Recent Topics

1 Aug 25, 2005 23:50    

So, I am very reluctant to employ one of the more complicated antispam solutions listed in the plugins and hacks forum. In fact, after [url=http://forums.b2evolution.net/viewtopic.php?t=4722]the small little hack I did[/url] that turns displaying of the antispam table off, I've been pretty happy with the out-of-the-box antispam tools and reporting in b2evo.

However, spammers seem to have realized that if they place a common url ("google.com", "yahoo.com", etc.) in the URL field of a comment and some dorky email address (that changes each spam) in the email field, they can put as many links as they want in the comment text which the default out-of-the-box b2evo antispam tools don't check for. And removing these comments gets to be a pain as all the referer hits load first (which you have to deselect).

So, first, I'm wondering if anyone has done a small hack to the b2antispam.php to check comment text for keywords... would this be to computationally intense? That is, let's say a spammer is inserting links to bazabooo.ja.ro or something (made that up) all in comment text. Would it be unrealistic to have the "check and ban" function look for this text in the comment text too?

I thought I'd ask before I started hacking.

2 Aug 26, 2005 00:28

Comments are already checked against the ban list, but only the linked url. As you've noticed, the body of the comment isn't INITIALLY checked. Guess what! The body of a comment is rechecked if you do a "recheck" from your antispam list.

That doesn't address your immediate problem, so I will recommend whoo's trick: rename your htsrv folder. Call it whatever you like - something like chocolatecoveredbumblebeesdippedinwax maybe. You then have to edit ONE line in your conf/_advanced.php file. In it find "$htsrv_subdir = 'htsrv';" and replace the htsrv part with chocolatecoveredbumblebeesdippedinwax.

To be honest, ccbbdiw is a bit long. You might want to be a bit more generic and dip all chocolate covered bees in wax.

Seriously, it's super-simple to do and will flat-out stop automated comments aimed at your htsrv folder. If the spammers happen to be real humans clicking links and typing words then it won't work, but nothing other than the blacklist will work against humans.

Update often, recheck everything, and report new spammers like your blog depended on it.

3 Aug 26, 2005 00:33

Wicked, Ed... you are a b2evo=>god.


Form is loading...