The last week or so the amount of SPAM on the comments on my blog has increased dramatically. I blogged about it here:
http://www.workwhiledrunk.com/index.php/2006/09/08/damn_thee_spammers_damn_thee
I disabled the commenting temporarily while at work yesterday, using this code in _feedback.php:
$disp_comment_form = 0;
This seemed to stop it temporarily, but now its continuing again:
http://www.workwhiledrunk.com/index.php/2006/08/14/ps3_vs_wii#comments
So this leads me to beleive that the SPAM bot/script is therefore targetting the b2evo internal functionality, rather than filling in the page like a pseudo-user. That makes sense, probably the best way to automate such a thing is to send the query directly to the php, rather than using some sort of page macro. So, this leads me to the following ideas on how to stop this (or at least make it harder) in future versions of b2evo:
1. Check that the posting of a comment is coming from a page on the same blog - i.e. check the posting referrer is in the same domain as the b2evo blog installation.
2. Devise some way of obfuscating the names of the php files globally, where the installation will internally understand the ofuscation, but it will make the URL's look odd to the outside world. E.g. _{name of file}_{installation dependant key}.php such that it might be _feedback_9e78c3.php - might be useful if each file had a different key?
For now, if the spamming doesn't stop I'll re-enable commenting and live with it until I get time to upgrade to 1.8 and install a bunch of plugins to help out with this.
My area of expertise is coding for accessibility and browser compatability, and I don't code in PHP in my job so my suggestions are based on a very general level of knowledge. Plus I'm not the right person to be implementing them, but I'm trying to help fight the good fight here, as best I know how.
Good luck!
Did I post this in the wrong place?