Recent Topics

Rename scripts to avoid spam

Started by on Mar 02, 2005 – Contents updated: Mar 02, 2005

Mar 02, 2005 17:27    

Here's an idea I got from my time fighting comment spam in Movable Type. You can rename the comment script so that spammers can't find it by searching for the stock filename. I think a lot of spammers just type "comment_post.php" into Google and then access your script directly, rather than through your comment form. If you rename this script, then they'll get a 404 file not found when they try to spam you (at least until they really visit your site and find out the new file name.) If you do this on a new install before it gets indexed by search engines, then you'll lower the chances of spammers finding your comment script to begin with. I had pretty good results with this method in MT. Here's how to do it in b2evo:

First, rename the file /htsrv/comment_post.php to something else, make it something fairly random, we'll say "rowsdower.php." Now go to /skins/_feedback.php and search the file for "comment_post.php" and replace it with "rowsdower.php." If you have any skins that don't require the main _feedback.php (they have the code in the skin's own _feedback.php, then you'll need to make this change there, too. You also need to change admin/edit_showposts.php. Search of "comment_post.php" and change it to "rowsdower.php" You can repeat this process again any time spammers find you. Remember, choose a random name each time.

I want to do the same thing for trackback.php, but I can't find where to change it. In _feedback.php it calls the trackback url from the database. If anyone can tell me where to change the filename of the trackback script, I would be grateful.

Bonus points to anyone who can tell me where the name Rowsdower came from.

Mar 02, 2005 17:55

Oops. Well, at least it's in the form of a howto post now, so someone doesn't have to read the whole thread to get the steps for doing it. Isn't that the point of the howto forum?

Also, can anyone tell me what I need to do to rename the trackback script?

Mar 02, 2005 18:05

personman wrote:

... Isn't that the point of the howto forum? ...

Nope. http://forums.b2evolution.net/viewtopic.php?t=1559 Much more appropriate in the Plugins & Hacks form. The Forums Index wrote:

Share your b2evo plugins, hacks and mods here

(By the way the end of that thread shows renaming the file was already defeated - better to go with "Toms name is")

Mar 02, 2005 18:12

EdB wrote:

...defeated - better to go with "Toms name is")

notice he didnt suggest using captcha?

lol, the ever-ongoing debate about how to defeat spam. my site isnt defeated, so whats that prove?

Use whatever you want, change it if it doesnt work. simple as that. edb just didnt like my suggestion (laughed it off from the get-go) :P I dont mind honest.

Mar 02, 2005 18:17

Ok, you guys clearly have some history here. I didn't intend to re-start a debate. Don't forget that the spammers are the real bad guy.

Mar 02, 2005 18:30

im making a funny. see the smilie.

Im all about doing whatever you feel you need to do. it might work for one person and not another. Just like I said.

edb is a good guy and works harder than anyone on this forum to answer questions that most usually have already been answered, once, twice, three times :) he opts for one solution regarding spam I opt for others, thankfully we dont share a blog, and we arent married :lol:

Mar 03, 2005 09:28

whoo wrote:

... and we arent married :lol:

This got me thinking! When will we see our first b2evo wedding? Can I buy a new hat?? :lol: :lol: :lol: :lol: :lol:

Mar 05, 2005 04:18

And change the shirt okay? BTW the day I make the marriage mistake again is the day someone is more than welcome to shoot my miserable a**. Notice no smilie? (Inebriation has it's limits!)

Whoo is right on in recognizing that multiple methods work. I have an aversion to asking too much of my visitors, especially since I don't get that many comments (and don't want to deter them...). The captcha method is breakable, but blogs are probably not worth breaking it for. Spammers, after all, have a price/value relationship to consider... Thus if you're cool using a renamed form or a captcha thingie then go for it!

Changing the file name is perfectly valid UNLESS you happen to be personally and specifically targeted. The "Toms name is" method is also defeatable, especially for the specifically targeted blog, but is less likely to be broken in a general sort of way. Plus, as I think I said, I bypass it for those who accept the "I made a comment on yer blog" cookie. I've not experimented with captcha (and that word *always* makes my keybored spell porely), but I suspect one could do the same with it. The "rename the file" method is *much* simpler for your visitor(s).

Blah. I got 10 hours on the road tomorrow just to unload old glider for enough cash to get this house on the market. Blech.

Mar 08, 2005 21:46

This really has nothing to do with the topic at hand, but bonus points are nice. "Rowsdower" comes from MST3K...

"Rowsdower Saves us and Saves all the World!"

"So, Rowsdower... is that a stupid name?"

And so on... good choice of names :D

Mar 09, 2005 00:40

"Okay, but this is the Final Sacrifice..."

Great movie. Glad to know my friends and I aren't the only ones that enjoy them.


Form is loading...

Open Source CMS – This forum is powered by b2evolution CMS, a complete engine for your website.