Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
#1 2007-04-13 10:17:55
- Neko
- Member
- Registered: 2004-03-18
- Posts: 458
They found a way to spam my TXP site
I woke up today and found like 15 spammy comments, all posted at the same time, same second. They’re clever enough to change the IP address at any comment so the only option was to resort using mrw_spamkeywords_urlcount and nko_spamurl_blocker.
I did not change the comments routine, so they still need to preview first and then submit as TXP default.
Have you experienced an increase of spammy comments, recently? What can I do in order to better fight back these morons? Thanks,
-N.
Offline
Re: They found a way to spam my TXP site
textpattern.org was hit by a huge amount (hundreds!) of comment spam in the last few days as well. The similarity seems to be that the message starts with a string of 5 uppercase letters and/or digits. For now that would be a good indicator to detect and filter out those messages, because few normal comments would start like that.
Last edited by ruud (2007-04-13 10:34:23)
Offline
Re: They found a way to spam my TXP site
I have noticed a huge spike in efforts across all of my TXP sites. They still have not been able to actually get any through, but I bet it is only a matter of time before they figure it out. Luckily, we have some very bright people in the TXP community that will come up with a solution to the problem!
Offline
#4 2007-04-13 18:58:08
- Neko
- Member
- Registered: 2004-03-18
- Posts: 458
Re: They found a way to spam my TXP site
ruud wrote:
textpattern.org was hit by a huge amount (hundreds!) of comment spam in the last few days as well. The similarity seems to be that the message starts with a string of 5 uppercase letters and/or digits.
Yep, getting a lot of those. My stupid plug-in, nko_spamurl_blocker, a dirty hack of mrw_spamkeywords_urlcount, works like a charm in this case ‘cause, given the message always changes, the URL has always the same root (member.aol.com). So there, spam bastards! :) Besides, any commenter whose Web site is hosted on aol.com should be banned to hell by default.
Last edited by Neko (2007-04-13 23:48:28)
Offline
Re: They found a way to spam my TXP site
Luckily, we have some very bright people in the TXP community that will come up with a solution to the problem!
There are already solutions out there, for about 16 months now. The problem is that from one point there is not much left to do that does not significantly affect commenting – either throuh filtering (with potential false positives) or with images captchas (convenience & accessibility problems) or with other types of challenges (email-confirmation, registration, form-questions – all of which have only limited success). Most of things already exit as plugins, or else the infrastructure is in place to implement them relatively easily. The real question is, whether we want to move any of that kind of functionality into core, or maybe place plugins into the distributions or take other steps to make new users easily aware of the possibilities…
In the meantime, I think the wiki-pages on the subject are a good starting point (and in case there have been some improvements in plugins or new plugins made, somebody please update the information there).
Offline
#6 2007-04-13 22:47:07
- zem
- Developer Emeritus
- From: Melbourne, Australia
- Registered: 2004-04-08
- Posts: 2,579
Re: They found a way to spam my TXP site
I’m working on releasing a solution through thresholdstate.com soon. It’s been running there for two weeks, and captured 287 spam comments so far.
Alex
Offline
#7 2007-04-13 23:42:18
- Neko
- Member
- Registered: 2004-03-18
- Posts: 458
Re: They found a way to spam my TXP site
zem wrote:
I’m working on releasing a solution through thresholdstate.com soon. It’s been running there for two weeks, and captured 287 spam comments so far.
Stellar. Looking forward to check it out.
Last edited by Neko (2007-04-13 23:42:33)
Offline
#8 2007-04-14 10:03:22
- marios
- Archived Plugin Author
- Registered: 2005-03-12
- Posts: 1,253
Re: They found a way to spam my TXP site
I’m having problems lately with one of my IMAP accounts. The messages appear to be coming from textgarden.org, but they are not.
I have enclosed a full source sample, and sent it to Zem.
regards, marios
Last edited by marios (2007-04-14 18:57:27)
⌃ ⇧ < ⎋ ⌃ ⇧ >
Offline
Re: They found a way to spam my TXP site
zem wrote:
I’m working on releasing a solution through thresholdstate.com soon.
Is it based on the IPnr and port number of the visitor combined with a ‘pap_contact_cleaner’ approach?
I’m very interested in seeing how you’re using the port number, as it tends to change when the keep-alive timeout is exceeded (during the time the visitor fills out the form), but I can see how that can be effective if spambots set up a new connection for each page request.
Offline
#10 2007-04-14 22:17:50
- zem
- Developer Emeritus
- From: Melbourne, Australia
- Registered: 2004-04-08
- Posts: 2,579
Re: They found a way to spam my TXP site
Is it based on the IPnr and port number of the visitor combined with a ‘pap_contact_cleaner’ approach?
It uses a series of tests. It’s not based on IP addresses, blacklists, or keywords.
If you’re referring to the hidden stuff on thresholdstate.com, that’s intelligence gathering. The current techniques are based on an analysis of over 21000 spam attempts.
Last edited by zem (2007-04-14 22:20:39)
Alex
Offline
Pages: 1