Blocking Unregistered Spammers, Porn, Gambling

I’ve already developed something that requires users to regiter to enable them to comment.
See: https://www.wellardsworld.com/content/wphacks
Here’s the registered users comment hack: https://www.wellardsworld.com/content/wphacks#wp-comments.php
And here’s modified version of wp-register.php to generate random passwords to new members: https://www.wellardsworld.com/content/wphacks#wp-register.php
Hope that helps!
-Wellard

Hi Wellardsworld,
I tried your various modified WP files and they almost worked. I liked your formatting and layout visually better.
But today, the spammers bypassed the registration process and posted anyway. Then when I went to myPhpAdmin to delete their phony registrations and postings – they were not there! But their postings for more online gambling were on the Blog. Yikes! Am I losing it? Now I am wondering whose DB their junk got posted to, unless it is one of my earlier MySql Databases which should not be accessible because there are no more WP files linked to it?

Maybe a silly question but are you sure these are posts and not comments?

Good question. I checked and it was a comment that had not shown up in the database, so I read it in the Blog first. However, unlike yesterday, there was no registration to accompany that post as there was yesterday, where every online poker or Texas hokem spam had a matching registration.
Experimentally, I have changed the wp_options to in the MySql database to “No” for “users_can_register” and “use_fileupload.” I had initially turned these off in the WP Admin window, but after a crash weekend of learning about this program, have realized its flimsy Admin controls do not work at all, and that the settings do not seem to change the MySql database which only seems to be set if I make the changes manually.

@wellard1981 that looks like a good script. i wonder why the WP authors didn’t originally do this.
All pages that expect to be posted from a specific page or set of pages should always check to make sure that’s where they’re being posted from.
I think the script can be made by redirecting the spammer to the 404 page because if you show an error, the spammer knows the page exists and will try again. If you do a 404 they might not come back.

Sorry.. The above line should read “I think the script can be made BETTER by…”

HTTP_REFERER, like ip addresses, can be easily spoofed.

>> Here’s an example, add this to wp-comments-post.php directly under the first <?php tag;
Can you tell me where to find the <?php tag in the code? I cannot find it in my code.
I also got blammed by the gaming spam comments. ??
Thanks and HUGz! Jules

Just rename wp-comments-post.php.

Renaming wp-comments-post.php is not a fail-safe solution. I renamed it a couple of days ago because I have been getting so much comment spam, and it hasn’t slowed the spam down at all…

Thanks Wellard1981. I followed your instructions.
Does this mean I can now allow ‘comments’ … or is it best to just not allow comments?
I had over 50 this morning from some online gaming joint … and I’m trying to stop that.
Thanks and hugz! Jules

I got smacked this morning as well with about 100 comments in an hour. Stopped the bleeding by selecting to manually approve comments, then I inserted the code above and uploading. The spams immediately ceased allowing me to delete and get back to normal.
Thanks for the great tips guys.

So far, so good. I put the HTTP_REFERER code into place about four hours ago and haven’t received any spam since. I’m sure it’s only a matter of time until the spammers wise up to our little trick and write code to circumvent it, but until then, I will revel in not having to constantly delete this stuff!

maybe you should wait a few days before declaring victory.

i would hate to enable referrer spamming to just post comments on certain blogs.