*kaBOOM*
With the previous post, you might actually think I do nothing else than watching TV. But keeping a weblog spam-free is actually an intense task. So here’s something for the more tech-savvy:
How to keep your WordPress Weblog Spam-free
Some of you might have seen one or two spam messages (about online poker and about cheap medicine) in the comments, which mostly happens overnight, and I don’t have time to delete it. It’s quite simple really, just one well directed URL is enough. It’s actually so easy, millions of zombie PC’s roaming the internet (usually for email spam) have this routine built-in nowadays.
The first step of course, would be to deny the IP addresses access to your webserver. This is done through the .htaccess file (using Apache of course). Till now, it’s kept quite short.
Then came yesterday. I already saw a small increase in this type of abuse, but had to leave for the movies. When I came home, I was bombarded with no less than 620 of these messages. With the attack continuing, filling the .htaccess would prove time consuming and in the end, probably worthless.
On to analyzing the exact spam messages and their methods it is (assuming I’m smarter than a botnet level spam engine):
– This new spam engine is quite effective. It distributes the post commands to other zombie PC’s, and each will post a spam message on another post, nicely increasing from 1 to, in my case, 600+)
– uniform posting reveals: 1. no http referrer 2. same url 3. spam contains URL
Actually, this is all I need to effectively block the messages. While using only one of the above would be enough, I built in all three.
1. build in code where the posting will stop and give an error message if the referrer is empty (use getenv(“HTTP_REFERER”))
2. rename the post.php file, and edit the originating (popup.php) to redirect to the renamed file. The static bots will keep hammering on the original post file which does not exist anymore.
3. build in code where the posting will stop and give an error message if the comment contains “http” (use strpos($comment, ‘http’))
By now, it’s already 2.00 am, but with a grin on my face I see all the return error messages fly by. Waiting for the next leap of intelligence of the bots then. (Actually, 3 leaps, which will probably take some time)
Who says I can’t teach you anything ?