homepage Welcome to WebmasterWorld Guest from 54.227.77.237
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

    
WP Site Getting spammed by Ruskies
Spaming wordpress site
TheGreenovator




msg:4396797
 12:22 am on Dec 12, 2011 (gmt 0)

Anyone have an idea how to prevent comment spam on a wordpress site? I continually get spammed by the Russians with everyting from wehosting to #*$! sites. I am having to block the IPs at my server. I have registration required befor someone can comment. Yet, they still access my site without registration.

 

lorax




msg:4396801
 12:32 am on Dec 12, 2011 (gmt 0)

Welcome to WebmasterWorld!
Do you have Captcha enabled?

DeeCee




msg:4396828
 1:32 am on Dec 12, 2011 (gmt 0)

As Lorax kind of pointed at. Using a good captcha plugin is likely the fastest way to cut them off.

On sites where I used that I had good experience with "SI CAPTCHA Anti-Spam" (find on Wordpress.org).

I stopped using it only because I am now catching them instead. I am working on stuffing all the blog/forum spammers into lists I can export/transform into DNSBL, or firewall or httpd level blocking. With either I can block them before they get to even bother me by running any Wordpress code. They just won't get in.

But merely installing SI CAPTCHA Anti-Spam would be a good start for you. Most spammers then never get more than a 500 code.

TheGreenovator




msg:4396875
 4:27 am on Dec 12, 2011 (gmt 0)

These knuckleheads are bipassing the registration. I have disabled registration and they still get through

tangor




msg:4396897
 6:03 am on Dec 12, 2011 (gmt 0)

That seems an indication your installation may be open. Check everything!

DeeCee




msg:4396908
 6:49 am on Dec 12, 2011 (gmt 0)

Greenovator,

Some things don't quite connect here.


Turning off registration is a separate thing.. Does not block Spam on its own.
From the patterns I watch in catching the spam bots, they still run through the "registration phase" of the bots, without detecting whether it fails or even caring. They attempt to register, and then whether that succeeds or not they come back later for the actual spam-posting attempt, which typically show up as only a two line thing in your logs. (Call base URL, call /post-comment.php)

As long as you do not see new users magically show up in your Wordpress user-list, the registration blocking is working fine. (If you wanted to enable registration, you could add the Captcha to block robots instead.)

If your registration is turned off, you then need to look at your Discussion Settings. Thats where the real crux is.

If the Wordpress option "Users must be registered and logged in to comment." is not selected under "Settings" -> "Discussion", then whether or not you have turned off registration have little meaning in relation to Spam. Without that, the "Comment author must fill out name and e-mail " is the only restriction. Whether they can just add spam, or must fill in a fictional email and name.
In HTTP protocol terms, that makes no difference at all to a robot, since it can just post all three parts, whether you "require" it or not. That option only have a meaning for a human poster, who must fill it out manually.

If you have registration turn off, and "User must be registered" turned on already, then the bots should be blocked. (And so are every other new visitor.)

Notice that if you have both these options selected, then only existing users can comment.
No new users can enter (cannot register), and no one outside your existing user-list can comment. This means that each new user would have to be manually created by you in WP Admin before they can comment on any post. Is that really what you want?

rocknbil




msg:4397108
 4:55 pm on Dec 12, 2011 (gmt 0)

Also moderate your comments, which is different than registration.

MickeyRoush




msg:4399365
 12:53 pm on Dec 19, 2011 (gmt 0)

You might be also experiencing pingback and trackback spam.

In your wordpress Admin panel go to:

Settings > Discussions

and uncheck the box for:

“Allow link notifications from other blogs (pingbacks and trackbacks)”

This will make sure that all newer posts have the pingbacks and trackbacks disabled. Remember this is only for the posts that you’ll publish going forward. The next step disables them for the past posts.


To disable or enable pingbacks for specific pages or posts, go to the post or page editor and under the post check or uncheck the box for:

“Allow trackbacks and pingbacks on this page”

under Discussion.

MickeyRoush




msg:4399371
 1:01 pm on Dec 19, 2011 (gmt 0)

For plugins you should definitely use these:

Akismet (Should come with a default install and is free if you don't use your WordPress site for money or something.)

Bad Behavior
[wordpress.org...]

Cookies for Comments
[wordpress.org...]

You could also try these:

Invisible Captcha
[wordpress.org...]

Anti-Captcha
[wordpress.org...]

Those are all transparent.

MickeyRoush




msg:4399375
 1:08 pm on Dec 19, 2011 (gmt 0)

Here is another old trick. You may have to customize it for you setup. But put this in your .htaccess file.

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?example\.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* - [F]

emotn




msg:4405802
 6:24 am on Jan 11, 2012 (gmt 0)

Here is a couple of plugins I installed recently because of a spam problem

Ban Hammer - This plugin prevents people from registering with any email you list and inks into a spam blacklist

User Spam Remover - Automatically removes spam user registrations and other old, never-used user accounts.

Can get them through the admin panel for plugins

indybail




msg:4406824
 2:46 pm on Jan 14, 2012 (gmt 0)

I'm a big fan fan of Askimet. Captcha's not so much, because users should not have to work to participate on a site.

DeeCee




msg:4406830
 4:05 pm on Jan 14, 2012 (gmt 0)

Per my earlier comment I used to use captcha. But is is often very annoying (to me too). Plus the blurring techniques many of them use is distinctly unreadable to many (color-blind, older, ...)
But I just finished my own blocker, currently the Wordpress plugin. Forum Spam is next, if there is any interest.

Now I block bad comments and trackbacks pretty cold. Plus, as new unseens show up, the API will learn (across the net) as someone "Spam" them. Intent is to let Spammers build their own walls around them. The more they try, the worse off they get.

Just finished the Wordpress plugin. Not on Wordpress.org yet, but is ready for anyone that want to test it out. More than just blocking Spammers, it has a security blocking section as well, blocking known bad actors. Info trackers, mark scanners, scrapers. By IP, agent string, ...

If someone wants to help test it out, see more on crudarrest[dot]com/about-crudarrest/

Plugin ZIP file can be downloaded from the download page.

jpch




msg:4418804
 3:18 pm on Feb 17, 2012 (gmt 0)

I've had good results with NoSpamNX Plugin:

[wordpress.org...]

rogerd




msg:4420165
 9:12 pm on Feb 21, 2012 (gmt 0)

Akismet and moderating comments minimizes spam for me. I delete a few a day from the moderation queue, takes a few seconds daily.

iamzippy




msg:4427132
 7:48 pm on Mar 9, 2012 (gmt 0)

There are some truths about WordPress comment spam that are hidden in plain sight.

Does anyone here bother to do a stats analysis on the User Agent string of the people who are spamming you?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved