[wp-hackers] Simple comment spam experiment

Otto otto at ottodestruct.com
Wed Apr 16 16:39:45 GMT 2008

On Wed, Apr 16, 2008 at 10:25 AM, Matt Mullenweg <m at mullenweg.com> wrote:
>  Because you do something that almost no one else does, and your site is not
> a large enough target, spammers have not yet done the trivial workaround it
> would require to get past this. If it was put into core, they most certainly
> would.
>  So, continue to do this if it helps, just don't tell anyone. ;)
>  From 2002:
>  http://diveintomark.org/archives/2002/10/29/club_vs_lojack_solutions

I'm well aware that it's not a viable solution for everybody, that
much is obvious. Iw as even aware that it was not a new technique. I
was simply stating what I found out and the state of the current
spambots as I have seen them.

I had not read that club vs. lojack solution thing before. It's
interesting. But it also indicates that apparently not enough people
are using clubs to make drilling through them worthwhile for the
spammers to do, or at least, to do very often. Drilling through a
hidden form field blocker is trivial, of course, but after over a
month, nobody seems to have bothered.

You're basically correct that if it was in the core code, then it
would be easy enough to bypass, all that has to happen is for the
spammers to load the comment forms up before submitting to them like a
browser would. This would increase load on systems because of the
added page generation and such.

I don't know of a particularly good lojack solution, obviously. I can
think of some ways to do it.

Idea: when spam comes in and is confirmed to be spam, block the IP
from that site for a time period. All access to the site from that IP,
blocked with instant 403. If this gets to enough sites, then rather
rapidly the spammers can't send spam anymore. Problem: Blowback.
Spammers will effectively shut down these sites for dynamic IP users
who happen to get one of those IPs. Plus side: it will encourage ISPs
not to allow spammers onto their networks at all and to take more
proactive measures against this sort of thing.

Anybody else got any other lojack ideas?

More information about the wp-hackers mailing list