rossputin, yep its sick and meaningless. I guess all trackback spam are a pain.

Check this [url=http://randsco.com/index.php/2005/11/18/anti_spam_script]Comment & Trackback anti-SPAM Script [/url]from Scott Kimler.

He's also given some code specific to b2evo.

It's helped me. It should work for you too.

btw, check this [url=http://randsco.com/index.php/2005/06/29/spamback_green_eggs_and_spam]SpamBack[/url] post from Scott on how to get back at the SPAMmers

Cheers

Well, it is indeed very annoying. I have enabled and running captcha, so it would seem they are humans commenting all that nonsense and not spambots. Unless they have deviced a way to decode the verification number.

I think it would be great if one could block regular expressions and not simple character streams, because there are certain words which almost allways appear in the comment, though not together all the time.

Just a note: I've checked the last trackback spam on my blog against the DNS blacklists that Phoenix will provide, and it would have caught 100% (out of 8). That's nice and probably helps in general, because they are mostly using open proxies.

See http://forums.b2evolution.net/viewtopic.php?p=30025 if you know some good default DNS blacklist(s).

I don't think that the comments I'm talking about are trackbacks....and it's hard to imagine that they're not automated. I'll try several of the possible solutions recommended in this thread. Thanks much for your help!

Here's an example of one I got today:

New comment on your post #435 "Travel Photos: Joshua Tree National Park (California)"
http://rossputin.com/blog/index.php/a/2005/08/07/p435

Author: Brandon Blanton (IP: 66.135.34.87, admin.777-best-online-casinos.com)
Email: Anthony@chello.nl
Url: http://www.ifilm.com/
Comment:
I like your blog. It is a very interesting one. when Pair is Slot it will Anticipate Player: http://www.moviesounds.com/ , Game can Double Player Lazy Soldier becomes Superb Girl in final , Greedy Slot is always Faithful Player Bad is feature of Astonishing Grass

I got them to the last 3 days.
dozens of them.

Just remove them as quick as possible and then do the other two things people have suggested earlier in this treath.

Of course they are automated. Would not sound that stupid otherwise.. ^^

The number of these has gone through the roof in the last couple of weeks. I think we may need to move to a comment and trackback moderation system to stem the tide. Interestingly almost all of them seem to be directed ane one specific entry on my site. If someone wrote a comment and trackback moderation plugin for 1.6 I would be thrilled to test it. Going in and deleting these has become a big pain, I'm seeing about 75 a day.

As said, using a DNS blacklist (as hack or plugin) should help a lot.

Apart from that, comment/trackback moderation is on our todo.. so if you want to write a hack for it, you should rather think about contributing to the core.. :)

Actually, I think they are 100% automated. I'm seeing the same kinda comments happening in Blogs using Blogger as their Tool.

And blueyed is right. Why would even the most perverted mind want to leave a SPAM comment that makes no sense whatsover? It seems to be a random pick of words or phrases with a couple of hyperlinks in b'ween.

I was just thinking. Why not make list of the regular SPAMmer sites and Flashmob them once in a while? The 419eaters have effectively closed several fraud sites with this technique.

Works like this. We decide on a partcular day and all of us (that means we need to get the mesage across to all those who are in the suffering list) visit the sites on the SPAMmer list. We go a particular page where there are lotsa images and keep refreshing the page every 10 mins or so. Say 100 of us land up on this page and stay for about 5 hours, the bandwidth for that site is going to hit the ceiling. Either they pay for those extra GBs or their host closes down the site. :D

Another suggestion is to grab images from these sites (fok the copyright bullshit) with the full img src links and make a nice page and upload to someone's webspace. We can keep hitting this page as often as possible just to drive up the bandwidth. If somone is willing to give webspace, I'm volunteering to spend time checking out the sites and getting the image links.

Yep, we will be using up our own bandwidth, but if we gonna declare War, you gotta have some casualities. Here, its the Kill and not the Thrill of the Chase..

I duuno if this will work effectively knowing that only a small amount of bloggers take steps to prevent Comment and ShoutBox SPAM, but I'd love to have some thot process on this.

I took Scott's advice and keep changing the name of the htsrv folder. I did this about 3 days back and since then been SPAM free.

The spammers are most certainly automated, it's not that hard to do and it's much more efficient. As for why there are all the nonsense spams with non-spam sites all the sudden I have a hypothesis about that. I think they're: 1) testing to see what kind of moderation and spam controls you have on your site and 2) trying to get you to give up keeping the spam under control by flooding you with spam that really isn't spam and which you cannot blacklist easily.

I've got some in the two first days of the year and had them deleted from the system, upgraded to Dawn and changed my .htaccess file.

The only difference is that the ones we received contained more than one link in each comment.

It's very annoying! I'm getting no links in the spam, just "Nice blog" type comments. Each IP addres is different, butI'll get a flood with someone giving the same name (but all the email addresses are different). I changed my htsrv folder name as suggested in another thread but it continues.

I've since disabled all comments till someone figures out what to do about this. I've better things to do than spend all my time removing this rubbish.

This seems to have taken off again in the last two days or so. I've been using the "hide HTSRV directory" script for some time now and up until the last few days it has worked wonderfully. I think the spammers have caught on and are now harvesting the HTSRV directory from the page source so changing it has no effect. Can someone point me towards a new solution, perhaps a working CAPTCHA tutorial?

amorangi wrote:

It's very annoying! I'm getting no links in the spam, just "Nice blog" type comments. Each IP addres is different, butI'll get a flood with someone giving the same name (but all the email addresses are different). I changed my htsrv folder name as suggested in another thread but it continues.

Same here. Every morning there are 20-30 spam comments ("Hello admin, nice site ! Good content, eautiful design, thank!") without any links. Which version do you use? Is Dawn or Phoenix better in handling these spammers? (I still use 0.9.0.12 but consider upgrading later today)

Or: Is there an option to set a minimum number of words in a comment? I used this option in an earlier blog script without spam protection and it worked well. Is this possible to implement?

crack open htsrv/comment_post.php and find a line that looks like this and add the red bit :-

param( 'comment' , 'html' );
if ( str_word_count( $comment ) < ## ) die( 'Please type a longer comment');

Change ## to the minimum number of words you want ;)

¥

cool! thanks! works!

I've now additionally installed the "HideHTSRV" Script http://randsco.com/index.php/2005/11/18/anti_spam_script - I guess this will help. It renames the HTSRV folder automatically (via cron).

same here... been running the hidehtsrv via a cron for a while and it worked like a charm until recently, so i just renamed "comment_post.php" yet again and i haven't had any spam since.

maybe the hidehtsrv perl script can rename the comment_post.php file too, but if the spammers are stripping the htsrv dir from the form tag, chances are they'll figure out the comment_post.php name too (damn reg expressions and their never-ending usefulness).

:-/

Hm, the script didn't prevent the spammers from commenting directly. Just got a rather classical comment spam entry. I remember there's a hack to moderate comments. I'll have a look at it tomorrow. Go to bed now. Let's see what I'll face tomorrow when I wake up.

What all these unlinked comment spam posts have in common, is that in my statistics, they appear with the IP-address only. They have no reverse DNS entry (at least those that I've checked) and many of the Ip-addresses are listed in spam databases according to http://www.dnsstuff.com (more than 30-40 hits today, but none of them came through, I guess because of the recently introduced minimum length of comments)

¥åßßå wrote:

crack open htsrv/comment_post.php and find a line that looks like this and add the red bit :-

param( 'comment' , 'html' );
if ( str_word_count( $comment ) < ## ) die( 'Please type a longer comment');

Change ## to the minimum number of words you want ;)

¥

Is it possible to set a maximum word length the same way, let's say 18 characters? It could be a measure against spam as most links are quite long. (This was the only anti-spam-measure/hack my old blog script had to offer and it worked quite well!)

nomad wrote:

Is it possible to set a maximum word length the same way, let's say 18 characters? It could be a measure against spam as most links are quite long. (This was the only anti-spam-measure/hack my old blog script had to offer and it worked quite well!)

Not possible? :o

Here's how I fixed it:

It occurred to me that I was blacklisting the URLs noted in the URL field for this annoying comment spam, but that the spam kept happening anyway. I then looked in htsrv/post_comment.php, and found that the email, username, and body of the spam was checked through the antispam_check function, but the URL wasn't.

So, I modifed the block beginning at line 65 to look like this:

        if( $error = validate_url( $url, $comments_allowed_uri_scheme ) )
        {
                $Messages->add( T_('Supplied URL is invalid: ').$error, 'error' );

        }
        if( antispam_check( $url ) )
                $Messages->add( T_('Supplied URL is Blacklisted'), 'error' );

Let me know if I've misunderstood something about the code, here.

Oh, duh, pulled that secondary check out into its own block. Otherwise, it would only fire if the first check pulled an error.