[wp-hackers] wp-denyhost

[Per Søderlind]

Ozh wrote
> >Alexander Beutl
> >>
> >> Cool. Very cool indeed!
> >>
> >> But maybe you could add an option to write this blocking to htaccess
> >> after it was detected to be a "need to block" IP) - this would stop
> >> spammers from even bothering to start the php parser and to load the
> >> stuff wordpress loads before the init actions - when they knock on
> the
> >> door apache would just throw an errorcode after them and hopefully
> hit
> >> their head ;-)
> >>
> 
> >This might work (not tested :)
> >
> >In .htaccess:
> >php_value auto_prepend_file suspect.php
> >
> >suspect.php:
> ><?php
> >define('WP_USE_THEMES', false);
> >require('./wp-blog-header.php');
> >
> >$suspect = $_SERVER["REMOTE_ADDR"];
> >$count = (int) $wpdb->get_var("SELECT COUNT(comment_ID) FROM
> $wpdb->comments  WHERE comment_approved = 'spam' AND >comment_author_IP
> LIKE ('%$suspect%')");
> >
> >if ($count >= 1) {
> >                header("HTTP/1.1 403 Forbidden");
> >                die();
> >}
> >?>
> 
> This might work indeed but is totally overkill and offers no benefit
> from
> using a standard plugin: for any PHP page, including those that may not
> be
> WP related, you're including wp-blog-header.php with does all the WP
> init
> stuff including the 5 to 7 minimum SQL queries, plus all the extra
> queries
> triggered by plugins.
> 
> A slightly more efficient way would be not to include wp-blog-
> header.php
> and to query directly wp_comments without using the $wpdb object (thus
> making one SQL query only)
> 
> What would be even more efficient is that a function within the plugin
> would hardcode "deny from $ip" in the .htaccess itself, maybe with a
> grace
> period, or limited to latest XXX ips to prevent oversized .htaccess
> files
> 

I totally agree that my "pseudo" code is an overkill, a trimmed PHP script
is needed. In real life I might use RewriteMap[1] in http.conf, and stop the
spammer there.

../PerS
[1]: http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritemap