Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
TIP - Prevent comment spam traffic
I don’t get any comment spam, but I am still getting hit by spambots (visible in the logs because they constantly hit the #cpreview anchor), which is artificially inflating my visitor numbers.
I found this article:
http://www.paultastic.com/freebsd_blockSpamIPs.php
which has an up-to-date list of domains that are responsible for comment spam. Simply copy+paste his code into your .htaccess file (before the redirect stuff, I guess) to stop all those bots reaching your site.
It won’t stop all the traffic, but you can keep adding more and more addresses into it as you notice them in your logfiles.
:)
Offline
Re: TIP - Prevent comment spam traffic
Thanks for this link Buddy.
I didn’t want to stop people who happen to have these IPs from even visiting my site though (ya never know, they could be spoofed or bad information) so instead I’m just using these IP’s and throwing them into my banned ip table. This way they just cant post a comment with them.
If anybody wants to use the same method… download the file from paultastic.com then delete the top part so all you have are the “Deny from ….” lines.
Save it to your c drive as access.conf.txt
Then run the following from a vbs file:
<code>
const ForReading = 1
const ForWriting = 8
dim strSearchThis
redim arrSearchThis(-1)
dim i, j
dim objFS
dim objTS
dim objTS2
set objFS = CreateObject(“Scripting.FileSystemObject”)
set objTS = objFS.OpenTextFile(“C:\access.conf.txt”, ForReading)
set objTS2 = objFS.OpenTextFile(“C:\banip0.sql”, ForWriting, true)
i = 0
j = 0
do until objTS.AtEndOfStream
redim preserve arrSearchThis(i)
arrSearchThis(i) = objTS.ReadLine
arrSearchThis(i) = Replace(arrSearchThis(i), “Deny from “, “INSERT INTO txp_discuss_ipban (ip, name_used, date_banned, banned_on_message) VALUES (‘”) & “’, ‘John Doe’, sysdate(),250);”
objTS2.WriteLine(arrSearchThis(i))
i = i + 1
if i >= 10000 then
j = j + 1
set objTS2 = objFS.OpenTextFile(“C:\banip” & j & “.sql”, ForWriting, true)
i = 0
end if
loop
</code>
Then just execute the sql scripts you’ve created via PHPMyAdmin. I just banned some 50,000 ip’s from posting comments like this. The reason it makes several sql files is I had a memory error in phpmyadmin when I did it all as one file.
Last edited by arkham (2005-12-27 09:32:50)
Offline
Re: TIP - Prevent comment spam traffic
I don’t get any comment spam, but I am still getting hit by spambots (visible in the logs because they constantly hit the #cpreview anchor), which is artificially inflating my visitor numbers.
Against that you should use this plugin: http://forum.textpattern.com/viewtopic.php?pid=91739#p91739
> which has an up-to-date list of domains that are responsible for comment spam. Simply copy+paste his
> code into your .htaccess file (before the redirect stuff, I guess) to stop all those bots reaching your site.
>
> It won’t stop all the traffic, but you can keep adding more and more addresses into it as you notice them
> in your logfiles.
Manually maintaining such a blacklist is a sure way to go insane in a short amount of time. There are services that maintain such lists, including dealing with complaints and removing false positives. Textpattern already checks against blacklists before saving a comment (you can configure which servers it should check in preferences).
Btw: You need to have access to the server configuration to use that list as is. And checking against a 2 MB list of deny entries for every hit to the webserver (including images, stylesheet etc. etc.) is a sure way to noticably slow down the server. (Throwing this into an .htacces file would even mean parsing that file for every page-request). And given that it checks against names, it also requires a DNS lookup.
Against the spam-comments, there will be plugins available in a short while (and also 4.0.3 will improve in the core on this issue), but the inflated visitor numbers are not something to deal with during the operation of the server, but during evaluation of the logfiles. You could use the same list of ips/domain-anmes, to filter out in the logfiles, before feeding it to the analyzer.
Offline
Re: TIP - Prevent comment spam traffic
I’m getting hit with a cluster of comment spam several times a day now. Can you state which blacklist servers we should have configured in preferences. It’s getting so annoying that I’m considering turning off commenting altogether and I really don’t want to have to do that.
Offline
Re: TIP - Prevent comment spam traffic
Hi arkham,
use this plugin: http://forum.textpattern.com/viewtopic.php?pid=91739#p91739
And update to 4.0.3 once it gets released.
You can configure the spam-blacklist in advanced preferences at the bottom, it says “Spam blacklists (comma separated)”, there you can enter a comma-seperated list of domains to use:
http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/
Offline
Re: TIP - Prevent comment spam traffic
Thanks.
I just installed the plugin.
Offline
Re: TIP - Prevent comment spam traffic
I got hit again even after activating the plugin by a batch of comment spam at 9:48. Could your plugin have failed to work because I have the hicks live preview plugin installed?
12/28 9:48 am cm-24-121-8-40.flagstaff.az.npgco.com blog/91/ice-cubes-series-of-unfortunate-events
12/28 9:48 am 82-46-153-54.stb.ubr01.smal.blueyonder.c…
o.uk blog/91/ice-cubes-series-of-unfortunate-events#cpr…
eview
12/28 9:48 am 12-218-249-188.client.mchsi.com blog/99/what-keeps-the-cipher-complete
12/28 9:48 am cpe-071-069-182-016.nc.res.rr.com blog/111/muslim-slaves-white-slaves-did-i-miss-tha…
t-day-of-us-history
12/28 9:48 am cpe-071-069-182-016.nc.res.rr.com blog/89/from-8-mile-to-38-mpg#cpreview
12/28 9:48 am adsl-70-233-135-148.dsl.okcyok.sbcglobal…
.net blog/111/muslim-slaves-white-slaves-did-i-miss-tha…
t-day-of-us-history#cpreview
12/28 9:48 am 82-45-118-76.stb.ubr02.sout.blueyonder.c…
o.uk blog/99/what-keeps-the-cipher-complete#cpreview
12/28 9:48 am c-71-56-233-50.hsd1.co.comcast.net blog/59/shoe-meet-the-other-foot
12/28 9:48 am c-71-197-133-252.hsd1.or.comcast.net blog/89/from-8-mile-to-38-mpg#cpreview
12/28 9:48 am h-66-134-186-53.chcgilgm.covad.net blog
12/28 9:48 am 0×57324b86.vgnxx2.adsl-dhcp.tele.dk blog/85/why-too-que
12/28 9:48 am chello062178032163.11.11.vie.surfer.at blog/97/abc-news-crime-has-left-new-orleans-along-…
with-the-black-people
12/28 9:48 am 12-218-249-188.client.mchsi.com blog/125/getting-soulsided-the-gift-and-the-curse
12/28 9:48 am adsl-65-42-109-26.dsl.peoril.ameritech.n…
et blog/68/web-situs-interruptus
12/28 9:48 am m1113.upc-m.chello.nl blog/111/muslim-slaves-white-slaves-did-i-miss-tha…
t-day-of-us-history ohword.com
12/28 9:48 am 53515533.cable.casema.nl blog/97/abc-news-crime-has-left-new-orleans-along-…
with-the-black-people#cpreview
12/28 9:48 am nan92-1-82-67-170-56.fbx.proxad.net blog/85/why-too-que#cpreview
12/28 9:48 am c-67-161-178-245.hsd1.ca.comcast.net blog/59/shoe-meet-the-other-foot#cpreview
12/28 9:48 am 535282C8.cable.casema.nl blog/125/getting-soulsided-the-gift-and-the-curse#…
cpreview
12/28 9:48 am ool-18bc20f1.dyn.optonline.net blog/68/web-situs-interruptus#cpreview
12/28 9:48 am ma-pembroke-cuda1c-213.albyny.adelphia.n…
et blog/99/what-keeps-the-cipher-complete ohword.com
12/28 9:48 am ool-44c69d47.dyn.optonline.net blog/97/abc-news-crime-has-left-new-orleans-along-…
with-the-black-people ohword.com
12/28 9:48 am cpe-24-175-107-39.houston.res.rr.com blog/85/why-too-que ohword.com
12/28 9:48 am pcp07857537pcs.bntasp01.fl.comcast.net blog/68/web-situs-interruptus ohword.com
12/28 9:48 am ool-44c093b4.dyn.optonline.net blog/91/ice-cubes-series-of-unfortunate-events ohword.com
12/28 9:48 am cpe-69-135-199-184.woh.res.rr.com blog/125/getting-soulsided-the-gift-and-the-curse ohword.com
12/28 9:48 am ma-pembroke-cuda1c-213.albyny.adelphia.n…
et blog/59/shoe-meet-the-other-foot ohword.com
Offline
Re: TIP - Prevent comment spam traffic
just happened again… another 10 comments
Offline
Re: TIP - Prevent comment spam traffic
I got hit again even after activating the plugin by a batch of comment spam at 9:48. Could your plugin have failed to work because I have the hicks live preview plugin installed?
Maybe; I don’t know how that plugin works.
Offline
Re: TIP - Prevent comment spam traffic
Hey I think I’m getting special attention from this guy now or he’s adapting his script – they’re probably looking at the plugin you made. The log commands are a little different.
I had just 1 post this time to the article called “Albumcraft”
12/28 12:47 pm correo.gep.com.ve blog/119/albumcraft?commented=1
12/28 12:46 pm correo.gep.com.ve blog/119
12/28 12:46 pm 202.56.253.183 blog/120/tragedy-the-story-of-queensbridge
12/28 12:46 pm ip075026.hkicable.com blog/120/%23cpreview
12/28 12:45 pm 202.56.253.183 blog/121/got-you-all-in-check-pt-ii
12/28 12:45 pm ip075026.hkicable.com blog/121/%23cpreview
12/28 12:44 pm ip075026.hkicable.com blog/125/getting-soulsided-the-gift-and-the-curse
12/28 12:44 pm 202.56.253.177 blog/125/%23cpreview
But note a few other urls they tried to comment to. Either the plugin prevented them or the spam blacklist.
Also note the url now says %23 which is an encoding for #
12/28 12:47 pm correo.gep.com.ve blog/119/albumcraft?commented=1
12/28 12:46 pm correo.gep.com.ve blog/119
Is the post that was commented to. If this helps any…
Offline
Re: TIP - Prevent comment spam traffic
Well, it looks like you’ve removed the preview and the nonce and nonce-checking from comments, that way you’re really wide open to a wide variety of blog-spam tools, as there is hardly any customization necessary. Unless there is any special provisions the livepreview plugin is making against spam.
12/28 12:47 pm correo.gep.com.ve blog/119/albumcraft?commented=1
that looks a lot like (semi-)manual spams. I haven’t seen any tools/bots follow 302 redirects when blog-spamming.
But of course it’s entirely possible and feasible that somebody has started working around the plugin…
Offline
Re: TIP - Prevent comment spam traffic
That one may have been manual.
I see a bunch from the past hour that just used #cpreview and worked. I’ll switch to default txp commenting when i have a chance.
Offline
Pages: 1