[wp-hackers] Best way to 'enhance' wp-comments-post.php

Roy Schestowitz r at schestowitz.com
Fri May 26 05:35:13 GMT 2006 

___/ On Thu 25 May 2006 22:34:41 BST, [ Brian Layman ] wrote : \___

>> Of the filters/actions that do fire off only when a comment is
>> submitted to wp-comments-post.php, it's the first
>
> Yeah, I've wondered about that... Can you imagine the reduced load the
> Akismet servers would experience if the blocked words filter came first.
> Suddenly Akismet wouldn't have to deal with any comments containing the
> words Poker, Casino, Texas or Holdem.  I think that just might make a
> dent...


A  temporary one for sure. It is a cat-and-mouse game. Set up a non-unique
filter and all defences will perish.

Gambling  spammers  can get the links even without the hyphenated  domains
(which  Matt Cutts recently said would lose advantage), or the anchor text
in the link.


> My wife's blog has blocked 40,000 spams, which I suspect is probably pretty
> low compared to most of you.  If I take out my .htaccess blocking stuff,
> that spam rate ramps up very quickly. I suspect a majority of these spams
> were poker related and given the number of WP blogs out there, that must add
> up.


Seems  like  the  .htaccess method, which I first read about in  Dvorak  <
http://www.dvorak.org/blog/?p=2904  >,  is still rather  successful.  Once
popularised,  however,  it can be fooled (just like my CAPTCHA  which  got
hacked, allowing a flow of 200+ spam in the past 24 hours alone).

The  spammers are apparently using compromised Windows boxes to carry  out
the  floods.  Such Windows vulnerabilities and zombie armies also  account
for  80%  of  the global E-mail spam, according to Symantec. So  there  is
/one/   root   of   the  problem.  UIP  diversity  could  be   fought   by
fixing/replacing the operating system. But I'll digress...


> One thing that I am shocked about is that my personal blog, which I setup on
> February 28, has received a grand total of 14 spam comments in three months.
> Is it simply the fact that I've had Akismet on since the beginning?  I'm
> certainly known to the search engines...  Somebody pointed out that my post
> on 1and1 and PEAR was Google's #1 listing within the first 24 hours.  And if
> I was found by several spammers, surely I would be found by more.  Now, I'm
> not complaining, but I am surprised I don't get more comment spam...


I  would  happily  pass my spam over to you, in case you  feel  left  out.
*smile*

Best wishes,

Roy

-- 
Roy S. Schestowitz      | Here be hills, there be dragons!
http://Schestowitz.com  | Free as in Free Beer ¦  PGP-Key: 0x74572E8E
  6:30am  up 28 days 13:02,  9 users,  load average: 0.42, 0.32, 0.39

More information about the wp-hackers mailing list