Blocking Unregistered Spammers, Porn, Gambling

Based on comments from another blogger I think the real person(s) to go after is company that has hired the spammers to place their links on our blogs. Any lawyers out there who’d be willing to start a class action suit on our behalf?

I had the same issue getting spam every minute in my blog so i read somewhere in the forum regarding rename the comments file. it work for me, i know it is not the way to go but it is the begining to calm the storm. it seen the spammer were linking directly to my wp-comments.php page.
Victor,
SolarPunk

Anon – because we ae better than that. Don’t stoop to their level, that just validates them. Besides, it then becomes a gang wasr that would perpetuate itself.
TG

@solar
I don’t think it will take to long before the spammer have created a script that’ll harvest your wp-comment-post-newname.php out from wp-comment.php or some other files.
Personally I don’t want to mess around with the wp-scripts. I’d propably end up breaking something. ??
– Bjarne

Well I changed my wp-comments-post.php page to check for the referer (referrer) to make sure the POST comes from wp-comments.php and haven’t had spam for 2 days.
I also unchecked Options->Discussion-> 3 checkboxes to temporarily turn off comments and notifications.
Under Options -> Writing -> Writing Options I cleared the Update Services URL (I’m assuming that spammers like to get updated, too).
So I didn’t get spam from that poker place (which is the only guy I got spammed from) for a few days so I turned everything back on (but didn’t put in the URL for Update Services yet) and am waiting….
ramansinha dot com

@tg: how would knocking their stupid site out be ‘validating’ them? surely bringing down their server would discourage them from hiring spammers again? I have yet to hear a good argument against the DoS solution.

@anonymous: I’m affraid you’ll go it alone — I for one will not be joining you.
Personally, DDoS is NOT the solution here. If the site in question is attacked, it’ll just be moved and so on. It’s kinda like what we’re doing with the WP code. We move the goalposts every so often to make it harder for them to post their spam on our sites.
You’ll find with many ISPs, kicking off a DDoS will basically get you booted from their services, and I’m sure they wouldn’t let you back on.
Sadly, spammers are here to stay, and there is NOTHING we can do about it except make it difficult for them.

so everyone who gets infected with a worm that mounts a dDoS gets kicked off their ISP?
I find that hard to believe.

I was the original poster to this thread. I tried many of the suggestions mentioned here to block Texas Hokem or “Texas Choke ’em” as I refer to him. Meanwhile, Texas Choke ’em keeps setting up 3 or 4 new web sites daily to get around the WP-Blacklist.
Early on, I turned off user registration, file uploading, etc. However, today an unregistered user posted a comment under my name as “Admin” and then complained to me about the Blog situation. It was one of my former bulletin board members, and not Texas Hokem. So this program is still very weak on security.
Throughout all this, Texas Hokem has continued posting daily, even though he is not a registered user. I tried the 2 scripts suggested by Wellardsworld, but they did not stop him. I tried changing the name of the Comments file and some of the others, but that did not stop Texas-Hokem. I installed and updated WP-Blacklist to block his various new URLs, but that did not stop him. Then I manually added various words, such as “Texas” or “Poker” into the Blacklist script, but this has not stopped Texas-Hokem!
I know some of you feel safe because you have not been spammed again, but that only means he has not been back. I recently turned off my very popular main bulletin board because it received 1,500 spams in 10 days and created thousands of open HTTP connections which caused the server company to threaten me with much higher monthly rates due to all the traffic created by “Texas Choke ’em”.
I am still experimenting to see what works and am open to your ideas. A DoS attack sounds like a good idea for “Texas Choke ’em”, but I would not do a re-direct to Google. It would make more sense to do a re-direct back to one the “Texas Choke ’em” web sites.

take a look at podz’s tackling comment spam.

@abductions:

today an unregistered user posted a comment under my name as “Admin” and then complained to me about the Blog situation. It was one of my former bulletin board members

Sadly, there’s nothing you can do about these, how to put it, arseholes! (Mod’s, please excuse the language.. it’s within context! ;)) I had one that came to my blog quite often. Fortunatly their IP address was usually in one subnet, so a slight modification to .htacces soon sorted that out.

Throughout all this, Texas Hokem has continued posting daily, even though he is not a registered user. I tried the 2 scripts suggested by Wellardsworld, but they did not stop him.

I never said my solution would be the ultimate solution, and you’ve just proved it! I later discovered that wp-comments-post.php was the file being targeted and not wp-comments.php. A few regular WP forum members put up code to help filter spammers out, including myself. So far with what has been put togeter and podz spam fighting page, we’ve managed to make it harder for spammers.

I installed and updated WP-Blacklist to block his various new URLs, but that did not stop him. Then I manually added various words, such as “Texas” or “Poker” into the Blacklist script, but this has not stopped Texas-Hokem!

WPBlacklist is once again very limited, I have it installed on my site, and it doesn’t do alot for me either. This is no ultimate solution to this problem, and there never will be, unless the developers cleverly devise a way to stop it. Can they stop it? I doubt it, because if a spammer is determined enough, they’ll get through whatever. You just have to make it as difficult as possible for them.

I know some of you feel safe because you have not been spammed again, but that only means he has not been back. I recently turned off my very popular main bulletin board because it received 1,500 spams in 10 days and created thousands of open HTTP connections which caused the server company to threaten me with much higher monthly rates due to all the traffic created by “Texas Choke ’em”. I am still experimenting to see what works and am open to your ideas.

It’s not that they haven’t tried! Boy have they tried! I would show you my apache logs, but they’ll be too big to paste here! Have you advised your hosting provider your site is being spammed? 9 times out of 10 they can help, set-up filters, etc. Who knows? it doesn’t hurt to ask them.

A DoS attack sounds like a good idea for “Texas Choke ’em”

Er, no! a DoS attack is NOT THE SOLUTION. I have a very strong oppinion when it comes to DoS. It would mean we would stoop to the spammers level, and to be quite honest, I think it would make the WP community look very bad, and not make it out to be the hero which everyone expects.
Anyway, that was my ?￡0.02p!
-Wellard.

One thing I noticed about the poker spammer, is that his email address is always some derivation of byob@y###o.com, and then the ### always appears as the first characters in his message. It was pointed out earlier that this is obviously a script, and I think this tidbit just goes to confirm that some more. He’s obviously trying to keep people from being able to block based on his email address.
I was thinking it’d be nice to be able to use some kind of regex on the moderation keywords… like y(.+?)o.com, but then I think you’d also be blocking all of the yahoo.com email addresses, and that wouldn’t be a good thing.
But another thing occurred to me. I currently have my MTA set up so that it rejects incoming mail from domain names that cannot be resolved. This might be a sure fire way to get rid of this guy. If there’s a way to get PHP to do this kind of check, then we could probably put a stop to a lot of comment spam. Of course, that wouldn’t prevent someone from just using a fake yahoo or gmail address, but it could be another layer of armor to use.

well you can write a function to get what’s between the “y” and the “o” in the email address and then compare it to the the comment text. if it matches, you could reject the comment.

Actually, there is a php function checkdnsrr() that will do this, but it does not work on Windows platforms (lucky for me, I can still use it though). The above link will take you to the php.net summary for the command, and in the comments there are several threads that post functions that can achieve the equivelant on Windows based servers.
If I have some time this weekend, I might fiddle with this idea a bit and see if I can get it to work.
Of course, I’m probably an idiot for posting this, as the poker player is probably reading this thread by now.

haaseg, check this post.