Spammer circumventing spamwords

  • spammers seem to probe the weaknesses of wp. more than ever.
    I rely solely on the common spam words filter that’s available in wp.
    Lately I have been seeing spam which uses htmls character entity references (the ampersand sign followed by a number, followed by a semicolon) to masquerade the spam string. like that:
    phentermine
    Anyone have a clue how to combat that?
    simply inserting ampersand followed by a #-symbol followed by a number into the “Comment moderation” field doesn’t seem to work (i.e. insert the corresponding characters into the field)
    Also, the URI’s that contain the spamwords in cleartext don’t seem to be evaluated, but that may be due to my older version (1.3a2)…

Viewing 7 replies - 1 through 7 (of 7 total)

  • Which spam protection are you currently running ?
    Spammers have worked around the built-in protection, hence all the good stuff listed here:

    https://www.tamba2.org.uk/wordpress/spam

    spam karma works the best in my opinion

    Thread Starter g-dot

    (@g-dot)

    Wow that site has grown considerably since last time I visited. I used a few tricks from that site before (like TG’s hack to prevent “future spam” and some others I cannot remember right now).
    To clarify: is there a way I can put strings like &#1 into the “Comment Moderation” field?
    Currently they are getting interpreted as characters (which I dont want).
    that would suffice (for me).

    15threads

    (@15threads)

    I might be wrong, but it seems to me that spammers might have found another way to get past the spam words list/blacklist.

    Today I found a trackback spam sent by somone named “texas holdem” Initially I thought that it should have been stopped by the built-in spamwords list/ blacklist plugins but since they do not allow two words in a single blacklist entry the closest entry was texas-holdem. Hence “texas holdem” without the dash seemed to have gotten through.

    Are we looking at a loophole here?

    davidchait

    (@davidchait)

    sounds like all of our anti-spam systems (mine included) need to use something to ensure we’re not being passed HTML characters. reverse encoding is built-in with php 4.3.x I think, but otherwise you can use:

    function html2specialchars($str){
    $trans_table = array_flip(get_html_translation_table(HTML_ENTITIES));
    return strtr($str, $trans_table);
    }

    In theory, that should be safe to run on any text to then compare against spam lists, even if you then store the original text…

    -d

    ayb1

    (@ayb1)

    Spam Karma is too conservative. I’ve tried to make a comment three different times on a WP blog and Spam Karma won’t let me do it. WTF?

    Sushubh

    (@sushubh)

    SK was quite weird for me too… had to turn it off finally.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Spammer circumventing spamwords’ is closed to new replies.