« Small World | Home | Recent Comments | Categories | Oklahoma Black Leaders Upset Over Candidate Remark »

New anti-spam trick

Posted on October 31st, 2004 at 8:01 by John Sinteur in category: News -- Write a comment

I’ve implemented a new anti-spam trick. I’ve added the following small piece of code to the “check_comment” function in “functions.php” in wordpress:


$spammer_ip = $_SERVER['REMOTE_ADDR'];
list($a, $b, $c, $d) = split('.', $spammer_ip);
if( gethostbyname("$d.$c.$b.$a.list.dsbl.org") != "$d.$c.$b.$a.list.dsbl.org") {
 header( "Location: http://dsbl.org/listing?".$spammer_ip);
 return false;
}

This means that if your IP address is on a list of known open proxies (mostly used by email spammers, but recently by comment-spammers as well) you will not be able to post comments.

UPDATE: A new version, with more and better checks, is here

  1. Kitten on October 31st, 2004 at 8:14:

    Actually, you might wind up with better results if you add this to wp-comments-post.php so that known spammers don’t clog up your mod queue.

  2. John on October 31st, 2004 at 8:23:

    I’ll look into that… good one!

    Or even better, have a future version of WP add a special filter type so I could stick it into a plugin..

  3. Phil's Blog o' Doom » New Spam Modules Installed on November 5th, 2004 at 9:02:

    [...] or (http://mookitty.co.uk/ devblog/archives /2004/10/31 /kittens-spaminator/) as well as a DSBL check (http://weblog.sinteur.com/index.php?p=7967). We’ll see if that cuts down on the SPAM problem. If so, I’ve solved one of the few big proble [...]

  4. Mark J on November 5th, 2004 at 10:22:

    You can hook in at post_comment_text.

    It is a filter for the text of the comment, but it is run before anything is put in the database. I use this to check that the domain of the e-mail address given has a valid MX entry and is a properly formed e-mail address.

    <?php
    function check_for_open_proxy( $comment_text ) {

    $spammer_ip = $_SERVER['REMOTE_ADDR'];
    list($a, $b, $c, $d) = split(’.', $spammer_ip);
    if( checkdnsrr(”$d.$c.$b.$a.list.dsbl.org”) ) {
    header( “Location: http://dsbl.org/listing?“.$spammer_ip);
    exit();
    }

    return $comment_text;
    }
    add_action(’post_comment_text’, ‘check_for_open_proxy’, 1);

    That should work just fine on 1.2, 1.2.1, and 1.3 (but it’s late, so don’t quote me on that).

  5. scriptygoddess on November 5th, 2004 at 11:56:

    [...] , this one seems like a simple enough hit that can get rid of quite a bit: (As posted on the Daily Irrelevant) …If your IP address is on a list of known open proxies (mostly used by email s [...]

  6. LostFocus on November 5th, 2004 at 12:03:

    Und noch ein Anti-Kommentarspamtool
    ( en: ) I just put together the code from this Anti-Spam-Trick into a WordPress-Plugin. Download it here.

    ( de: ) Auf dieser Seite gibt es Code für ein WordPress-PlugIn, mit dem bei Kommentaren überprüft wird, ob sie von einem offenen Proxy stamm…

  7. Weblog Tools Collection » New anti-spam trick on November 5th, 2004 at 13:15:

    [...] nti-spam trick Categories – Cool Scripts WordPress Hack LinkyLoo — Mark New anti-spam trick: Check if your comments came from open proxies before even beginning to process th [...]

  8. Blogging Pro - Blog News, Tools and Hacks » WordPress Hack: New anti-spam trick on November 5th, 2004 at 13:42:

    [...] ick slvShowNewIndicator(1099665737); Filed under: WordPress Hacks|Google it! This anti-spam hack checks to see if the commenter’s IP address is on a list of known open proxies ( [...]

  9. Eli Salver on November 5th, 2004 at 14:13:

    Just so people know, there are a few bugs in that code if you paste it directly into a terminal window having to do with escaped characters. All of the single and double quotes that got smartcoded to shapelier quotes are gonna cause a problem.

  10. Xawiers weblog on November 5th, 2004 at 16:28:

    Spamas puola
    Nauji triukai reklamos erdvėje sugalvoja automatizuotai visur rašinėti į komentarus. Bet kiti galvo?iai sugalvoja kaip nuo jų apsisaugoti. Naujas triukas apsaugoti WordPress blogerius jau patalpintas [šiame puslapyje] (http://weblog.sinteur.com/i...

  11. Stephen on November 5th, 2004 at 17:38:

    Mark: I’m a bit confused on where you are suggesting we put this file. In post_comment_text? I couldn’t find a function or file by that name anywhere. Or do you mean somewhere else?

    The original message said to put in the check_comments area of functions.php. I wasn’t sure if your code was designed for a different location.

    (Also, webmaster: possible CSS bug on your site. The comments box stretchs well beyond the right column with the list of links t olostfocus, scriptygoddes, etc. I’m using IE6.0 on XP. Very disconcerting to be able to type behind the right column and not to be able to see what I’m writing).

  12. John on November 5th, 2004 at 17:49:

    You’re probably best served with the plugin version..

  13. Mark J on November 5th, 2004 at 17:57:

    Yeah, it was intended as a plugin… sorry that wasn’t clear. It’s the same idea as the plugin version Charles Gagalac did.

  14. The Indiana Jones School of Management on November 5th, 2004 at 18:34:

    Stopping Open Proxy Commenters
    Matt points to a great concept: stopping comments that come via open proxies.

    There are some plugins extant for it … I’m going to take a little time this weekend to try and find a good one to recommend.

  15. Seraphim Proudleduck » Anti-Spam on November 5th, 2004 at 18:34:

    [...] under: General  | theanomaly @ 7:34 pm

    Matt points to a great concept: an anti-spam trick that stops spam comments that come via open proxies. If your IP address [...]

  16. Seraphim Proudleduck on November 5th, 2004 at 20:35:

    Anti-Spam
    Matt points to a great concept: an anti-spam trick that stops spam comments that come via open proxies. If your IP address is on a list of known open proxies (mostly used by email spammers, but recently by comment-spammers as well) you will not be able…

  17. Arvind on November 6th, 2004 at 4:49:

    A good idea, but what about those people who’s IP’s are blacklisted by DSBL through no fault of their own. A prime example is my pathetic excuse for an ISP who’s IP seems to be blacklisted!

  18. John on November 6th, 2004 at 4:58:

    In that case you’re probably on dynamic addresses. Unplug your modem and plug it back in, you’ll get a different IP address.

    DSBL.org cannot see the difference between a dynamic IP address and a static one. It can only register IP addresses that send it mail. dsbl.org has a lot of other similar questions answered, although most of it is about mail.

    My code only sends the posting to the moderation queue, so if your post would be ‘blocked’ by it, the site owner could still approve it.

  19. Frish.nl - As frish as it gets - Rogier Strobbe on November 6th, 2004 at 17:08:

    New anti-spam trick
    Ik ben niet de enige die de afgelopen dagen aangevallen is door commentspammers. Meerdere Wordpress logs zijn aangevallen.

    Aangezien de spammer constant een andere open-proxy gebruikte, was het geen doen om de ip-adressen met de hand te gaan blokker…

  20. chris on November 9th, 2004 at 16:44:

    Unless you require the power of regular expressions, you should be using string based functions. And even then, you should be using PCRE such as preg_split() instead of it’s slower POSIX cousins: split() and spliti(). In this case, explode() is the proper choice.

    In PHP, it does matter in the long run, especially in scripts you expect to have a heavy load, such as one that is frequently under assault from spammers.

  21. PHP - User Design » Fight the Bastards on November 10th, 2004 at 10:25:

    [...] t found a viable solution yet. I have installed the denied open proxy plugin (check it out here, and well, it has been quite for the last 6 hours. I have been hoping between the arin, ripe and [...]

  22. Anders Jacobsen's blog on November 10th, 2004 at 19:48:

    Auto-blocking open proxies’ access to Movable Type
    In the category of sheer genius contributions to the fight against spam, let me point you in the direction of Brad Choate’s newest plugin for the Movable Type content management system: mt-dsbl

  23. Jacques Distler on November 11th, 2004 at 18:17:

    Umh, why are you using DSBL (which is not an open proxy list), instead of, say, opm.blitzed.org, which is an open proxy list?

  24. John on November 11th, 2004 at 18:25:

    I won’t be pulled into a “it is!” “is not!” discussion – both lists have their uses, their proponents and their opponents. The source code of my plugin is available, if you want to use it to check another blacklist feel free to change the source and publish it.

    -John

  25. jnew.de - jetzt noch ein weblog » Kampf dem Kommentar-Spam, Teil 2 on November 14th, 2004 at 16:40:

    [...] äten Nachmittag, um 17:40 Uhr John Sinteur bloggte schon vor 2 Wochen über ein Wordpress Plugin, dass beim kommentieren prüft, ob die IP von einem offenen Proxy stammt. Dazu wi [...]

  26. DaveNSoKona on November 14th, 2004 at 16:54:

    Aloha,

    Please excuse my ignorance but could you sum up where and how to implement this? i.e if you save the plug-in as
    say: ip_blocklist.php how and where is it called from in wp-comments-post.php:?:

    Mahalo,
    Dave

  27. John on November 14th, 2004 at 16:58:

    First, download the full plugin from here. Unzip the file, and put it in your /wp-content/plugins folder. Go to the plugin page in your weblog admin, and activate it. That’s all.

  28. wordlog.com » Learn From the Other Camp on November 20th, 2004 at 20:40:

    [...] gin for MovableType, called MT-DSBL, which is a port of a WordPress trick, as published at the Daily Irrelevant. That’s the kind of stuff my monkeys like to see – more interaction, [...]

  29. Nomadig :: Journal :: Attack of comment spammers! on December 7th, 2004 at 20:17:

    [...] ts also all valid comments for the period of my trip. Use Stop Open Proxy Commenting from John to stop comments from HTTP proxies that are known to send spam email. Consider u [...]

  30. Your Guess Is As Good As Mine on December 12th, 2004 at 20:18:

    Consider A New Career
    After recent modifications to the comment functionality of this weblog, when I went to make a comment to a recent post, instead of the comment posting, I was routed to http://www.fbi.gov. Clever, huh? To be spammed by this FBI…

  31. Phildo's Blog on January 10th, 2005 at 7:21:

    MT-DSBL – Open proxy comment filter
    I bumped into a spiffy little plugin for MT 3.1x that checks a comment posters IP against known open relays/proxies via DSBL. You can get the plugin here. It give you a choice to either deny or moderate the comment. If you use WordPress, there’s a nic…

  32. NetWizard's Blog on February 1st, 2005 at 19:05:

    Fighting Trackback Spam with Email Blacklists
    Overnight I got slammed by two trackback spam attacks to my blog, both lasting about two hours and originating from over 20 IPs. I added all of them to my banned list to prevent further occurrences. HOWEVER, I also sat…

  33. NetWizard's Blog on February 1st, 2005 at 19:20:

    Fighting Trackback Spam with Email Blacklists
    Overnight I got slammed by two trackback spam attacks to my blog, both lasting about two hours and originating from over 20 IPs. I added all of them to my banned list to prevent further occurrences. HOWEVER, I also sat…

previous post: Small World

next post: Oklahoma Black Leaders Upset Over Candidate Remark