Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

Spammer Tar Pit

My spammer came back for another visit, so I decided to have a bit of fun. Here is my second WordPress plugin: TarPit (txt, phps).

What it does

If you have any IP numbers listed in your moderation_keys setting (that’s where you put the spam words in the Comment Moderation setting under Discussion Options), this plugin will check them against the current visitor’s IP number. If it matches, the visitor will get a delay (that’s the tar pit — it slows them down), then an “Access Denied” message. You can customize the delay time and the message of course. Advanced users can also add additional IP matches manually, should they so desire. You might want to do that in order to match against an entire IP block, for instance.

If you’re looking for a more humorous spammer deterrent, try Kitten’s Comment Pay. The main difference here is that with “Comment Pay”, the spammer still gets to post a comment. With TarPit, the spammer cannot access any page controlled by WordPress. At all.

Update: I meant to mention this before, but this works great in conjunction with Kitten’s Spam Words Plugin. Anytime you “Delete comment as spam”, the offender’s IP number will automatically be added to your moderation_keys.


Update 2, Aug 27, 2004: Bumped to version 1.1 and added a check for the case where you don’t yet have any IP numbers in your list.


Update 3, Sep 9, 2004: Bumped to version 1.2. Added option to email you when the trap is triggered (enabled by default).


Update 4, Oct 26, 2004: Bumped to version 1.3. Spammers will now get an HTTP 403 “Forbidden” status code, and the output is set to “text/plain”.

About Dougal Campbell

Dougal is a web developer, and a "Developer Emeritus" for the WordPress platform. When he's not coding PHP, Perl, CSS, JavaScript, or whatnot, he spends time with his wife, three children, a dog, and a cat in their Atlanta area home.
This entry was posted in Plugins, WordPress and tagged , , , . Bookmark the permalink.

91 Responses to Spammer Tar Pit

  1. Pingback: geek ramblings » Spammers are stupid

  2. Pingback: snapping links » managing spam floods in WP

  3. Pingback: WISWYG in Vancouver » Spam Comment

  4. Pingback: CMS Blog Community

  5. Pingback: Blogs Of The Day » popular articles on WordPress blogs

  6. Pingback: Starlit Dreams

  7. Pingback: Canned !! -- my Atropine » 2004 » September » 13

  8. Pingback: Charles on... anything that comes along » The war on blog spam: going about as well as the one on terrorism

  9. Pingback: Rage on Omnipotent » WP anti-spam

  10. Pingback: wordlog.com » Slow Down Spammer Boy!

  11. Pingback: Photo Matt » The Trouble With WordPress

  12. wantmoore says:

    Fantastic. I’m blogging about the plugin first and then going to configure and install it. So much more fun that restricting access with .htaccess!

  13. Pingback: the life of justin

  14. Pingback: Weblog Tools Collection

  15. Frank says:

    While this will surely help for a little while, you should (and probably already do) realize that IP numbers are easily spoofed and blocking whole IP number ranges is almost always disadvantageous. As Jay Allen, author of MT-Blacklist, has noted several times, attacking the _method_ of the spammer doesn’t work in the long run, because methods can easily be changed. The tar-pitting is a nice idea, but ideally it should be triggered by a MT-Blacklist type of pattern matching against the author, e-mail, url, body fields of the comment.

  16. Yes, I understand well the pitfalls of blocking by IP number. But since I was experiencing an ongoing attack, it was a valid short-term solution. I plan to reap the IP numbers out of my moderation_keys setting from time to time.

    I’m also looking into the possibility of a WP plugin which can utilize the MT Blacklist regex file in real-time (well, with some caching).

  17. fwolf says:

    Another idea would be to grab the important parts of the sourcodes of SpamAssassin and build a plugin based on them. for comparision: I get about 0.5 spam mails per month – before that: about 20 per DAY!
    - so SpamAssassins spam detection engine should be very reliable regarding this topic.

    cu, w0lf.

  18. marlyse says:

    your other plugin ‘pisoff’ works (I think) but when I install this one, my site goes white. I checked white space and there is none before/after the php tag. my index page is not in the wp folder, could this cause the problem?

  19. Charles says:

    Hmm – I’m trying to deny an entire list of IP addresses from a particularly annoying spammer that seems to be using compromised machines from one provider. Basically, I want to block 212.235.32.0 – 212.235.95.255. (So just 212.235.32. – 212.235.95.)

    So I’m looking at the $spammer_ips array, but can’t see what the regex should be for that list. Being lazy… um, programmer-style, I’m really not planning to write in the whole list going up by one IP each time (212.235.33, 212.235.34..). Hints appreciated..

  20. Charles, try this regexp:

    /^212\.235\.((3[2-9])|([4-8][0-9])|(9[0-5]))/

    That should match only the range you mentioned.

  21. marlyse says:

    installed the 1.2 version, same problem, when I activate the plugin, complete site goes white. tried it with commenting out sections, to see which section gives me the problems, site goes already white if I only have the first section (line 43 – 56) active. and I don’t see any errors there. any ideas what could cause the site to go white? (there is no space before or after the original tag, if I comment out the complete code and leave just the main tags, site is okay).

  22. John Gray says:

    Having the same problem as marlyse… when I activate the plugin, I don’t get any HTML output. My host has error reporting almost completely disabled so I’m still looking into this.

  23. I’ve already exchanged emails with Marlyse, and she has this problem with some other plugins, as well. So I think it may be something specific to certain server setups, and not necessarily something in my code. Of course, if someone spots something that indicates otherwise, please let me know!

  24. Chris Weiss says:

    I’ll second the interest in seeing a text matching version. I’ve spent the last 48 hours purging spam from someone who’s spoofing a variety of IP’s but plugging the same list of sites in the comments.

  25. Pingback: dot-totally.co.uk

  26. Wanted to let you know that I’ve finally found out what created the problem: it seems that sometimes when downloading a php file or somehow obtaining code from somebody else, unvisible characters sometimes translate not php friendly. Barely visible is the worst, the usually displayed as a dot ‘empty space’. Only when viewed as phps file, I saw that it would encode these spaces. Looking at it more closely, I found that even though these invisible chars where represented as dots, the dots where ‘fatter’ than the ‘normal’ dots. Once I cleaned that up, I also found that sometimes single quotes would transfer as ‘curly’ single quotes which also again gave problems. Replacing them all with ‘straight’ single quotes handled that. At this point I don’t remember which of the above problems I found with your file (as mentioned before, I had these ‘white site’ problems with various – but not all – plugins. Hope this makes sense and if somebody else encounters the same problem a place to look at.

  27. Pingback: geek ramblings » Spammers are still stupid

  28. Pingback: cliffrowley :: blog

  29. Jonathan says:

    Um, isn’t this a little lame though (not in terms of the awesome work you’re doing, but just in terms of how it works)? I mean, you have to blacklist the individual ip by hand. I could do that in a darn .htaccess file and be done with it. But any spammer worth their salt is just going to post from another ip. Is there no way to atomate this in the interface?

  30. Pingback: Spam, spam, spam, merveilleux spam… (Almaren)

  31. Pingback: dot-totally.co.uk

  32. Pingback: WOIFM

  33. Pingback: Wikilab » Comment spam

  34. Pingback: Kick & Scream

  35. Pingback: the life of justin » must kill spam

  36. Pingback: [rmfo-blogs.com]: About

  37. Pingback: Kitten's Project Blog » Comment Spam Thoughts

  38. Pingback: Woordenaar | over leven » Commentspam deel zoveel +1

  39. Pingback: Canned !! -- my Atropine

  40. Pingback: projektguerilla » Blog Archive » Fight Spam

  41. Pingback: Blog - Journal Thoughts » WordPress Blog: Fighting Spammers

  42. Pingback: Nico.se - blog » Blog Archive » Spam Stopgap och Kitten’s Spaminator

  43. dkaye says:

    well, i’m gonna give it a whirl – and use it in conjunction with kitten’s spamilator, and spam words. maybe someday we’ll outbeat the spammers at their own game. here’s to hoping! oh, for my own amusement, i modified the message the spammer will receive to read:

    thanks much for the hard work!

  44. Pingback: :: My Virtual Pensieve :: » Blog Archive » Oh I hate Spam….

  45. Pingback: My true site

  46. Pingback: Webbie's Webblog » Webblog Spammers

  47. Pingback: g.killingtime.net » Post-Thanksgiving ramblings

  48. Pingback: Origamifried Chicken » Stupid spammers

  49. Pingback: The Blog That Goes Ping » That’ll Teach Me To Sneer

  50. Pingback: eric's site » cowboy comment spam banning

  51. Pingback: myownworld.org » The Spaminator

  52. Pingback: Manish Lad > Blog Archive > Wordpress updates

  53. Pingback: The Linux Blog » Trackback Spam

  54. Pingback: Serenity, now! » Finally…

  55. Pingback: A Cognizant Discourse » Blog Archive » Silly Spammers

  56. Pingback: The ePiC rAmblInGs of JustIsengard » Let the Spam begin….

  57. Pingback: Standing Tall » Blog Archive » WordPress プラグイン一覧追加情報(6)

  58. Pingback: Woordenaar | Archief » Commentspam deel zoveel +1

  59. Pingback: Taking Your Camera on the Road » WordPress Blog: Fighting Spammers

  60. Pingback: Patrick's Rants

  61. Pingback: Un Cielo Provvisorio » Mnemosine

  62. Pingback: Webbie’s Webblog » Blog Archive » Powered By The WordPress

  63. Pingback: collisionbend.com -- A Cleveland Ohio Weblog by Will Kessel » Four Layers

  64. Anonymous says:

    I personally think this is a dangerous route, because IP-blocking only works for a short time. Unless you flush your IP list from time to time, you could be blocking legitimate users.

  65. Dougal says:

    Unless you flush your IP list from time to time, you could be blocking legitimate users.

    See one of my earlier comments. Also note in the plugin source code, if you enable email notification, it says this:

    PLEASE NOTE:

    Blocking by IP number is unreliable, because most IP numbers are
    assigned to internet users dynamically by their ISPs. If you have
    not recently seen abusive activity from this source, you may want
    to consider removing it from the “Comment Moderation” settings in
    the WordPress “Discussion Options” admin screen.

    See my SpamValve project for an IP-blocking option which dynamically unblocks hosts after a period of inactivity.

  66. Pingback: MakrohÃ¥rd.se » Blog Archive » lilo the sequel….

  67. miscblogger says:

    that’s too tight! can i put an hour’s delay?

  68. Pingback: Greymatters » Blog Archive » Blogging: The Nuclear Option

  69. Pingback: Interesting News Posts

  70. Pingback: Tar for Windows - Tar Links

  71. Pingback: Not an artist

  72. I disagree with the idea that blocking IP’s is bad. The reality is there are large blocks of IP’s that are truly bad. They are the source of a great deal of spam. Not only that but they are outside my reader area as in outside the country. Almost all of them are in Asia, primarily in China. I block them not just from my blog but also from all email and web site access to all of my web sites. They do not matter to me and they were creating a heavy load on my servers. Since blocking them my spam load has gone way down. Unblocking them allows more spam. Reblocking them fixes it. They’ll stay blocked.

  73. It seems that when i activate tarpit characters on my site go weird. Ive got á and é and the likes in my site and it these ones which get changed through the site. Any ideas on a fix?

  74. Pingback: WP Plugins DB » Plugin Details » TarPit

  75. dotarull says:

    kexapyp.cn;66.232.112.242;66.232.127.71;ns1.clubcolanews.com;ns2.clubcolanews.com

  76. CHAITGEAR » SmartDisk Unveils FlashTrax XT Portable Media Player+Recorder Mobile, News Jefte.net » Css-based design in 60 seconds Articles Math Jazz » The World’s Longest Web Page Code geek ramblings » Spammer Tar Pit Plugins, WordPress CHAITGEAR » Square7 Launches Olympia DualPhone Skype Handset in UK News, Gadget geeksmakemehot.com » Can Unicorn’s Fly? Personal, Geeky Fun, #wordpress

  77. Pingback: 30 Spam Fighting WordPress Plugins at WordPress Themes, Plugins, Blog Tips, Make Money Online >> WPthemesplugin.com

  78. Pingback: Barb’s Blog » Word Press Plug-Ins

  79. Eugene says:

    I agree with Frank about other information can all be used in the filtering process, because some of the universities and Libraries and other institutions share the same IP for all students and this is my case, always finding my IP to be blocked while I never entered the site before.

  80. ????? says:

    ?????? ????????. ? ??? ??? ?? ?????? ??????? ??????????????? ???????????????? :)

  81. Pingback: lilo the sequel…. | Jörgen S Öfjäll

  82. Wine of Month Club says:

    I’m amazed that you still have comments enabled given your experience, not sure I’d be so patient! Additionally this is still do-follow so congrats! In all seriousness though having repeated attacks from the same person is annoying, we had a guy in China trying to hack our real estate website for a while thinking(I guess) that we had stored some information there….little did he know that we were just using the Google database info

  83. nick aviles says:

    I happen to get a lot of spam on my blog, and it’s just so annoying.

  84. hey im rick just wanted to say nice post :) thanks a lot!

  85. Dendy says:

    Finally I found this article, thanks for sharing

  86. In conclusion I got this ebooks, ta for portioning out

  87. Pingback: Upgrading the Defenses | GFMorris.com

  88. Pingback: Plugin per Wordpress: Anti Spam & Captcha | Uni Ragazzi

  89. Pingback: SPAM Prevention with WP!! | Canned Atropine!!

Leave a Reply

%d bloggers like this: