[wp-hackers] wp-denyhost
Ozh
ozh at planetozh.com
Fri Apr 18 08:06:20 GMT 2008
>Alexander Beutl
>>
>> Cool. Very cool indeed!
>>
>> But maybe you could add an option to write this blocking to htaccess
>> after it was detected to be a "need to block" IP) - this would stop
>> spammers from even bothering to start the php parser and to load the
>> stuff wordpress loads before the init actions - when they knock on the
>> door apache would just throw an errorcode after them and hopefully hit
>> their head ;-)
>>
>This might work (not tested :)
>
>In .htaccess:
>php_value auto_prepend_file suspect.php
>
>suspect.php:
><?php
>define('WP_USE_THEMES', false);
>require('./wp-blog-header.php');
>
>$suspect = $_SERVER["REMOTE_ADDR"];
>$count = (int) $wpdb->get_var("SELECT COUNT(comment_ID) FROM
$wpdb->comments WHERE comment_approved = 'spam' AND >comment_author_IP
LIKE ('%$suspect%')");
>
>if ($count >= 1) {
> header("HTTP/1.1 403 Forbidden");
> die();
>}
>?>
>
>../PerS
This might work indeed but is totally overkill and offers no benefit from
using a standard plugin: for any PHP page, including those that may not be
WP related, you're including wp-blog-header.php with does all the WP init
stuff including the 5 to 7 minimum SQL queries, plus all the extra queries
triggered by plugins.
A slightly more efficient way would be not to include wp-blog-header.php
and to query directly wp_comments without using the $wpdb object (thus
making one SQL query only)
What would be even more efficient is that a function within the plugin
would hardcode "deny from $ip" in the .htaccess itself, maybe with a grace
period, or limited to latest XXX ips to prevent oversized .htaccess files
Ozh
More information about the wp-hackers
mailing list