« | Home | Recent Comments | Categories | »

New anti-spam trick

Posted on October 31st, 2004 at 8:01 by John Sinteur in category: News -- Write a comment

I’ve implemented a new anti-spam trick. I’ve added the following small piece of code to the “check_comment” function in “functions.php” in wordpress:


$spammer_ip = $_SERVER['REMOTE_ADDR'];
list($a, $b, $c, $d) = split('.', $spammer_ip);
if( gethostbyname("$d.$c.$b.$a.list.dsbl.org") != "$d.$c.$b.$a.list.dsbl.org") {
 header( "Location: http://dsbl.org/listing?".$spammer_ip);
 return false;
}

This means that if your IP address is on a list of known open proxies (mostly used by email spammers, but recently by comment-spammers as well) you will not be able to post comments.

UPDATE: A new version, with more and better checks, is here

  1. First, download the full plugin from here. Unzip the file, and put it in your /wp-content/plugins folder. Go to the plugin page in your weblog admin, and activate it. That’s all.

  2. You’re probably best served with the plugin version..

  3. Yeah, it was intended as a plugin… sorry that wasn’t clear. It’s the same idea as the plugin version Charles Gagalac did.

  4. […] äten Nachmittag, um 17:40 Uhr John Sinteur bloggte schon vor 2 Wochen über ein WordPress Plugin, dass beim kommentieren prüft, ob die IP von einem offenen Proxy stammt. Dazu wi […]

  5. […] under: General  | theanomaly @ 7:34 pm

    Matt points to a great concept: an anti-spam trick that stops spam comments that come via open proxies. If your IP address […]

  6. A good idea, but what about those people who’s IP’s are blacklisted by DSBL through no fault of their own. A prime example is my pathetic excuse for an ISP who’s IP seems to be blacklisted!

  7. In that case you’re probably on dynamic addresses. Unplug your modem and plug it back in, you’ll get a different IP address.

    DSBL.org cannot see the difference between a dynamic IP address and a static one. It can only register IP addresses that send it mail. dsbl.org has a lot of other similar questions answered, although most of it is about mail.

    My code only sends the posting to the moderation queue, so if your post would be ‘blocked’ by it, the site owner could still approve it.

  8. Unless you require the power of regular expressions, you should be using string based functions. And even then, you should be using PCRE such as preg_split() instead of it’s slower POSIX cousins: split() and spliti(). In this case, explode() is the proper choice.

    In PHP, it does matter in the long run, especially in scripts you expect to have a heavy load, such as one that is frequently under assault from spammers.

  9. […] t found a viable solution yet. I have installed the denied open proxy plugin (check it out here, and well, it has been quite for the last 6 hours. I have been hoping between the arin, ripe and […]

  10. Umh, why are you using DSBL (which is not an open proxy list), instead of, say, opm.blitzed.org, which is an open proxy list?

  11. I won’t be pulled into a “it is!” “is not!” discussion – both lists have their uses, their proponents and their opponents. The source code of my plugin is available, if you want to use it to check another blacklist feel free to change the source and publish it.

    -John

  12. Aloha,

    Please excuse my ignorance but could you sum up where and how to implement this? i.e if you save the plug-in as
    say: ip_blocklist.php how and where is it called from in wp-comments-post.php:?:

    Mahalo,
    Dave

  13. Mark: I’m a bit confused on where you are suggesting we put this file. In post_comment_text? I couldn’t find a function or file by that name anywhere. Or do you mean somewhere else?

    The original message said to put in the check_comments area of functions.php. I wasn’t sure if your code was designed for a different location.

    (Also, webmaster: possible CSS bug on your site. The comments box stretchs well beyond the right column with the list of links t olostfocus, scriptygoddes, etc. I’m using IE6.0 on XP. Very disconcerting to be able to type behind the right column and not to be able to see what I’m writing).

  14. Actually, you might wind up with better results if you add this to wp-comments-post.php so that known spammers don’t clog up your mod queue.

  15. I’ll look into that… good one!

    Or even better, have a future version of WP add a special filter type so I could stick it into a plugin..

  16. Just so people know, there are a few bugs in that code if you paste it directly into a terminal window having to do with escaped characters. All of the single and double quotes that got smartcoded to shapelier quotes are gonna cause a problem.

  17. […] gin for MovableType, called MT-DSBL, which is a port of a WordPress trick, as published at the Daily Irrelevant. That’s the kind of stuff my monkeys like to see – more interaction, […]

  18. […] , this one seems like a simple enough hit that can get rid of quite a bit: (As posted on the Daily Irrelevant) …If your IP address is on a list of known open proxies (mostly used by email s […]

  19. […] or (http://mookitty.co.uk/ devblog/archives /2004/10/31 /kittens-spaminator/) as well as a DSBL check (http://weblog.sinteur.com/index.php?p=7967). We’ll see if that cuts down on the SPAM problem. If so, I’ve solved one of the few big proble […]

  20. […] ts also all valid comments for the period of my trip. Use Stop Open Proxy Commenting from John to stop comments from HTTP proxies that are known to send spam email. Consider u […]

  21. […] nti-spam trick Categories – Cool Scripts WordPress Hack LinkyLoo — Mark New anti-spam trick: Check if your comments came from open proxies before even beginning to process th […]

  22. You can hook in at post_comment_text.

    It is a filter for the text of the comment, but it is run before anything is put in the database. I use this to check that the domain of the e-mail address given has a valid MX entry and is a properly formed e-mail address.

    <?php
    function check_for_open_proxy( $comment_text ) {

    $spammer_ip = $_SERVER[‘REMOTE_ADDR’];
    list($a, $b, $c, $d) = split(‘.’, $spammer_ip);
    if( checkdnsrr(“$d.$c.$b.$a.list.dsbl.org”) ) {
    header( “Location: http://dsbl.org/listing?”.$spammer_ip);
    exit();
    }

    return $comment_text;
    }
    add_action(‘post_comment_text’, ‘check_for_open_proxy’, 1);

    That should work just fine on 1.2, 1.2.1, and 1.3 (but it’s late, so don’t quote me on that).

  23. […] ick slvShowNewIndicator(1099665737); Filed under: WordPress Hacks|Google it! This anti-spam hack checks to see if the commenter’s IP address is on a list of known open proxies ( […]

  24. Und noch ein Anti-Kommentarspamtool
    ( en: ) I just put together the code from this Anti-Spam-Trick into a WordPress-Plugin. Download it here.

    ( de: ) Auf dieser Seite gibt es Code für ein WordPress-PlugIn, mit dem bei Kommentaren überprüft wird, ob sie von einem offenen Proxy stamm…

  25. Spamas puola
    Nauji triukai reklamos erdvėje sugalvoja automatizuotai visur rašinėti į komentarus. Bet kiti galvo?iai sugalvoja kaip nuo jų apsisaugoti. Naujas triukas apsaugoti WordPress blogerius jau patalpintas [šiame puslapyje] (http://weblog.sinteur.com/i

  26. Stopping Open Proxy Commenters
    Matt points to a great concept: stopping comments that come via open proxies.

    There are some plugins extant for it … I’m going to take a little time this weekend to try and find a good one to recommend.

  27. Anti-Spam
    Matt points to a great concept: an anti-spam trick that stops spam comments that come via open proxies. If your IP address is on a list of known open proxies (mostly used by email spammers, but recently by comment-spammers as well) you will not be able…

  28. New anti-spam trick
    Ik ben niet de enige die de afgelopen dagen aangevallen is door commentspammers. Meerdere WordPress logs zijn aangevallen.

    Aangezien de spammer constant een andere open-proxy gebruikte, was het geen doen om de ip-adressen met de hand te gaan blokker…

  29. Auto-blocking open proxies’ access to Movable Type
    In the category of sheer genius contributions to the fight against spam, let me point you in the direction of Brad Choate’s newest plugin for the Movable Type content management system: mt-dsbl

  30. Consider A New Career
    After recent modifications to the comment functionality of this weblog, when I went to make a comment to a recent post, instead of the comment posting, I was routed to http://www.fbi.gov. Clever, huh? To be spammed by this FBI…

  31. MT-DSBL – Open proxy comment filter
    I bumped into a spiffy little plugin for MT 3.1x that checks a comment posters IP against known open relays/proxies via DSBL. You can get the plugin here. It give you a choice to either deny or moderate the comment. If you use WordPress, there’s a nic…

  32. Fighting Trackback Spam with Email Blacklists
    Overnight I got slammed by two trackback spam attacks to my blog, both lasting about two hours and originating from over 20 IPs. I added all of them to my banned list to prevent further occurrences. HOWEVER, I also sat…

  33. Fighting Trackback Spam with Email Blacklists
    Overnight I got slammed by two trackback spam attacks to my blog, both lasting about two hours and originating from over 20 IPs. I added all of them to my banned list to prevent further occurrences. HOWEVER, I also sat…

previous post: Small World

next post: Oklahoma Black Leaders Upset Over Candidate Remark