Recent Topics

he's spamming my site with comments! how do i block him?

Started by on Jan 16, 2005 – Contents updated: Jan 16, 2005

Jan 16, 2005 05:57    

my website is full of spam comments now. like 15 spam comments all advertising poker products. how do i block the a$$h0le?

i'm sure this has been discussed before. but instead of getting angry with me for repeating the question, can you direct me to the discussion thread? i searched but i couldn't find it.

thanks,

Jan 16, 2005 07:56

Sometimes the spammer is kind enough to include their link in the "author url" field, but often times not. Most of them write nonsense with every third or fourth word linked to a url. Often the url is a subdir of a domain, meaning "foobar.blahblah.nnn" then "nonsense.blahblah.nnn" then "garbage.blahblah.nnn". They're easily wiped. Look at the comment (click the edit link for easiest access to the full url they are linking) and say to yourself 'I think I'll just delete and ban and report blahblah.nnn'. Now go to your antispam tab and type in 'blahblah.nnn' and click on "nail this useless mofo to an inverted cross" (though that's not the exact text...). It will find the offending comment(s) and give you the chance to delete and ban and report.

Do it. Delete them and ban them and report them.

Oh and if they happened to be kind enough to include 'blahblah.nnn' in the comment author url field you'll have a ban symbol to facilitate the process. Generally speaking though you'll want to see the most efficent way to ban them, and that will be blahblah.nnn instead of any given subdomain associated with blahblah.nnn.

Personally when I get to ban one I get this really cheap thrill out of it. Like some sort of digital payback, ya know?

Jan 16, 2005 08:12

Thanks EdB. Always helpful.

BTW, is there an option in b2evo to ban ip addresses?

Jan 16, 2005 16:24

I've also implemented a captcha for comments so that a random number code is displayed to the user and if they don't enter THAT number, the comment doesn't post. Since impementation - ZERO comment spam.

Jan 16, 2005 16:24

msafi wrote:

BTW, is there an option in b2evo to ban ip addresses?

not yet

Jan 16, 2005 18:31

mattbta wrote:

I've also implemented a captcha for comments so that a random number code is displayed to the user and if they don't enter THAT number, the comment doesn't post

Any chance of posting the code for that mattbta? That's exactly what I need on my site.

Jan 16, 2005 19:10

Yeah - I can do post it. It'll take some time to pretty it up for prime-time.

Jan 16, 2005 19:10

there are a few really simple things that can deter comment spam..

1.maatba is using the same thing im using, and did use on my public b2evo site. you can grab the files here: http://www.village-idiot.org/archives/2004/11/24/captcha-for-b2evolution-revisted/. The original site is here: http://www.gudlyf.com/index.php?p=376

I did not include installation instructions.. the plugin is made for wordpress and it took quite a few file edits to get it to work

2. the other simple thing is to rename the file that is responsible for the http_post of any comments -- spammers arent actually visiting your site, they know the names of the files, they look for those, all the items are remotely submitted

3. another idea, similar to captcha but easier to do if your especially lazy, is just to require an extra field, like your name.
For instance, You have a input box .. next to the box you say
Tom's first name : _____

They have to put Tom in the box

Believe it or not, that works, as long as you check it before the (comment) form is submitted.

--

By the way, None of the above methods will prevent referer spamming, just comment spamming. my .htaccess is publically available on my site in several entries (its an ongoing problem, despite the fact that my stats arent public) to combat simple referer spamming.

I have not gotten ANY comment spam since renaming the file responsible for comment submission-- if that can be done within b2evo as easily as it can be done in worpress, thats by far the simplest way to deter them.

Cant help anymore right now, football is on :)

-----------

a quick look at _feedback.php showed me this:

Code

<!-- form to add a comment -->
    <form action="<?php echo $htsrv_url ?>/comment_post.php" method="post" class="bComment">

thats the page that takes the comment-- believe it or not renaming that file, and ALL instances in other files that call that will prevent comment spam. If you check your apache logs, you can see that they are hitting that page with impunity, simply because they know the name. rename it to somethign obscure and youre set. You obviously need to make sure to rename all of the other instances also though.

Jan 16, 2005 19:25

comment_post.php is called twice as far as I can tell--, for anyone wondering how simple is is to rename that file, and all instances:

inside admin/_edit_showposts.php:

Code

<form action="<?php echo $htsrv_url ?>/comment_post.php" method="post" class="bComment">

inside _feedback.php:

Code

<!-- form to add a comment -->
    <form action="<?php echo $htsrv_url ?>/comment_post.php" method="post" id="commentform">

you would then need to rename the actual file..

Jan 16, 2005 20:43

The new file name shows up in your source code, so the 'person' who searched for a sequence of key words from the comment form area will get the new form name. They might not use it, but since it's there in a predictable and repeatable place it's an easy thing to programmically snag.

http://www.google.com/search?num=100&hl=en&lr=&safe=off&q=inurl%3A.php%2F+XHTML+Auto-BR+Trackback+%2FUrl%3A&btnG=Search

showed up in my search results. I wonder if I should be celebrating my number one position?

I like the "type this word" method better. Altering the bot code to find something unpredictable is possible but extremely unlikely, so it should be okay. I'm also figuring on putting the check in the comment_form file with an errors_add so the human can go back and type Tom's name again. Just in case they thought Tom's name was Bob.

OTOH I don't get much in the way of comment spam, so why fix it? It's the new one-shot referer probes that are getting me annoyed.

Jan 16, 2005 20:49

edb, if you check my site, you will see that the renamed page I use is viewable in my source. It doesnt matter, theyre not looking at your source-- they (the spammers) already know what the name of the pages are by defualt-- that is what they are looking for.

I can show my logs, where hit after hit came in looking for the defualt comment submission page. http_posts are done remotely using scripts by spammers -- theyre not searching out source in pages, or even looking at your pages, for that matter.

reffy (search it) comes with over 3000 blog sites included for just that purpose.

as for fixing it, if you dont have a problem, why would you. My suggestion was for those that are having a problem, and are looking for a very very simple solution.

if you check my .htaccess, nearly every single url ive included within the mod rewrite code has attempted unsuccessfully to comment spam my site, and not one has succeeded. I use the mod rewrite just because I dislike the referer spam; comment spam has not been any sort of problem for me, since renaming the file.

its just one more thing that deters them, thats all. using them all works for me, and thats all I worry about in the end

Jan 17, 2005 09:15

whoo wrote:

... It doesnt matter, theyre not looking at your source ...

Yeah I know. In the case of the search I pasted above it doesn't matter because the target apparently wasn't comment spamming - it was a good search to find b2evo domains to hit with referer spam.

Suppose half the b2evo users changed the file name. Suddenly the spam bot success rate (and therefore the financial reward for spamming) is cut in half. Think they'll all just give up and get real jobs, or figure out what the deal is and what to do about it? Think they'll figure out to strip the source for the action on a form tag with a textarea in it? In other words that method fails as soon as lots of people employ it. It's much harder to figure out which field any particular user is requiring and what the content of that field needs to be, so if half the users went with a "toms first name" thing it'll last longer as a defense. Realistically half the users won't switch, and even if half did it would be a gradual change. Therefore those making money off the spam process probably wouldn't notice, so they wouldn't be motivated to modify their bots. Then again why implement a method that is easily thwarted by the vermin? Why not go with something with a higher likelyhood of survival over time?

Anyway that's why I went with "Type bobo" for people either not logged in or who don't have the name cookie from previously commenting. No sense in waiting for an issue when a reasonable solution is settin' there on the table eh?

Jan 17, 2005 13:10

EdB wrote:

Suppose half the b2evo users changed the file name.

are they changing it to the same name? of course that wont work :) thats why you name it something unique obviously ;)

i may test this this week, by removing my captcha, just to see which is doing the most good. Ill letcha know.

i actually had a similar issue with my nieces advanced guestbook install, I set her up with junkkeaters, or junkbusters, cant reme exactly what its called, to ward off the spam. I noticed after doing it, that the spam was getting past thier captcha, and looking at that logs, that the ips were different than the regular posters (that were using the captcha)(in the logs, users that do the captcha have thier ips changed to a junkbuster ip, since that becomes the ip of the submission, or something). I changed the page that does the http_post and voila, there hasnt been a single spam comment since.

Jan 25, 2005 05:35

Hi all

Great hack this is, as I have been getting regular spam lately in comments.

Can one of you fine gents post some simple instructions to add this function to a B2evo blog?

I am a php dummie and while can do simple stuff, I am not confident in this style of hack.

thanks a ton
gacjezv

Jan 25, 2005 06:02

Whoo's "rename the file" method is covered really well. You find the two files she mentioned and change "comment_post.php" to "gabbagabbahey.php" or whatever floats your boat, then change comment_post.php to gabbagabbahey.php (or whatever previously supported your previously mentioned sailing vessel).

The "type a word" thins is a little more complex. If you want it let me know and I'll type it up when I'm thinking clearer.

Jan 25, 2005 06:04

gacjezv,

I saw your comment on my blog.. Ill work on putting something together this week for you. It was a little tough to set up but it worked.

Jan 25, 2005 06:14

whoo wrote:

are they changing it to the same name? of course that wont work :) thats why you name it something unique obviously

Sorry. I missed that.

It's still the same exact tag that provides a unique file name. Look for form tag, note action. Look for textarea, spam action from form tag.

By doing the special field the spammer has to figure which field is the trigger and what value belongs in it. You can make it be a check box or a set of radio buttons or a text field. If you go with text you can tell the visitor what to type or use a gif or say "type my domain name here". Good luck coding a bot that will work through all that eh?

No biggie. They'll work through anything if money depends on it.

Jan 25, 2005 06:18

edb,

I wouldnt have recommended the "input my name" thing if I didnt think it was worth trying :)

I dont want to argue about the idea of changing the name of the file, but Im going to say it again. They arent reading the page.. they are looking for sites using the default file names -- therefore not using a default name takes you out of that loop.

It all works, it all helps, that was my only point. What someone chooses to try or not try is entirely up to them -- they were suggestions, thats all.

Jan 25, 2005 06:25

good work guys, I appreciate that.

whoo, I'll wait for your summary and give it a crack.

Edb, as always a very helpful person, thanks

gacjezv

Jan 26, 2005 13:30

I have also been comment-spammed and renamed the comment file and edited the two entries in the other file to reflect the new name.

However, it seems that no longer a message is sent to me whenever there is a new comment posted.

Is this correct and if so, what else needs to be fixed?

Jan 26, 2005 15:27

whoo wrote:

I dont want to argue about the idea of changing the name of the file, but Im going to say it again. They arent reading the page.. they are looking for sites using the default file names -- therefore not using a default name takes you out of that loop.

Okay so I'll repeat myself. If everyone changes to a unique file name then the spam bots will change to find the unique file name.

http://www.cs.berkeley.edu/~mori/gimpy/gimpy.html

Do you think they won't change to something as simple as reading the source code for a unique file name IF they learned the current method no longer worked?

Jan 26, 2005 16:26

edb,
the title of this thread is "he's spamming my site with comments! how do i block him?" I answered with 3 suggestions, I think.

If you want to debate hypotheticals related to spam, we can though-- do I really care what someone does in the future? prolly not, I will just deal with that in the future (thats me though). Im (again just me, but it is related to the title of this post) going to deal with here and nows.

if "everyone" changed to a unique file name ...", as you said .. My answer: I really dont know, Im not a spammer. Second, I doubt thats even a plausible hypothetical *unless* it were configured setting, or something
along those lines. Third, what are the chances of the entire b2evo user community doing that as a result of this thread? Slim to none. Fourth, since that prolly wont happen, why bother writing a script when its already so easy to do it the way thats been done for a while already? There are thousands of unattended blogs out there to hit already.

Second, the link about the captcha is great but what does it prove? That they have found a way around it? OK, so what? Are you suggesting that captchas shouldnt be used? They might become inaffective in the future--that said though, I wouldnt argue against their use *now* anymore then I would argue against anything else's use.

Spam is like crime, its inevitable. We are never goint to be free of it. You deter it. The more roadblocks the better.

I'm really wondering what you are trying to prove -- my suggestions dont lack merit, and were presented as just that, suggestions, not sure fire cures, or end alls and yet you seem intent on turning this into some strange debate.

I use everything in my arsenal to keep my site from becoming a spammers lovefest-- why wouldnt anyone else do the same if they were having trouble?

Something else that occurred to me:

"If everyone changes to a unique file name then the spam bots will change to find the unique file name."

Is this a bad thing, prima faci? I dont think so. IF that were the inevitable outcome wouldnt anyone who has been the target of spam find pleasure in causing them to have to change, and maybe, just maybe have to do a little more work than a simple google search????? I sure would.

Jan 26, 2005 18:59

sagefire wrote:

If only members can comment, I think Comment SPAM is dead.

it's not because there are already bots in-the-wild that know how to join membership - only for special, not customized portals or blogs yet.

Jan 26, 2005 19:43

thats correct, kiesow, they are alive and well for phpBB, easily spotted but still there. fortunately, they are easily detered too > http://boonedocks.net/mike/index.php?/archives/49-PHPBB-Member-List-Link-Spam.html for instance

Notice, there is a comment in the post that says, "We'll be safe until the bots figure out how to grab and send the hidden data." I think that goes to the heart of my reply to edb..

Additionally, some people might not want to have restrict thier site to just members -- I dont.

its another philosophical debate -- but I find that requiring someone to register to post, ESPECIALLY when their is no email verification to accompany registration is, for lack of a better term, dumb. Also, It's a blog, not a fourm. :roll:

Obviously, you (generally speaking) have to decide whats most important to you, and move forward from there, hopefully finding a happy medium.

Personally, I allow anonymous comments, and I use whatever is available to combat spam in the process -- so far so good, I have absolutely no complaints.

Jan 26, 2005 20:18

LordFox wrote:

I have also been comment-spammed and renamed the comment file and edited the two entries in the other file to reflect the new name.

However, it seems that no longer a message is sent to me whenever there is a new comment posted.

Is this correct and if so, what else needs to be fixed?

just so you know, I wasnt ignoring you -- I personally cant help until I get home so i didnt want to reply without knowing.

Jan 27, 2005 01:34

LordFox wrote:

I have also been comment-spammed and renamed the comment file and edited the two entries in the other file to reflect the new name.

However, it seems that no longer a message is sent to me whenever there is a new comment posted.

Is this correct and if so, what else needs to be fixed?

lordfox, dont laugh, but i cant even find where you have turned on comment notification? I apparantly never had it turned on. :P

Jan 27, 2005 07:38

whoo wrote:

lordfox, dont laugh, but i cant even find where you have turned on comment notification? I apparantly never had it turned on. :P

LOL. Well, that's gonna be a though one to crack then. I'll see what I can figure out about that feature. It was a good way to keep a check on the blog - I knew instantly when I got spammed and could remove the spam right away. Unfortunately, it got to be around twice each hour and that was a bit too much. I would like to get the notification working again, though, so I can keep an eye on what legitimate visitors have to say...

Jan 27, 2005 16:00

well, no, I can help if you just point to where (if) you actually turned it on?

Jan 28, 2005 10:08

kiesow wrote:

sagefire wrote:

If only members can comment, I think Comment SPAM is dead.

it's not because there are already bots in-the-wild that know how to join membership - only for special, not customized portals or blogs yet.

Wow, this stuff is getting incidious. I also understand the later quote about wanting to leave it totally open, but I just feel differently about it. For my particular site, I don't see a problem with having people register (even if the registration process leaves a lot to be desired).

I hope to have an option that you need to be at least a Level 1 Member to post show up sooner or later. Making it an option (and not the default one) will make me one very happy b2evo user.

Jan 28, 2005 11:51

whoo@work wrote:

well, no, I can help if you just point to where (if) you actually turned it on?

I can't find where I turned it on - it was the first thing I looked for as I presumed there was another link to the old file that I had to change to the new filename.... It just always was working, and now it seems to have stopped... :(

Feb 22, 2005 05:49

whoo@work wrote:

edb,
"If everyone changes to a unique file name then the spam bots will change to find the unique file name."

I think change file name couldn't be a well solution. They can write some script easily to detect the "new filename", because it is a public information.
For example, on my site where in the single page mode, everybody can see the information in the source code:

Code

<form action="http://www.j2.idv.tw/htsrv/comment_post_change.php" method="post" id="commentform">

If I am a spammer, just write a scanner to find the tag <form ...> and the attribute *action=*, then pick string between *action="* and *"*.

Although there is no spam comment after I changed file name, last night they should changed the code for us :-/ . There had around 50 spam comments on my site in one hour, I was in a bit of a mood when I saw that this morning :>

So I find a strategy. Something I found in htsrv/comment_post.php

Code

$query = "INSERT INTO
         $tablecomments( comment_post_ID, comment_type,
                                   bala bala bala...
         VALUES( $comment_post_ID, 'comment',      
                                   bala bala bala...

I think in any case *they* need to write query statement to INSERT table evo_comments. My strategy is that if I ALTER the comment_author_url field and named myself, they may not achieve query INSERT, and got mysql error. And they don't know the field name, because they can't got MYSQL table list easily.
I need some opinion about this... thanks~


Form is loading...

blog tool – This forum is powered by b2evolution CMS, a complete engine for your website.