OK I Give Up! – NOT!

Posted on Wednesday 14 May 2014

Okay – I think I can finally and tentatively declare Victory!

A few lessons learned from this ugly business. The biggest one was that while it was pretty obvious that most of the spammers were automatic, there were two types!

One group obviously used the comment forms on posts directly. Creating comments on random postings, but usually only one or two of them at a time ( postings that is – not  comments LOL. )

Of that first group, there were those who just opened up a comment window and dumped their garbage in – but requiring them to pass a simple Captcha code caused their attempts to fail!

The second part of that first group obviously had the processing smarts to crack a normal Captcha ( those that use numbers and letters combinations ) – possibly by brute force…

Once I installed a simple graphic puzzle ( requiring no entry of characters at all ) the high number of Spam entries dropped to a small low of 10-20 at a time!

Those last 20 were using a new way to post spam. They actually bypassed the whole Captcha challenge entirely! They did this by using WordPress ( the engine I use for my blog ) against itself – sort of.

Since they knew that the site was written in WordPress they just called a special utility within it called wp-comments-post.php which is the tool that does the posting of the comments after you have entered them into the comments field.

I’d like to thank the website code.tutsplus.com for posting their 6 ways to combat Spam Comments. Their posting was instrumental in my fixing my problem. Now to be honest – all the Spam I was getting was going directly into the spam folder, none of it ever got posted on the website, so my original tools like Akismet were working – I just didn’t want to have to wade through the tons of Spam every couple of days looking for valid comments ( which has happened in the past unfortunately. )

So I added code.tutsplus.com‘s first recommendation to cancel the wp-comments-post.php attack – which was to put some special code into my .htaccess file. It seemed to work at first, but all at once they were posting again…

What finally did the trick was a special plugin called Cookies for Comments. I know there are mixed opinions about cookies on the Internet and I am against anything that tracks you over a period of time. But these are short duration things that are added and checked almost instantaneously!  Essentially, the user will pick up a cookie from one of my pages and if he goes to post a comment, the cookie will be checked first! If it isn’t there the posting will be disallowed ( Because they are using the wp-comments-post.php tool not a page!)

I’m sure eventually, they will figure a way around this – what ever one man can construct another man can deconstruct – but for now the dam is holding.

I think WordPress themselves will soon have to address this direct access of code for spamming purposes – it’s too big a hole and needs to be fixed!

Till next time then…

Rick @ 3:48 pm
Filed under: My Time andTechie Things andWordPress
End Article


OK I Give Up!!! – Part 4!!!!

Posted on Monday 12 May 2014

Ok, comments are working now BUT 8-O

It would seem while the “normal” user could not leave any comments – the spammers have been working around the clock anyways… obviously accessing the comment files directly!  :evil:

I managed to find an older version of the file that was corrupted – which is good as some of my other tools seem broken for the moment ( my web hosting service having gone under several new companies might have something to do with this…:-?

So while I can restrict, somewhat, some of the spammers. Some seem to be getting through besides that… which means I have to do some work behind the scenes now to make obvious files become way less obvious ( I hope  :cry:  )

Having broken tools doesn’t make my life any easier either… Got to get them fixed first I think.

Wish me luck – I think I’m going to need it!  :roll:

Rick @ 3:20 pm
Filed under: My Time andWordPress
End Article


OK I Give Up!!! – Part 3!!!

Posted on Saturday 10 May 2014

Man

I’ve taken a look at my logs. “Unknown” sites are visiting a minimum of every hour to try and obviously plant SPAM on this site… I’m obviously posted on somebody’s list out there  :evil:

Add to that the fact that even after upgrading my Captcha tools – I was still getting SPAM  8-O  So there are some VERY dedicated machines or a million monkeys typing really REALLY fast to crack all the codes :cry:

So I thought I would take it to yet a higher level ( there are some really neat tools out there now that use graphics and mouse clicks to confirm you are a real person. ) Unfortunately, somewhere along the line when either Java stopped working ( or started complaining ) and the graphics were active ( but not visible ) things broke.  :-(

Both the footer and the comment field and posted comments are no longer visible   :roll:

So at this point the smart thing to do would be to just roll back to the latest backup up… where of course I discovered that I had never installed backups on my own site :oops: I did it for all the other ones but never for my own…. go figure….

So, now I have to set up my backups and eventually go back and fix what ever broke, where ever it broke…

One big advantage… Spammers can’t post either  - so I think I’ll take my time fixing this one… and maybe, just maybe, somebody will drop me off that list  ;-)

Rick @ 1:18 pm
Filed under: My Time andWordPress
End Article


OK I Give Up – Part 2!!

Posted on Friday 9 May 2014

Soooo…

I thought I had found a nice compromise on Captcha programs… You know those irritating things that you have to fill in to prove you are a person that everyone is using these days.

It was pretty simple, essentially numbers (written out in words)  put into a math problem and all one had to do is give the correct answer to post a comment.

Well it stopped some of the crap… ok actually a LOT of it  :twisted: but I was still getting anywhere from 10 to 30 SPAM comments a day. Again the filter caught it all, but I still had to wade in and make sure no innocent comments got lost ( as has happened in the past  :-(  )

So I started flailing around looking for something else today. I’m not sure if the spammer ( I’m assuming one ) was smart enough to write a script or code or just got blisters from all the typing ( I’m hoping the latter  :-D )

A lot of the stuff out there requires registration, or access to the server, or other uglies and I really didn’t want to go there… So I finally found this one… which I am NOT going to name, just in case someone out there is posting solutions to the various programs out there.  8-O

So here is hoping this one works – for a while at least… wish me luck!

Rick @ 11:39 pm
Filed under: My Time andWordPress
End Article


OK I Give Up!

Posted on Thursday 1 May 2014

:evil: To say that I am grumpy and upset right now is an understatement :evil:

I don’t want to tell you how many hundreds of  spammy crappy comments I’ve had to delete this past week. Someone out there has either listed me as an easy target or a dead site that everyone can post all their CRAPPY and I do mean CRAPPY ads for Kohl this or Versache that!

I used to have a CAPTCHA entry on my website a couple years ago, but it eventually became unsupported and it no longer seemed necessary… I only got one or two spams a month, which the other software on this site takes care of.

Well, it still takes care of the crap, marking and putting it into my SPAM folder for future deletion, but I suspect someone thinks that’s a good spot to put all their crappy links! It shouldn’t be, but maybe it is…  :-x

So I’ve instituted a new CAPTCHA utility on ALL comments (logged in or not) – hopefully it will put these robots to rest for a while.

I’ve gone with a math CAPTCHA instead of an image or word one… hopefully it works and still lets through those few who like to post (and who I do appreciate!) You’ll find it at the bottom of your comment window and you can’t post the comment until you do the math… hopefully you won’t find it too difficult  8-O

Rick @ 4:48 pm
Filed under: Techie Things andWordPress
End Article






Google
 
css.php