Recent Topics

1 Dec 07, 2005 16:31    

Hi there,

I was wondering if anyone had any thoughts on this:

I've been getting a lot of spam comments. They usually start with something like "cool site" or "very interesting site", and then go on with what appears to be a sentence made of randomly selected words, often including a link.

And there is usually a URL associated with the comment, as well as an e-mail. The URL is often one I have linked to in a prior blog posting. The e-mail is usually a generic first name @ a generic host like msn or yahoo.

Since the links are not to gambling/porn/etc, but just to harmless sites that I've already linked to, like the BBC or CNN, I don't understand what the purpose of the spammers is other than to waste my time deleting them posts.

Anybody else getting hit with these?

Anybody know why it's happening?

And how about the best way to prevent them? I don't think I currently require someone to sign in or register to comment...and at that last update to "Dawn", I lost captcha. I suppose I could put captcha back in if the experts think that would do it!

Thanks in advance for any thoughts on this!!!

Rossputin
http://blog.rossputin.com

Here's an example comment:

Author: jesse chapman (IP: 64.237.42.42, hell.flamed.net)
Email: cameron@yahoo.com
Url: http://www.detnews.com/
Comment:
great blog. it's nice to be here! central grass love or not: http://www.foxnews.com/ , when Slot is Opponents it will Forecast Game when grass is circle it will do plane , Green Round Expect or not when girl forecast opponents increase

2 Dec 07, 2005 16:57

rossputin, yep its sick and meaningless. I guess all trackback spam are a pain.

Check this [url=http://randsco.com/index.php/2005/11/18/anti_spam_script]Comment & Trackback anti-SPAM Script [/url]from Scott Kimler.

He's also given some code specific to b2evo.

It's helped me. It should work for you too.

btw, check this [url=http://randsco.com/index.php/2005/06/29/spamback_green_eggs_and_spam]SpamBack[/url] post from Scott on how to get back at the SPAMmers

Cheers

3 Dec 08, 2005 08:54

Well, it is indeed very annoying. I have enabled and running captcha, so it would seem they are humans commenting all that nonsense and not spambots. Unless they have deviced a way to decode the verification number.

I think it would be great if one could block regular expressions and not simple character streams, because there are certain words which almost allways appear in the comment, though not together all the time.

4 Dec 09, 2005 01:49

Just a note: I've checked the last trackback spam on my blog against the DNS blacklists that Phoenix will provide, and it would have caught 100% (out of 8). That's nice and probably helps in general, because they are mostly using open proxies.

See http://forums.b2evolution.net/viewtopic.php?p=30025 if you know some good default DNS blacklist(s).

5 Dec 09, 2005 16:25

I don't think that the comments I'm talking about are trackbacks....and it's hard to imagine that they're not automated. I'll try several of the possible solutions recommended in this thread. Thanks much for your help!

Here's an example of one I got today:

New comment on your post #435 "Travel Photos: Joshua Tree National Park (California)"
http://rossputin.com/blog/index.php/a/2005/08/07/p435

Author: Brandon Blanton (IP: 66.135.34.87, admin.777-best-online-casinos.com)
Email: Anthony@chello.nl
Url: http://www.ifilm.com/
Comment:
I like your blog. It is a very interesting one. when Pair is Slot it will Anticipate Player: http://www.moviesounds.com/ , Game can Double Player Lazy Soldier becomes Superb Girl in final , Greedy Slot is always Faithful Player Bad is feature of Astonishing Grass

6 Dec 09, 2005 18:15

I got them to the last 3 days.
dozens of them.

Just remove them as quick as possible and then do the other two things people have suggested earlier in this treath.

7 Dec 09, 2005 19:51

Of course they are automated. Would not sound that stupid otherwise.. ^^

8 Dec 10, 2005 20:12

The number of these has gone through the roof in the last couple of weeks. I think we may need to move to a comment and trackback moderation system to stem the tide. Interestingly almost all of them seem to be directed ane one specific entry on my site. If someone wrote a comment and trackback moderation plugin for 1.6 I would be thrilled to test it. Going in and deleting these has become a big pain, I'm seeing about 75 a day.

9 Dec 11, 2005 01:02

As said, using a DNS blacklist (as hack or plugin) should help a lot.

Apart from that, comment/trackback moderation is on our todo.. so if you want to write a hack for it, you should rather think about contributing to the core.. :)

10 Dec 11, 2005 15:57

Actually, I think they are 100% automated. I'm seeing the same kinda comments happening in Blogs using Blogger as their Tool.

And blueyed is right. Why would even the most perverted mind want to leave a SPAM comment that makes no sense whatsover? It seems to be a random pick of words or phrases with a couple of hyperlinks in b'ween.

I was just thinking. Why not make list of the regular SPAMmer sites and Flashmob them once in a while? The 419eaters have effectively closed several fraud sites with this technique.

Works like this. We decide on a partcular day and all of us (that means we need to get the mesage across to all those who are in the suffering list) visit the sites on the SPAMmer list. We go a particular page where there are lotsa images and keep refreshing the page every 10 mins or so. Say 100 of us land up on this page and stay for about 5 hours, the bandwidth for that site is going to hit the ceiling. Either they pay for those extra GBs or their host closes down the site. :D

Another suggestion is to grab images from these sites (fok the copyright bullshit) with the full img src links and make a nice page and upload to someone's webspace. We can keep hitting this page as often as possible just to drive up the bandwidth. If somone is willing to give webspace, I'm volunteering to spend time checking out the sites and getting the image links.

Yep, we will be using up our own bandwidth, but if we gonna declare War, you gotta have some casualities. Here, its the Kill and not the Thrill of the Chase..

I duuno if this will work effectively knowing that only a small amount of bloggers take steps to prevent Comment and ShoutBox SPAM, but I'd love to have some thot process on this.

I took Scott's advice and keep changing the name of the htsrv folder. I did this about 3 days back and since then been SPAM free.

11 Dec 11, 2005 19:14

The spammers are most certainly automated, it's not that hard to do and it's much more efficient. As for why there are all the nonsense spams with non-spam sites all the sudden I have a hypothesis about that. I think they're: 1) testing to see what kind of moderation and spam controls you have on your site and 2) trying to get you to give up keeping the spam under control by flooding you with spam that really isn't spam and which you cannot blacklist easily.

12 Jan 12, 2006 04:44

I've got some in the two first days of the year and had them deleted from the system, upgraded to Dawn and changed my .htaccess file.

The only difference is that the ones we received contained more than one link in each comment.

13 Jan 14, 2006 06:47

It's very annoying! I'm getting no links in the spam, just "Nice blog" type comments. Each IP addres is different, butI'll get a flood with someone giving the same name (but all the email addresses are different). I changed my htsrv folder name as suggested in another thread but it continues.

I've since disabled all comments till someone figures out what to do about this. I've better things to do than spend all my time removing this rubbish.

14 Jan 14, 2006 08:27

This seems to have taken off again in the last two days or so. I've been using the "hide HTSRV directory" script for some time now and up until the last few days it has worked wonderfully. I think the spammers have caught on and are now harvesting the HTSRV directory from the page source so changing it has no effect. Can someone point me towards a new solution, perhaps a working CAPTCHA tutorial?

15 Jan 14, 2006 13:04

amorangi wrote:

It's very annoying! I'm getting no links in the spam, just "Nice blog" type comments. Each IP addres is different, butI'll get a flood with someone giving the same name (but all the email addresses are different). I changed my htsrv folder name as suggested in another thread but it continues.

Same here. Every morning there are 20-30 spam comments ("Hello admin, nice site ! Good content, eautiful design, thank!") without any links. Which version do you use? Is Dawn or Phoenix better in handling these spammers? (I still use 0.9.0.12 but consider upgrading later today)

Or: Is there an option to set a minimum number of words in a comment? I used this option in an earlier blog script without spam protection and it worked well. Is this possible to implement?

16 Jan 14, 2006 13:24

crack open htsrv/comment_post.php and find a line that looks like this and add the red bit :-

param( 'comment' , 'html' );
if ( str_word_count( $comment ) < ## ) die( 'Please type a longer comment');

Change ## to the minimum number of words you want ;)

¥

18 Jan 14, 2006 16:08

same here... been running the hidehtsrv via a cron for a while and it worked like a charm until recently, so i just renamed "comment_post.php" yet again and i haven't had any spam since.

maybe the hidehtsrv perl script can rename the comment_post.php file too, but if the spammers are stripping the htsrv dir from the form tag, chances are they'll figure out the comment_post.php name too (damn reg expressions and their never-ending usefulness).

:-/

19 Jan 15, 2006 02:14

Hm, the script didn't prevent the spammers from commenting directly. Just got a rather classical comment spam entry. I remember there's a hack to moderate comments. I'll have a look at it tomorrow. Go to bed now. Let's see what I'll face tomorrow when I wake up.

20 Jan 18, 2006 12:27

What all these unlinked comment spam posts have in common, is that in my statistics, they appear with the IP-address only. They have no reverse DNS entry (at least those that I've checked) and many of the Ip-addresses are listed in spam databases according to http://www.dnsstuff.com (more than 30-40 hits today, but none of them came through, I guess because of the recently introduced minimum length of comments)

21 Feb 20, 2006 22:39

¥åßßå wrote:

crack open htsrv/comment_post.php and find a line that looks like this and add the red bit :-

param( 'comment' , 'html' );
if ( str_word_count( $comment ) < ## ) die( 'Please type a longer comment');

Change ## to the minimum number of words you want ;)

¥

Is it possible to set a maximum word length the same way, let's say 18 characters? It could be a measure against spam as most links are quite long. (This was the only anti-spam-measure/hack my old blog script had to offer and it worked quite well!)

22 Feb 23, 2006 12:10

nomad wrote:

Is it possible to set a maximum word length the same way, let's say 18 characters? It could be a measure against spam as most links are quite long. (This was the only anti-spam-measure/hack my old blog script had to offer and it worked quite well!)

Not possible? :o

23 Mar 01, 2006 06:26

Here's how I fixed it:

It occurred to me that I was blacklisting the URLs noted in the URL field for this annoying comment spam, but that the spam kept happening anyway. I then looked in htsrv/post_comment.php, and found that the email, username, and body of the spam was checked through the antispam_check function, but the URL wasn't.

So, I modifed the block beginning at line 65 to look like this:

        if( $error = validate_url( $url, $comments_allowed_uri_scheme ) )
        {
                $Messages->add( T_('Supplied URL is invalid: ').$error, 'error' );

        }
        if( antispam_check( $url ) )
                $Messages->add( T_('Supplied URL is Blacklisted'), 'error' );

Let me know if I've misunderstood something about the code, here.

24 Mar 01, 2006 06:37

Oh, duh, pulled that secondary check out into its own block. Otherwise, it would only fire if the first check pulled an error.


Form is loading...