I have several questions, and I couldn't find anything specific to these already, so I hope this hasn't been covered already.
I'm running several sites on 1.8.2. I was using the anti-spam features and everything seemed cool, until a visitor pointed out that the script was blocking Google as a referrer (not good). I looked through everything and couldn't find it anywhere on the blacklist. So I "un-ticked" the box marked "If a referrer has been detected as spam, should we block the request with a "403 Forbidden" page?" under app settings -> anti-spam.
That fixed things so folks coming from Google weren't getting a 403 page, but now my spam's on the climb.
The past week I've been been getting spam hits in groups all similar to the following:
12/14/06 @ 14:55 · Url: http://www.google.com Ban · IP: 212.24.48.156 · No Spam Karma
In response to: CPSC Recall(s)
Trackback from: IeriWinner_86 [Visitor]
IeriWinner_86
HI! I've have similar topic at my blog! Please check it..
Thanks.
[url=http://www.google.com][/url]
http://www.google.com
PermalinkPermalink Edit Edit... Publish Publish! Deprecate Deprecate! Del Delete!
Visibility: Draft
12/14/06 @ 14:55 · Url: http://www.google.com Ban · IP: 212.24.48.159 · No Spam Karma
In response to: CPSC Issues Recall
Trackback from: IeriWinner_57 [Visitor]
IeriWinner_57
HI! I've have similar topic at my blog! Please check it..
Thanks.
[url=http://www.google.com][/url]
http://www.google.com
PermalinkPermalink Edit Edit... Publish Publish! Deprecate Deprecate! Del Delete!
Visibility: Draft
12/14/06 @ 14:31 · Url: http://www.google.com Ban · IP: 212.24.48.197 · No Spam Karma
In response to: CPSC Recalls
Trackback from: IeriWinner_24 [Visitor]
IeriWinner_24
HI! I've have similar topic at my blog! Please check it..
Thanks.
[url=http://www.google.com][/url]
http://www.google.com
PermalinkPermalink Edit Edit... Publish Publish! Deprecate Deprecate! Del Delete!
Visibility: Draft
12/14/06 @ 12:42 · Url: http://www.google.com Ban · IP: 212.24.48.134 · No Spam Karma
In response to: WFD Crews Assist on 2 Alarm Fire
Trackback from: IeriWinner_41 [Visitor]
IeriWinner_41
HI! I've have similar topic at my blog! Please check it..
Thanks.
[url=http://www.google.com][/url]
http://www.google.com
My questions are these:
1) If I inadvertently banned Google as a referrer - why am I not seeing them in the blacklist when I do a search and how do I un-ban Google?
2) With these new spam hits listing Google as their url, is there a way to ban them by IP or IP range? Or am I missing something here.....??
Thanks for any help.
vapor wrote:
1. You will want to search for any bits that might also match. For example "goo" would match google and therefore block it. As would "gle.com". After finding the keyword that matches part of google I would suggest you re-engage the feature you un-ticked, but that's just me.
2. I don't have trackbacks enabled so I don't pay much attention, but I'm pretty sure there is a setting somewhere that tells your blog to check the trackback originator to ensure the trackback is valid. It might be part of the "basic antispam" plugin? OTOH it seems some spammers are hip to that trick, so your server will work harder and still allow some trackbacks that actually are spam.
Another thing that used to be true is that comment text was searched for matching strings in the antispam list. IF that is still the case now you could simply add "HI! I've have similar topic at my blog!" to your antispam list and block those that you shared here. I do not know if text is checked anymore though, so this too might not be beneficial.
There is no IP banning automagically inside b2evolution. When I find an IP that is particularly offensive I use a feature from my host to add them to my .htaccess file. Looks like 212.24.48.* would be a good one for you to ban, but I always do a whois before I add them to my list.
3. I know - you didn't ask three questions, but I'll pretend you asked "Should I upgrade my blog in light of the security vulnerability that allows someone to deface my blog?" Yes you certainly should! Upgrading to 1.8.6 is painless and will protect your blog for millions of years. Or at least for now ;)