My spammer came back for another visit, so I decided to have a bit of fun. Here is my second WordPress plugin: TarPit (txt, phps).
What it does
If you have any IP numbers listed in your moderation_keys setting (that’s where you put the spam words in the Comment Moderation setting under Discussion Options), this plugin will check them against the current visitor’s IP number. If it matches, the visitor will get a delay (that’s the tar pit — it slows them down), then an “Access Denied” message. You can customize the delay time and the message of course. Advanced users can also add additional IP matches manually, should they so desire. You might want to do that in order to match against an entire IP block, for instance.
If you’re looking for a more humorous spammer deterrent, try Kitten’s Comment Pay. The main difference here is that with “Comment Pay”, the spammer still gets to post a comment. With TarPit, the spammer cannot access any page controlled by WordPress. At all.
Update: I meant to mention this before, but this works great in conjunction with Kitten’s Spam Words Plugin. Anytime you “Delete comment as spam”, the offender’s IP number will automatically be added to your moderation_keys.
Update 2, Aug 27, 2004: Bumped to version 1.1 and added a check for the case where you don’t yet have any IP numbers in your list.
Update 3, Sep 9, 2004: Bumped to version 1.2. Added option to email you when the trap is triggered (enabled by default).
Update 4, Oct 26, 2004: Bumped to version 1.3. Spammers will now get an HTTP 403 “Forbidden” status code, and the output is set to “text/plain”.
Pingback: wordlog.com » Slow Down Spammer Boy!
Pingback: Photo Matt » The Trouble With WordPress
Pingback: snapping links » managing spam floods in WP
Pingback: CMS Blog Community
Pingback: Canned !! -- my Atropine » 2004 » September » 13
Pingback: Charles on... anything that comes along » The war on blog spam: going about as well as the one on terrorism
Pingback: Rage on Omnipotent » WP anti-spam
Pingback: geek ramblings » Spammers are stupid
Pingback: WISWYG in Vancouver » Spam Comment
Pingback: Blogs Of The Day » popular articles on WordPress blogs
Pingback: Starlit Dreams
Fantastic. I’m blogging about the plugin first and then going to configure and install it. So much more fun that restricting access with .htaccess!
Pingback: the life of justin
Pingback: Weblog Tools Collection
While this will surely help for a little while, you should (and probably already do) realize that IP numbers are easily spoofed and blocking whole IP number ranges is almost always disadvantageous. As Jay Allen, author of MT-Blacklist, has noted several times, attacking the _method_ of the spammer doesn’t work in the long run, because methods can easily be changed. The tar-pitting is a nice idea, but ideally it should be triggered by a MT-Blacklist type of pattern matching against the author, e-mail, url, body fields of the comment.
Yes, I understand well the pitfalls of blocking by IP number. But since I was experiencing an ongoing attack, it was a valid short-term solution. I plan to reap the IP numbers out of my moderation_keys setting from time to time.
I’m also looking into the possibility of a WP plugin which can utilize the MT Blacklist regex file in real-time (well, with some caching).
Another idea would be to grab the important parts of the sourcodes of SpamAssassin and build a plugin based on them. for comparision: I get about 0.5 spam mails per month – before that: about 20 per DAY!
– so SpamAssassins spam detection engine should be very reliable regarding this topic.
cu, w0lf.
your other plugin ‘pisoff’ works (I think) but when I install this one, my site goes white. I checked white space and there is none before/after the php tag. my index page is not in the wp folder, could this cause the problem?
Hmm – I’m trying to deny an entire list of IP addresses from a particularly annoying spammer that seems to be using compromised machines from one provider. Basically, I want to block 212.235.32.0 – 212.235.95.255. (So just 212.235.32. – 212.235.95.)
So I’m looking at the $spammer_ips array, but can’t see what the regex should be for that list. Being lazy… um, programmer-style, I’m really not planning to write in the whole list going up by one IP each time (212.235.33, 212.235.34..). Hints appreciated..
Charles, try this regexp:
/^212\.235\.((3[2-9])|([4-8][0-9])|(9[0-5]))/That should match only the range you mentioned.
installed the 1.2 version, same problem, when I activate the plugin, complete site goes white. tried it with commenting out sections, to see which section gives me the problems, site goes already white if I only have the first section (line 43 – 56) active. and I don’t see any errors there. any ideas what could cause the site to go white? (there is no space before or after the original tag, if I comment out the complete code and leave just the main tags, site is okay).
Having the same problem as marlyse… when I activate the plugin, I don’t get any HTML output. My host has error reporting almost completely disabled so I’m still looking into this.
I’ve already exchanged emails with Marlyse, and she has this problem with some other plugins, as well. So I think it may be something specific to certain server setups, and not necessarily something in my code. Of course, if someone spots something that indicates otherwise, please let me know!
I’ll second the interest in seeing a text matching version. I’ve spent the last 48 hours purging spam from someone who’s spoofing a variety of IP’s but plugging the same list of sites in the comments.
Pingback: dot-totally.co.uk
Wanted to let you know that I’ve finally found out what created the problem: it seems that sometimes when downloading a php file or somehow obtaining code from somebody else, unvisible characters sometimes translate not php friendly. Barely visible is the worst, the usually displayed as a dot ’empty space’. Only when viewed as phps file, I saw that it would encode these spaces. Looking at it more closely, I found that even though these invisible chars where represented as dots, the dots where ‘fatter’ than the ‘normal’ dots. Once I cleaned that up, I also found that sometimes single quotes would transfer as ‘curly’ single quotes which also again gave problems. Replacing them all with ‘straight’ single quotes handled that. At this point I don’t remember which of the above problems I found with your file (as mentioned before, I had these ‘white site’ problems with various – but not all – plugins. Hope this makes sense and if somebody else encounters the same problem a place to look at.
Pingback: geek ramblings » Spammers are still stupid
Pingback: cliffrowley :: blog
Fantastic!
Um, isn’t this a little lame though (not in terms of the awesome work you’re doing, but just in terms of how it works)? I mean, you have to blacklist the individual ip by hand. I could do that in a darn .htaccess file and be done with it. But any spammer worth their salt is just going to post from another ip. Is there no way to atomate this in the interface?
Pingback: Spam, spam, spam, merveilleux spam… (Almaren)
Pingback: dot-totally.co.uk
Pingback: WOIFM
Pingback: Wikilab » Comment spam
Pingback: Kick & Scream
Pingback: the life of justin » must kill spam
Pingback: [rmfo-blogs.com]: About
Pingback: Kitten's Project Blog » Comment Spam Thoughts
Pingback: Woordenaar | over leven » Commentspam deel zoveel +1
Pingback: Canned !! -- my Atropine
Pingback: projektguerilla » Blog Archive » Fight Spam
Pingback: Blog - Journal Thoughts » WordPress Blog: Fighting Spammers
Pingback: Nico.se - blog » Blog Archive » Spam Stopgap och Kitten’s Spaminator
well, i’m gonna give it a whirl – and use it in conjunction with kitten’s spamilator, and spam words. maybe someday we’ll outbeat the spammers at their own game. here’s to hoping! oh, for my own amusement, i modified the message the spammer will receive to read:
thanks much for the hard work!
Pingback: :: My Virtual Pensieve :: » Blog Archive » Oh I hate Spam….
Pingback: My true site
Pingback: Webbie's Webblog » Webblog Spammers
Pingback: g.killingtime.net » Post-Thanksgiving ramblings
Pingback: Origamifried Chicken » Stupid spammers
Pingback: The Blog That Goes Ping » That’ll Teach Me To Sneer
Pingback: eric's site » cowboy comment spam banning
Pingback: myownworld.org » The Spaminator
Pingback: Manish Lad > Blog Archive > Wordpress updates
Pingback: The Linux Blog » Trackback Spam
Pingback: Serenity, now! » Finally…
Pingback: A Cognizant Discourse » Blog Archive » Silly Spammers
Pingback: The ePiC rAmblInGs of JustIsengard » Let the Spam begin….
Pingback: Standing Tall » Blog Archive » WordPress ãƒ—ãƒ©ã‚°ã‚¤ãƒ³ä¸€è¦§è¿½åŠ æƒ…å ±ï¼ˆï¼–ï¼‰
Pingback: Woordenaar | Archief » Commentspam deel zoveel +1
Pingback: Taking Your Camera on the Road » WordPress Blog: Fighting Spammers
Pingback: Patrick's Rants
Pingback: Un Cielo Provvisorio » Mnemosine
Pingback: Webbie’s Webblog » Blog Archive » Powered By The WordPress
Pingback: collisionbend.com -- A Cleveland Ohio Weblog by Will Kessel » Four Layers
I personally think this is a dangerous route, because IP-blocking only works for a short time. Unless you flush your IP list from time to time, you could be blocking legitimate users.
See one of my earlier comments. Also note in the plugin source code, if you enable email notification, it says this:
See my SpamValve project for an IP-blocking option which dynamically unblocks hosts after a period of inactivity.
Pingback: MakrohÃ¥rd.se » Blog Archive » lilo the sequel….
that’s too tight! can i put an hour’s delay?
Pingback: Greymatters » Blog Archive » Blogging: The Nuclear Option
Pingback: Interesting News Posts
Pingback: Tar for Windows - Tar Links
Pingback: Not an artist
I disagree with the idea that blocking IP’s is bad. The reality is there are large blocks of IP’s that are truly bad. They are the source of a great deal of spam. Not only that but they are outside my reader area as in outside the country. Almost all of them are in Asia, primarily in China. I block them not just from my blog but also from all email and web site access to all of my web sites. They do not matter to me and they were creating a heavy load on my servers. Since blocking them my spam load has gone way down. Unblocking them allows more spam. Reblocking them fixes it. They’ll stay blocked.
It seems that when i activate tarpit characters on my site go weird. Ive got á and é and the likes in my site and it these ones which get changed through the site. Any ideas on a fix?
Pingback: WP Plugins DB » Plugin Details » TarPit
kexapyp.cn;66.232.112.242;66.232.127.71;ns1.clubcolanews.com;ns2.clubcolanews.com
[…] […]
CHAITGEAR » SmartDisk Unveils FlashTrax XT Portable Media Player+Recorder Mobile, News Jefte.net » Css-based design in 60 seconds Articles Math Jazz » The World’s Longest Web Page Code geek ramblings » Spammer Tar Pit Plugins, WordPress CHAITGEAR » Square7 Launches Olympia DualPhone Skype Handset in UK News, Gadget geeksmakemehot.com » Can Unicorn’s Fly? Personal, Geeky Fun, #wordpress
Pingback: 30 Spam Fighting WordPress Plugins at WordPress Themes, Plugins, Blog Tips, Make Money Online >> WPthemesplugin.com
Pingback: Barb’s Blog » Word Press Plug-Ins
I agree with Frank about other information can all be used in the filtering process, because some of the universities and Libraries and other institutions share the same IP for all students and this is my case, always finding my IP to be blocked while I never entered the site before.
?????? ????????. ? ??? ??? ?? ?????? ??????? ??????????????? ????????????????
Pingback: lilo the sequel…. | Jörgen S Öfjäll
I’m amazed that you still have comments enabled given your experience, not sure I’d be so patient! Additionally this is still do-follow so congrats! In all seriousness though having repeated attacks from the same person is annoying, we had a guy in China trying to hack our real estate website for a while thinking(I guess) that we had stored some information there….little did he know that we were just using the Google database info
I happen to get a lot of spam on my blog, and it’s just so annoying.
hey im rick just wanted to say nice post
thanks a lot!
Finally I found this article, thanks for sharing
In conclusion I got this ebooks, ta for portioning out
Pingback: Upgrading the Defenses | GFMorris.com
Pingback: Plugin per Wordpress: Anti Spam & Captcha | Uni Ragazzi
Pingback: SPAM Prevention with WP!! | Canned Atropine!!
Pingback: Comment Spam: 46+ Free Tools & Resources to Stop Blog Spammers