[wp-hackers] Spam load
hovercrafter at earthlink.net
Wed Dec 27 17:33:56 GMT 2006
> > I use Maxthon with IE7 (been using Maxthon since the days of it being
> > MyIE2). It makes tabbed browsing soo much easier with mouse gestures
> Agreed I use it to, with IE7 at home and with IE6 at work. Because it is
> portable and doesn't involve an install it is the only decent option for
> many office environments that have a policy against installing software.
> AWStats doesn't detect Maxthon. I suppose I should change that... And my
> log is too polluted with my visits to easily determine how much Maxthon
> traffic I get. It all looks like IE. If IE7 had the click and drag
> that opened a new tab or searched for the dragged content, I might switch
> pure IE7. That's really all I miss.
That is the best feature of Maxthon. Whenever I use FF or Konqueror, I
constantly catch myself trying to drag links to open it. Since I do a lot of
state and federal government work, I stick with IE, as they have policies
against other browsers.
> > Actually what a lot of these spammers do is make a post manually via
> > browser and use a program like Smart Sniffer to get the packet header
> > information.
> Ah, so not only does it make sense to make it look like a real browser,
> it also is a laziness factor as, after all, why should they change any of
> the data being submitted?
> > I have been using BB2 + Akismet on my site. BB2 blocks around 33,000
> > attempt per week and Akismet still catches about 600 comments a day.
> Are you saying BB2 also reduces the load on your site? I've only been
> Akismet and it's largely sufficient. Every now and then I might have 2 or
> three slip through, but then it is fine for another month or more.
I am on shared hosting, so I don't have access to top or any other real
stats, but it does appear that the actual server load has decreased some.
Before I installed BB2, there were times it would take 10-15 seconds to load
the site. Now it might get to 5 seconds if I am getting hammered. I haven't
really torn into BB2 to see the inner workings and figure out if it helps
with actual load. It certainly did reduce the number of spam comments
appearing in Akismet.
I believe where BB2 comes into play more is it prevents these spam programs
from crawling the actual site and finding whatever links they can.
> > That is with wp-comments-post removed and renamed, so they are now
> > going through and filtering out the form action.
> Heh, I've pondered combining the wp-comments-post code with a nonce
> Then actual comment submission page is dynamically generated per page via
> the post number and some other unique seed and expires within an hour.
> > Luckily my hosting company is very understanding
> > about this and working with me to stop it.
> Well it isn't your fault people are spammers... :) Fortunately,
> TheCodeCave's gotten only 103 spams caught by Akismet in the last two
> So my current load is relatively small.
> Brian Layman
I have been playing with a similar idea in my head. Since these spam bot
with a way using a combination of a hashed time key and dynamically
inserting the form action. This would of course limit people commenting to
To further reduce actual server load, it would be wise to create a dummy
wp-comments-post.php file that is blank. That way the rewrite rules would
bypass firing up the Wordpress core and in turn keep processing cycles down,
by not generating the WP 404 page.
More information about the wp-hackers