[spam-stopper] Heavy attack

Eric A. Meyer eric at meyerweb.com
Thu May 25 17:14:44 UTC 2006 

At 11:47 PM -0300 5/23/06, Mariano Amartino - uberbin.net wrote:

>Hi there... I was wondering if im the only one being hit by a 
>massive spam that skips "akismet"
>More than 1000 in a day (besides the ones that are being stopped by 
>Akismet) and with
>keywords that are really "aggressive" I mean, credit, loan, etc.

    Nope, you aren't the only one.  I've been getting the same thing, 
albeit at only about 100 a day getting past Akismet, not 1000. 
Akismet still seemed to be stopping a few hundred a day.  The ones 
that made it onto meyerweb were similarly "aggressive", with all 
kinds of really obvious spammish words like credit and phentermine, 
and many with a whole bunch of links, despite my having long ago set 
a "hold any comment with more than 5 links" option.  I also noticed 
that in every case, the missed spam had nothing for the posters' 
email address, despite my having enabled the "must provide name and 
email" option in WordPress.  So it seemed that somehow the spammer 
was able to slip past those WP options.
   I also discovered after editing my comments template to remove the 
textarea and submit button that I still got a few hundred pieces of 
spam, both in the Akismet bucket and in my moderation queue.  So 
someone was hitting the post script directly, and not bothering to 
load actual pages on my site to get the submission form.  This makes 
sense, although it's interesting since my WP installation directory 
is very unusual, so any script that relied on '/wordpress' as the WP 
directory would have silently failed.
    Anyway, I hacked in some rudimentary steps to deny 
direct-submission spam, and the amount of comment spam stopped by 
Akismet and and showing up in my moderation queue fell off 
dramatically.  I haven't had any escape both yet, but then I haven't 
had the new measures in place very long.
    I don't know if the email-less spam that dodged Akismet was 
direct-submission or not, but it makes a certain amount of sense.
    Oh, and I'm using WP 1.5, just recently upgraded to 1.5.2.  Don't 
know if that should make any difference given what we're discussing, 
but it seemed worth mentioning.

-- 
Eric A. Meyer  (eric at meyerweb.com)
Principal, Complex Spiral Consulting   http://complexspiral.com/
"CSS: The Definitive Guide," "CSS2.0 Programmer's Reference,"
"Eric Meyer on CSS," and more    http://meyerweb.com/eric/books/

More information about the spam-stopper mailing list