pussy|discount|blogincome|lillystar|
aizzo|webdevsquare|laser-eye|escal8|xopy|vixen1|linkerdome|youradulthosting|fick|inkjet-toner|fuck|
ime.nu|perfume-cologne|italiancharmsbracelets|shoesdiscount|psnarones|hasfun|casino|gambling|poker|
porn|sex|paris|gabriola|nude|xxx|hilton|pics|video|adminshop|devaddict|iaea|empathica|insuranceinfo|
atelebanon|handy-sms|peng|just-deals|pisx|rimpim).*" BadReferrer
## List of bad User-Agents
SetEnvIfNoCase User-Agent ".*(bdfetch|npbot).*" BadUA
order deny,allow
deny from env=BadUA
deny from env=BadReferrer
## This rule will block anyone that just gets the HEAD and sends a REFERER without actually viewing the page.
RewriteCond %{HTTP_REFERER} ^http [NC]
RewriteCond %{REQUEST_METHOD} ^HEAD$ [NC]
RewriteRule .* / [F,L]
## Tells spammers to bugger off if appending underscore to file names
RewriteRule ^.*_$ - [F,L]
Seems to be ok so far, I had to tweak it a bit though as it was giving me an infinite loop somewhere resulting in the famous:
"Redirection limit for this URL exceeded. Unable to load page requested. This may be caused by the cookies that are blocked."
As for comment spam, I've just enabled it so anyone posting a URL or using HTML will be moderated, but the spammers have gotten smart...they now break the HTML tags onto two lines..so the regex doesn't find it.
Perhaps if I get too many, I'll implement captcha images.
Anyway that's all for now, I'm gonna go delete the spammers from my database..
8 comments
