Recent Topics

Still getting tons of referrer spam in 4.0.5

started by on Oct 09, 2011 – Last touched: Oct 09, 2011

Oct 09, 2011 04:17    

I'm running version 4.0.5, and I've updated the central spam blacklist, but I'm still getting TONS of referrer spam. Comment spam is not a problem. Just referrer spam. My stats page is pretty much useless. Is there something I'm not doing that I'm supposed to be doing??

Oct 09, 2011 07:34

You can't effectively protect your blog from referrer spam unless:
- spam comes from the same IPs every time
- spammers request weird/non-existing URLs
- you get several hits at the same time with the same referrer from the same IP. I usually get 6 spam hits within 2 seconds time span

Spam referres are usually base domains with no extra path or params.

With all these factors in mind we can create an effective plugin to stop referrer spam. We can assign weights (karma) if a hit includes the factors I wrote above, and at some point block the hit if it gets enough spam weight.

I may create such plugin one day cause I my websites get a lot of referrer spam hits too.

Oct 12, 2011 02:18

I find that much of my spam is coming from IP addresses beginning with 173. Is it possible to search the hits by IP? Alternately, does it pose any problems if I go into phpMyAdmin and delete spam entries directly from the DB?

Oct 12, 2011 02:58

Is it possible to search the hits by IP?

Yes, on Users > User Sessions > Sessions. However you can't ban IP addresses within b2evo. Google for "htaccess block ip"

Feb 12, 2012 00:14

sam2kb wrote:

You can't effectively protect your blog from referrer spam unless:
- spam comes from the same IPs every time
- spammers request weird/non-existing URLs
- you get several hits at the same time with the same referrer from the same IP. I usually get 6 spam hits within 2 seconds time span

Such phrasing doesn't make any sense to me
if to minimally read posts in blackhat forums.

Spambots/spammers usually engage a few compromised IPs, don't repeat posting from the same IP in short period of time (repeating it from the same IP once with a period of 1-3 days).
Only when used to blacklist compromised IPs.

Since professional spamming is being done from compromised IPs, the question are:

  • Should not it be more effective and correct to indorm/warn the owners of of IPs/domains about blaklisting instead of doing it sneakily penalizing innocent victims of hacking?
  • What is the sense of central blacklisting by incoming IPs instead oflocal filtering the postings by IPs/URL (and phrases) being inserted/promoted by the spam?
  • Blacklisting should be symmetrical:
    • the owners of source and target IPs should be notified and given chance to protect themselves as well as to remove themselves from blacklisting.
    • [/list:u]
      Otherwise, blacklisting is too easy to use for dumping competitors and/or enemies , vandalism, hooliganism, etc.
      [/list:u]


Form is loading...

powered by b2evolution – This forum is powered by b2evolution CMS, a complete engine for your website.