[wp-hackers] wp-denyhost

Sören Weber mail at soeren-weber.net
Fri Apr 18 08:09:16 GMT 2008


I usually dislike the method of IP blocking. In Germany, a lot of internet
providers (at least the biggest, Deutsche Telekom) do assign dynamic IP
addresses and usually disconnect the connection each 24 hours.

Therefore a bot PC will have a different IP each 24 hours and will happily
fill your database with both comment spam - and after the threshold is
reached with unallowed IP addresses.

Additionally more and more users are blocked from legal commenting if your
plugin does not release the IP ban after a while.

Regards
Sören

> You should be using the = operator instead of LIKE.
>
> Just think how many IP addresses match %4.12.32.1%, when presumably
> you only want to match that single address.
>
> Best regards,
> + Kimmo
> --
> <A HREF="http://kimmo.suominen.com/">Kimmo Suominen</A>
>
> On Fri, Apr 18, 2008 at 01:23:27AM +0200, Per Søderlind wrote:
>> Hi,
>>
>> I’ve written a plugin (not ready for release yet) that does the
>> following:
>>
>> define('PS_DENYHOST_THRESHOLD', 5);
>> function ps_denyhost() {
>>   global $wpdb;
>>
>>   $suspect = $this->get_IP();
>>   $count = (int) $wpdb->get_var("SELECT COUNT(comment_ID) FROM
>> $wpdb->comments  WHERE comment_approved = 'spam' AND comment_author_IP
>> LIKE
>> ('%$suspect%')");
>>
>>   if ($count > PS_DENYHOST_THRESHOLD) {
>>     exit;
>>   }
>> }
>> add_action('init', 'ps_denyhost');
>>
>> The idea is that if a commenter has been tagged as a spammer more than
>> PS_DENYHOST_THRESHOLD times, he will be blocked.
>> The reason for PS_DENYHOST_THRESHOLD is to prevent a innocent commenter,
>> with comments wrongly tags as spam, from being block.
>>
>> I guess there are similar plugins, but I couldn't find them.
>>
>> Btw, I use this together with Akismet.
>>
>> Comments?`
>>
>> Regards,
>> PerS
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>





More information about the wp-hackers mailing list