[spam-stopper] Heavy attack

Sarah King rainchx at gmail.com
Thu May 25 21:37:41 UTC 2006


That's an interesting point Eric, that the bots may not be visiting the page
but hitting the script directly and what are we doing about it.

There are occassionally times when the referrer doesn't stick so that's not
reliable but an internal, randomly generated "key" which puts it's md5()
value onto the submit form and can then be tested by the post would work.
Change it daily and you've solved part of the problem.

I'm guessing that wouldn't take much but it would be better to have as core
wordpress than as a plugin. After all the average WP user isn't techie and
would benefit from the protection.

Sarah

On 5/26/06, Eric A. Meyer <eric at meyerweb.com> wrote:
>
> At 11:47 PM -0300 5/23/06, Mariano Amartino - uberbin.net wrote:
>
> >Hi there... I was wondering if im the only one being hit by a
> >massive spam that skips "akismet"
> >More than 1000 in a day (besides the ones that are being stopped by
> >Akismet) and with
> >keywords that are really "aggressive" I mean, credit, loan, etc.
>
>     Nope, you aren't the only one.  I've been getting the same thing,
> albeit at only about 100 a day getting past Akismet, not 1000.
> Akismet still seemed to be stopping a few hundred a day.  The ones
> that made it onto meyerweb were similarly "aggressive", with all
> kinds of really obvious spammish words like credit and phentermine,
> and many with a whole bunch of links, despite my having long ago set
> a "hold any comment with more than 5 links" option.  I also noticed
> that in every case, the missed spam had nothing for the posters'
> email address, despite my having enabled the "must provide name and
> email" option in WordPress.  So it seemed that somehow the spammer
> was able to slip past those WP options.
>    I also discovered after editing my comments template to remove the
> textarea and submit button that I still got a few hundred pieces of
> spam, both in the Akismet bucket and in my moderation queue.  So
> someone was hitting the post script directly, and not bothering to
> load actual pages on my site to get the submission form.  This makes
> sense, although it's interesting since my WP installation directory
> is very unusual, so any script that relied on '/wordpress' as the WP
> directory would have silently failed.
>     Anyway, I hacked in some rudimentary steps to deny
> direct-submission spam, and the amount of comment spam stopped by
> Akismet and and showing up in my moderation queue fell off
> dramatically.  I haven't had any escape both yet, but then I haven't
> had the new measures in place very long.
>     I don't know if the email-less spam that dodged Akismet was
> direct-submission or not, but it makes a certain amount of sense.
>     Oh, and I'm using WP 1.5, just recently upgraded to 1.5.2.  Don't
> know if that should make any difference given what we're discussing,
> but it seemed worth mentioning.
>
> --
> Eric A. Meyer  (eric at meyerweb.com)
> Principal, Complex Spiral Consulting   http://complexspiral.com/
> "CSS: The Definitive Guide," "CSS2.0 Programmer's Reference,"
> "Eric Meyer on CSS," and more    http://meyerweb.com/eric/books/
> _______________________________________________
> spam-stopper mailing list
> spam-stopper at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/spam-stopper
>



-- 
Sarah King
Estatement Ltd
p: 09 815 8642
m: 025 277 5898
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.automattic.com/pipermail/spam-stopper/attachments/20060526/c4431bfb/attachment.htm>


More information about the spam-stopper mailing list