MickC
09-02-2005, 11:29 AM
I run a personal blog (http://mickc.whizardries.com/blog/) using WordPress and have seen a drastic uptick in comment, track/pingback and referer spam. The latest in my logs is for http://www./diet-pills.html.
Of course I use the rel="nofollow" attribute for comments, but the spammers just don't stop.
If that's a problem for you, here's my fix:
1) I installed Spam Karma 2 (http://unknowngenius.com/blog/wordpress/spam-karma/). SK2 does a good job at comment/trackback evaluation to keep spam down
2) I use .htaccess rules to kill the hosts pounding me completely. This part of the solution only works if you own a Linux server and can institute iptables rules. It involves two parts:
The Rules:
Here are the rules I have in place:
RewriteEngine On
# pineapple baby - comment spammer - shhhhh
RewriteCond %{HTTP:VIA} ^.+pinappleproxy
RewriteRule .* /spammer.php [L,F]
RewriteCond %{HTTP_REFERER} (holdem|poker|casino|casinos|slot-machine|blackjack|game|forever-casino|pills-home)
#RewriteRule .* %{HTTP_REFERER} [R,L]
RewriteRule .* /spammer.php [L]
Since I don't blog about poker or diet pills, the referer will never involve the list of words in the second rule. The first rule looks for a particular proxy that is commonly used by this type of spammer. I found out about it from Candygenius (http://mickc.whizardries.com/blog/archives/2005/02/24/commenttrackback-spam-problems/). At first I used that script to return a 403 - Forbidden error. Now I use:
A php script.
As you can see from the rule, I use a PHP script to handle where this stuff goes. Here are the contents of that script:
<?
error_log("Blocking ". $_SERVER["REMOTE_ADDR"]. " with referer ". $_SERVER["HTTP_REFERER"]);
system("sudo /sbin/iptables -A SPAM -s ". $_SERVER["REMOTE_ADDR"] . " -j SPAMDROP 1>&2");
header("Location: ". $_SERVER["HTTP_REFERER"]);
?>
This adds the IP address to a special iptables rule called "Spam" which directs the networking interface to drop the packets sent before they get to Apache.
I use cron to empty that rule out three times a week. Most of the machines that are connecting I figure are virus-infected and I don't want to leave them in forever in case the owners clean them up and might surf in.
I don't mind legitimate stuff, but I don't abide by this type of spam (and don't even display the last [I]n referers so the attempts to use my blog to improve page rank for those spammed sites just tends to infuriate me.
Now that you know what I do, does any one else have any tips on dealing with this scourge?
Of course I use the rel="nofollow" attribute for comments, but the spammers just don't stop.
If that's a problem for you, here's my fix:
1) I installed Spam Karma 2 (http://unknowngenius.com/blog/wordpress/spam-karma/). SK2 does a good job at comment/trackback evaluation to keep spam down
2) I use .htaccess rules to kill the hosts pounding me completely. This part of the solution only works if you own a Linux server and can institute iptables rules. It involves two parts:
The Rules:
Here are the rules I have in place:
RewriteEngine On
# pineapple baby - comment spammer - shhhhh
RewriteCond %{HTTP:VIA} ^.+pinappleproxy
RewriteRule .* /spammer.php [L,F]
RewriteCond %{HTTP_REFERER} (holdem|poker|casino|casinos|slot-machine|blackjack|game|forever-casino|pills-home)
#RewriteRule .* %{HTTP_REFERER} [R,L]
RewriteRule .* /spammer.php [L]
Since I don't blog about poker or diet pills, the referer will never involve the list of words in the second rule. The first rule looks for a particular proxy that is commonly used by this type of spammer. I found out about it from Candygenius (http://mickc.whizardries.com/blog/archives/2005/02/24/commenttrackback-spam-problems/). At first I used that script to return a 403 - Forbidden error. Now I use:
A php script.
As you can see from the rule, I use a PHP script to handle where this stuff goes. Here are the contents of that script:
<?
error_log("Blocking ". $_SERVER["REMOTE_ADDR"]. " with referer ". $_SERVER["HTTP_REFERER"]);
system("sudo /sbin/iptables -A SPAM -s ". $_SERVER["REMOTE_ADDR"] . " -j SPAMDROP 1>&2");
header("Location: ". $_SERVER["HTTP_REFERER"]);
?>
This adds the IP address to a special iptables rule called "Spam" which directs the networking interface to drop the packets sent before they get to Apache.
I use cron to empty that rule out three times a week. Most of the machines that are connecting I figure are virus-infected and I don't want to leave them in forever in case the owners clean them up and might surf in.
I don't mind legitimate stuff, but I don't abide by this type of spam (and don't even display the last [I]n referers so the attempts to use my blog to improve page rank for those spammed sites just tends to infuriate me.
Now that you know what I do, does any one else have any tips on dealing with this scourge?