1 monica Mar 25, 2006 01:44
3 monica Mar 25, 2006 04:13
Thank you EdB I appreciate your help
4 solecist May 10, 2006 15:14
How do I know if its a trackback or a comment robot? I've tried turning off trackbacks, but it seems that the comment spam doesn't stop.
5 stk May 10, 2006 18:32
There are 4 comment types (comment | linkback | trackback | pingback) and if you use myPhhAdmin to look at the evo_comments table, you can determine which type it is by looking at the "comment_type" field.
Chances are (if you've turned off trackbacks), that it's comment SPAM.
What anti-SPAM measures have you run? Do you report the offending URL's to the blacklist (we don't use the blacklist and I don't know, but it might be "down"?)
You might wish to have a look [url=http://randsco.com/index.php/2005/11/18/anti_spam_script]HERE[/url] and here's a hint ... #3 is currently, the most effective of the 3 methods. Give it a whirl.
Hope this helps. :D
6 solecist May 11, 2006 02:48
I've installed the script that changes the comment script's folder name every night, I remember seeing your blog while doing the stuff. There is some IP blocking and I was keeping the blacklist uptodate.
It would be nice if someone could procure one of these scripts and run it on ourselves so that we could see what holes we need to patch up on our own servers.
But again I'm getting slammed - and I don't know what to do. I'd try the renaming bit and see if that helps.
7 stk May 11, 2006 04:51
I've replied to your post with a list of anti-spam techniques, a rough estimate of their effectiveness, links to more info or instructions and a brief look at much more effective techniques that are on the horizon.
You can see it [url=http://forums.b2evolution.net/viewtopic.php?t=7834]HERE[/url]
Hope it helps.
8 solecist May 11, 2006 17:45
I'm getting bombarded with stuff like this:
New comment on your post #136 "Christen the year with a white beginning"
http://neilcowley.com/b2/index.php/wedding/2006/01/09/p136Author: when table is circle it will percieve plane (IP:,
Email: Wilson_27b8o@chello.nl
Url: http://www.the-black-beauty.com/
Great blog. It's nice to be here! opponents will player unconditionally superb mistery becomes red table in final, beautiful is feature of industrious plane
It has legitimate URLS that are not being posted for SERPs, it has nonsense text and they are hitting single entries with 6-8 completely random nonsense comments. What in the world is this for? Do people really have so much time on their hands that they are just out to deface my comments?
9 solecist May 11, 2006 17:47
htaccess (not allow offsite comments)
Can someone test to see if my htaccess file is working correctly in that regard: http://neilcowley.com/b2/ is my base install and my HTSRV folder is currently "htsrv.IrUB3a"
10 stk May 11, 2006 18:22
I can get to [url=http://neilcowley.com/b2/htsrv.IrUB3a/comment_post.php]comment.php[/url] from a test link on my site (and I'm sure that the referrer would be randsco.com .. you can check your server logs) and it's NOT blocking it.
Really ... change the filename to something else. :|
11 stk May 11, 2006 18:42
OKAY ... I've never done this test, but the following .htaccess code should stop access to a file I specify, if the referrer isn't my own blog (randsco.com). If I put a link to a file test.php in a directory who's name is changing ... and click it from here, the referrer shouldn't be Randsco and I should get a forbidden message.
#Block remote calls to comments
RewriteCond %{HTTP_REFERER} !^http://(www\.)?randsco.com/.*$ [NC]
RewriteCond %{REQUEST_URI} .*deleteme.php$"
RewriteRule .* - [F]
Hope this helps.
EDIT: Yep works! I did the same test for you BUT was able to "get to" your file, so there must be something awry in your htaccess file. Maybe you can post the relevant part and we can get it sorted.
12 edb May 11, 2006 19:39
FWIW I used this trick for a while. It cut down on the comment spam but, in my opinion and experience, not enough to make it worth keeping. Seems the spammers have this trick of faking the referer and don't mind faking it as being the targeted domain. :(
13 stk May 11, 2006 20:20
Nobody ever reads what I write :'( [url=http://forums.b2evolution.net//viewtopic.php?t=7834] Item #1 [/url]
Yer spot on, Ed! In fact, tests have revealed that for most spam, the referrer is yer own blog (and we know they're not clicking nada).
Still ... It's a cheap tool (passive) and even if it stops a few, it's a help.
14 edb May 11, 2006 20:51
stk wrote:
Nobody ever reads what I write :'( [url=http://forums.b2evolution.net//viewtopic.php?t=7834] Item #1 [/url]
Yer spot on, Ed! In fact, tests have revealed that for most spam, the referrer is yer own blog (and we know they're not clicking nada).
Still ... It's a cheap tool (passive) and even if it stops a few, it's a help.
Hey! I read that post and was glad to see someone point out that 'they' outsmart our simple efforts. I figured it didn't hurt to re-iterate the point... Reckon I can agree that a moderately effective tool is better than nothing though. For my purposes I went with the simple turing test. Since then I've had ONE comment spam that was obviously written by someone who passed the test. They tried to write a comment that related the nature of the post to why their investment site was such a good thing. They failed. I banned them. :>
15 stk May 11, 2006 22:01
I gotta admit, I like the simplicity of the Turing test. :D
In fact, I can see it adding a lot of humor to a site, because one could have a random list of really funny questions to ask. (Of course, I'm so unhunorous that I can't think of ANY at the moment).
Kinda like a pop quiz for idjits!
16 solecist May 11, 2006 22:09
OK the comment file is renamed and I edited the HTACCESS file to read:
# Block remote calls to comments
RewriteCond %{HTTP_REFERER} !^http://(www\.)?neilcowley.com/.*$ [NC]
RewriteCond %{REQUEST_URI} .*NO_spam_CwDs.php$"
RewriteRule .* - [F]
that should help, but we'll see.
17 solecist May 12, 2006 02:26
Thanks for your comment Scott. I have a dedicated box so I just need to know how to turn the 'rewrite engine on' either from my control panel (direct admin) or from a terminal command....
I'll see if I can find it, but if not I welcome your continued help. Thanks.
18 village_idiot May 12, 2006 02:46
solecist wrote:
I have a dedicated box so I just need to know how to turn the 'rewrite engine on' either from my control panel (direct admin) or from a terminal command....
The "rewrite engine" you are speaking of is called mod_rewrite -- it's an Apache module, so if you have compiled it into Apache, its available. Its not "turned on" via a term window or command line.
More info on mod_rewrite, its usage, and whatnot is best found here:
19 solecist May 12, 2006 15:33
ok, now I've put the line turning mod rewrite on in my htaccess file, did it pick up the command.
I'll write my host about getting mod-rewrite installed.
20 solecist May 12, 2006 15:37
# Mod ReWrites
RewriteEngine on# Block remote calls to comments
RewriteCond %{HTTP_REFERER} !^http://(www\.)?neilcowley.com/.*$ [NC]
RewriteCond %{REQUEST_URI} .*NO_spam_CwDs.php$"
RewriteRule .* - [F]RewriteRule ^(.*) %{HTTP_REFERER} [R=301,L]
deny from 193.251.169.
The rest of the htaccess file is deny lines, with this configuration I can't even post comments![/b]
21 village_idiot May 12, 2006 15:48
why do you have 2 rules? Look at Scotts code then yours.. or compare to the original here:
22 solecist May 12, 2006 15:51
ok, deleting that old line fixed it - thanks
I was just trudging through all the spam reports. I published three keywords that have roughly 540 various different reports. That'd be maybe 1000 different reporters!!! AFAIK these are three domains that decided to launch an assault on b2evolution users via trackback. I've had mine turned off for the longest time, but so what: I see the damage they're doing and am reacting.
So keep updating your antispam table and it MIGHT help stem the tide!!!
Now back to your question. On your blogs--select a blog--advanced tab there should be a radio button to enable trackbacks and pingbacks. Just uncheck either or both and you should be hooked up.