[spam-stopper] Heavy attack

Michael Foord fuzzyman at voidspace.org.uk
Thu May 25 21:49:37 UTC 2006 

Sarah King wrote:
> That's an interesting point Eric, that the bots may not be visiting 
> the page but hitting the script directly and what are we doing about it.
>
> There are occassionally times when the referrer doesn't stick so 
> that's not reliable but an internal, randomly generated "key" which 
> puts it's md5() value onto the submit form and can then be tested by 
> the post would work. Change it daily and you've solved part of the 
> problem.
>
> I'm guessing that wouldn't take much but it would be better to have as 
> core wordpress than as a plugin. After all the average WP user isn't 
> techie and would benefit from the protection.
>
My guestbook script has a few checks in place.

    The post must come from the same ip address as the get.
    The same ip can't post more than once consecutively.
    Each form has a unique id in it. Once a post has been made with that 
id, no more posts can be made using that id. (And every post must have a 
valid id.)
    The post must be made more than five seconds after the get, and not 
more than forty-five minutes after. (Something like that anyway.)

This means that a form must be fetched for every entry posted. And no ip 
address can make more than one entry in a row. No single form can ever 
be used for more than one submission.

Despite this, I still get a fair bit of (what must be manually posted) 
spam. A lot less than I used to though.

Fuzzyman
http://www.voidspace.org.uk/python/index.shtml

> Sarah
>
> On 5/26/06, *Eric A. Meyer* <eric at meyerweb.com 
> <mailto:eric at meyerweb.com>> wrote:
>
>     At 11:47 PM -0300 5/23/06, Mariano Amartino - uberbin.net
>     <http://uberbin.net> wrote:
>
>     >Hi there... I was wondering if im the only one being hit by a
>     >massive spam that skips "akismet"
>     >More than 1000 in a day (besides the ones that are being stopped by
>     >Akismet) and with
>     >keywords that are really "aggressive" I mean, credit, loan, etc.
>
>         Nope, you aren't the only one.  I've been getting the same thing,
>     albeit at only about 100 a day getting past Akismet, not 1000.
>     Akismet still seemed to be stopping a few hundred a day.  The ones
>     that made it onto meyerweb were similarly "aggressive", with all
>     kinds of really obvious spammish words like credit and phentermine,
>     and many with a whole bunch of links, despite my having long ago set
>     a "hold any comment with more than 5 links" option.  I also noticed
>     that in every case, the missed spam had nothing for the posters'
>     email address, despite my having enabled the "must provide name and
>     email" option in WordPress.  So it seemed that somehow the spammer
>     was able to slip past those WP options.
>        I also discovered after editing my comments template to remove the
>     textarea and submit button that I still got a few hundred pieces of
>     spam, both in the Akismet bucket and in my moderation queue.  So
>     someone was hitting the post script directly, and not bothering to
>     load actual pages on my site to get the submission form.  This makes
>     sense, although it's interesting since my WP installation directory
>     is very unusual, so any script that relied on '/wordpress' as the WP
>     directory would have silently failed.
>         Anyway, I hacked in some rudimentary steps to deny
>     direct-submission spam, and the amount of comment spam stopped by
>     Akismet and and showing up in my moderation queue fell off
>     dramatically.  I haven't had any escape both yet, but then I haven't
>     had the new measures in place very long.
>         I don't know if the email-less spam that dodged Akismet was
>     direct-submission or not, but it makes a certain amount of sense.
>         Oh, and I'm using WP 1.5, just recently upgraded to 1.5.2.  Don't
>     know if that should make any difference given what we're discussing,
>     but it seemed worth mentioning.
>
>     --
>     Eric A. Meyer  (eric at meyerweb.com <mailto:eric at meyerweb.com>)
>     Principal, Complex Spiral Consulting   http://complexspiral.com/
>     <http://complexspiral.com/>
>     "CSS: The Definitive Guide," "CSS2.0 Programmer's Reference,"
>     "Eric Meyer on CSS," and more    http://meyerweb.com/eric/books/
>     _______________________________________________
>     spam-stopper mailing list
>     spam-stopper at lists.automattic.com
>     <mailto:spam-stopper at lists.automattic.com>
>     http://lists.automattic.com/mailman/listinfo/spam-stopper
>     <http://lists.automattic.com/mailman/listinfo/spam-stopper>
>
>
>
>
> -- 
> Sarah King
> Estatement Ltd
> p: 09 815 8642
> m: 025 277 5898
> ------------------------------------------------------------------------
>
> _______________________________________________
> spam-stopper mailing list
> spam-stopper at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/spam-stopper
>

More information about the spam-stopper mailing list