Comments on: New anti-spam trick

By: NetWizard's Blog

NetWizard's Blog — Tue, 01 Feb 2005 18:20:52 +0000

Fighting Trackback Spam with Email Blacklists
Overnight I got slammed by two trackback spam attacks to my blog, both lasting about two hours and originating from over 20 IPs. I added all of them to my banned list to prevent further occurrences. HOWEVER, I also sat…

By: NetWizard's Blog

NetWizard's Blog — Tue, 01 Feb 2005 18:05:07 +0000

By: Phildo's Blog

Phildo's Blog — Mon, 10 Jan 2005 06:21:57 +0000

MT-DSBL – Open proxy comment filter
I bumped into a spiffy little plugin for MT 3.1x that checks a comment posters IP against known open relays/proxies via DSBL. You can get the plugin here. It give you a choice to either deny or moderate the comment. If you use WordPress, there’s a nic…

By: Your Guess Is As Good As Mine

Your Guess Is As Good As Mine — Sun, 12 Dec 2004 19:18:42 +0000

Consider A New Career
After recent modifications to the comment functionality of this weblog, when I went to make a comment to a recent post, instead of the comment posting, I was routed to http://www.fbi.gov. Clever, huh? To be spammed by this FBI…

By: Anders Jacobsen's blog

Anders Jacobsen's blog — Wed, 10 Nov 2004 18:48:11 +0000

Auto-blocking open proxies’ access to Movable Type
In the category of sheer genius contributions to the fight against spam, let me point you in the direction of Brad Choate’s newest plugin for the Movable Type content management system: mt-dsbl

By: Frish.nl - As frish as it gets - Rogier Strobbe

Frish.nl - As frish as it gets - Rogier Strobbe — Sat, 06 Nov 2004 15:08:32 +0000

New anti-spam trick
Ik ben niet de enige die de afgelopen dagen aangevallen is door commentspammers. Meerdere WordPress logs zijn aangevallen.

Aangezien de spammer constant een andere open-proxy gebruikte, was het geen doen om de ip-adressen met de hand te gaan blokker…

By: Seraphim Proudleduck

Seraphim Proudleduck — Fri, 05 Nov 2004 18:35:05 +0000

Anti-Spam
Matt points to a great concept: an anti-spam trick that stops spam comments that come via open proxies. If your IP address is on a list of known open proxies (mostly used by email spammers, but recently by comment-spammers as well) you will not be able…

By: The Indiana Jones School of Management

The Indiana Jones School of Management — Fri, 05 Nov 2004 16:34:17 +0000

Stopping Open Proxy Commenters
Matt points to a great concept: stopping comments that come via open proxies.

There are some plugins extant for it … I’m going to take a little time this weekend to try and find a good one to recommend.

By: Xawiers weblog

Xawiers weblog — Fri, 05 Nov 2004 14:28:59 +0000

Spamas puola
Nauji triukai reklamos erdvėje sugalvoja automatizuotai visur rašinėti į komentarus. Bet kiti galvo�?iai sugalvoja kaip nuo jų apsisaugoti. Naujas triukas apsaugoti WordPress blogerius jau patalpintas [šiame puslapyje] (http://weblog.sinteur.com/i…

By: LostFocus

LostFocus — Fri, 05 Nov 2004 10:03:59 +0000

Und noch ein Anti-Kommentarspamtool
( en: ) I just put together the code from this Anti-Spam-Trick into a WordPress-Plugin. Download it here.

( de: ) Auf dieser Seite gibt es Code für ein WordPress-PlugIn, mit dem bei Kommentaren überprüft wird, ob sie von einem offenen Proxy stamm…

By: Kitten

Kitten — Thu, 01 Jan 1970 00:00:00 +0000

Actually, you might wind up with better results if you add this to wp-comments-post.php so that known spammers don’t clog up your mod queue.

By: John

John — Thu, 01 Jan 1970 00:00:00 +0000

I’ll look into that… good one!

Or even better, have a future version of WP add a special filter type so I could stick it into a plugin..

By: Eli Salver

Eli Salver — Thu, 01 Jan 1970 00:00:00 +0000

Just so people know, there are a few bugs in that code if you paste it directly into a terminal window having to do with escaped characters. All of the single and double quotes that got smartcoded to shapelier quotes are gonna cause a problem.

By: scriptygoddess

scriptygoddess — Thu, 01 Jan 1970 00:00:00 +0000

[...] , this one seems like a simple enough hit that can get rid of quite a bit: (As posted on the Daily Irrelevant) …If your IP address is on a list of known open proxies (mostly used by email s [...]

By: Phil's Blog o' Doom » New Spam Modules Installed

Phil's Blog o' Doom » New Spam Modules Installed — Thu, 01 Jan 1970 00:00:00 +0000

[...] or (http://mookitty.co.uk/ devblog/archives /2004/10/31 /kittens-spaminator/) as well as a DSBL check (http://weblog.sinteur.com/index.php?p=7967). We’ll see if that cuts down on the SPAM problem. If so, I’ve solved one of the few big proble [...]

By: Weblog Tools Collection » New anti-spam trick

Weblog Tools Collection » New anti-spam trick — Thu, 01 Jan 1970 00:00:00 +0000

[...] nti-spam trick Categories – Cool Scripts WordPress Hack LinkyLoo — Mark New anti-spam trick: Check if your comments came from open proxies before even beginning to process th [...]

By: Mark J

Mark J — Thu, 01 Jan 1970 00:00:00 +0000

You can hook in at post_comment_text.

It is a filter for the text of the comment, but it is run before anything is put in the database. I use this to check that the domain of the e-mail address given has a valid MX entry and is a properly formed e-mail address.

function check_for_open_proxy( $comment_text ) {

$spammer_ip = $_SERVER['REMOTE_ADDR'];
list($a, $b, $c, $d) = split(‘.’, $spammer_ip);
if( checkdnsrr(“$d.$c.$b.$a.list.dsbl.org”) ) {
header( “Location: http://dsbl.org/listing?“.$spammer_ip);
exit();
}

return $comment_text;
}
add_action(‘post_comment_text’, ‘check_for_open_proxy’, 1);

That should work just fine on 1.2, 1.2.1, and 1.3 (but it’s late, so don’t quote me on that).

By: Blogging Pro - Blog News, Tools and Hacks » WordPress Hack: New anti-spam trick

Thu, 01 Jan 1970 00:00:00 +0000

[...] ick slvShowNewIndicator(1099665737); Filed under: WordPress Hacks|Google it! This anti-spam hack checks to see if the commenter’s IP address is on a list of known open proxies ( [...]

By: Stephen

Stephen — Thu, 01 Jan 1970 00:00:00 +0000

Mark: I’m a bit confused on where you are suggesting we put this file. In post_comment_text? I couldn’t find a function or file by that name anywhere. Or do you mean somewhere else?

The original message said to put in the check_comments area of functions.php. I wasn’t sure if your code was designed for a different location.

(Also, webmaster: possible CSS bug on your site. The comments box stretchs well beyond the right column with the list of links t olostfocus, scriptygoddes, etc. I’m using IE6.0 on XP. Very disconcerting to be able to type behind the right column and not to be able to see what I’m writing).

By: John

John — Thu, 01 Jan 1970 00:00:00 +0000

You're probably best served with the plugin version..

By: Mark J

Mark J — Thu, 01 Jan 1970 00:00:00 +0000

Yeah, it was intended as a plugin… sorry that wasn’t clear. It’s the same idea as the plugin version Charles Gagalac did.

By: Seraphim Proudleduck » Anti-Spam

Seraphim Proudleduck » Anti-Spam — Thu, 01 Jan 1970 00:00:00 +0000

[...] under: General | theanomaly @ 7:34 pm Matt points to a great concept: an anti-spam trick that stops spam comments that come via open proxies. If your IP address [...]

By: Arvind

Arvind — Thu, 01 Jan 1970 00:00:00 +0000

A good idea, but what about those people who’s IP’s are blacklisted by DSBL through no fault of their own. A prime example is my pathetic excuse for an ISP who’s IP seems to be blacklisted!

By: John

John — Thu, 01 Jan 1970 00:00:00 +0000

In that case you’re probably on dynamic addresses. Unplug your modem and plug it back in, you’ll get a different IP address.

DSBL.org cannot see the difference between a dynamic IP address and a static one. It can only register IP addresses that send it mail. dsbl.org has a lot of other similar questions answered, although most of it is about mail.

My code only sends the posting to the moderation queue, so if your post would be ‘blocked’ by it, the site owner could still approve it.

By: chris

chris — Thu, 01 Jan 1970 00:00:00 +0000

Unless you require the power of regular expressions, you should be using string based functions. And even then, you should be using PCRE such as preg_split() instead of it’s slower POSIX cousins: split() and spliti(). In this case, explode() is the proper choice.

In PHP, it does matter in the long run, especially in scripts you expect to have a heavy load, such as one that is frequently under assault from spammers.

By: PHP - User Design » Fight the Bastards

PHP - User Design » Fight the Bastards — Thu, 01 Jan 1970 00:00:00 +0000

[...] t found a viable solution yet. I have installed the denied open proxy plugin (check it out here, and well, it has been quite for the last 6 hours. I have been hoping between the arin, ripe and [...]

By: Jacques Distler

Jacques Distler — Thu, 01 Jan 1970 00:00:00 +0000

Umh, why are you using DSBL (which is not an open proxy list), instead of, say, opm.blitzed.org, which is an open proxy list?

By: John

John — Thu, 01 Jan 1970 00:00:00 +0000

I won’t be pulled into a “it is!” “is not!” discussion – both lists have their uses, their proponents and their opponents. The source code of my plugin is available, if you want to use it to check another blacklist feel free to change the source and publish it.

-John

By: DaveNSoKona

DaveNSoKona — Thu, 01 Jan 1970 00:00:00 +0000

Aloha,

Please excuse my ignorance but could you sum up where and how to implement this? i.e if you save the plug-in as
say: ip_blocklist.php how and where is it called from in wp-comments-post.php:?:

Mahalo,
Dave

By: John

John — Thu, 01 Jan 1970 00:00:00 +0000

First, download the full plugin from here. Unzip the file, and put it in your /wp-content/plugins folder. Go to the plugin page in your weblog admin, and activate it. That's all.