My spammer came back for another visit, so I decided to have a bit of fun. Here is my second WordPress plugin: TarPit (txt, phps).
What it does
If you have any IP numbers listed in your moderation_keys setting (that’s where you put the spam words in the Comment Moderation setting under Discussion Options), this plugin will check them against the current visitor’s IP number. If it matches, the visitor will get a delay (that’s the tar pit — it slows them down), then an “Access Denied” message. You can customize the delay time and the message of course. Advanced users can also add additional IP matches manually, should they so desire. You might want to do that in order to match against an entire IP block, for instance.
If you’re looking for a more humorous spammer deterrent, try Kitten’s Comment Pay. The main difference here is that with “Comment Pay”, the spammer still gets to post a comment. With TarPit, the spammer cannot access any page controlled by WordPress. At all.
Update: I meant to mention this before, but this works great in conjunction with Kitten’s Spam Words Plugin. Anytime you “Delete comment as spam”, the offender’s IP number will automatically be added to your moderation_keys.
Update 2, Aug 27, 2004: Bumped to version 1.1 and added a check for the case where you don’t yet have any IP numbers in your list.
Update 3, Sep 9, 2004: Bumped to version 1.2. Added option to email you when the trap is triggered (enabled by default).
Update 4, Oct 26, 2004: Bumped to version 1.3. Spammers will now get an HTTP 403 “Forbidden” status code, and the output is set to “text/plain”.
26 Comments
Fantastic. I’m blogging about the plugin first and then going to configure and install it. So much more fun that restricting access with .htaccess!
While this will surely help for a little while, you should (and probably already do) realize that IP numbers are easily spoofed and blocking whole IP number ranges is almost always disadvantageous. As Jay Allen, author of MT-Blacklist, has noted several times, attacking the _method_ of the spammer doesn’t work in the long run, because methods can easily be changed. The tar-pitting is a nice idea, but ideally it should be triggered by a MT-Blacklist type of pattern matching against the author, e-mail, url, body fields of the comment.
Yes, I understand well the pitfalls of blocking by IP number. But since I was experiencing an ongoing attack, it was a valid short-term solution. I plan to reap the IP numbers out of my moderation_keys setting from time to time.
I’m also looking into the possibility of a WP plugin which can utilize the MT Blacklist regex file in real-time (well, with some caching).
Another idea would be to grab the important parts of the sourcodes of SpamAssassin and build a plugin based on them. for comparision: I get about 0.5 spam mails per month - before that: about 20 per DAY!
- so SpamAssassins spam detection engine should be very reliable regarding this topic.
cu, w0lf.
your other plugin ‘pisoff’ works (I think) but when I install this one, my site goes white. I checked white space and there is none before/after the php tag. my index page is not in the wp folder, could this cause the problem?
Hmm - I’m trying to deny an entire list of IP addresses from a particularly annoying spammer that seems to be using compromised machines from one provider. Basically, I want to block 212.235.32.0 - 212.235.95.255. (So just 212.235.32. - 212.235.95.)
So I’m looking at the $spammer_ips array, but can’t see what the regex should be for that list. Being lazy… um, programmer-style, I’m really not planning to write in the whole list going up by one IP each time (212.235.33, 212.235.34..). Hints appreciated..
Charles, try this regexp:
/^212\.235\.((3[2-9])|([4-8][0-9])|(9[0-5]))/That should match only the range you mentioned.
installed the 1.2 version, same problem, when I activate the plugin, complete site goes white. tried it with commenting out sections, to see which section gives me the problems, site goes already white if I only have the first section (line 43 - 56) active. and I don’t see any errors there. any ideas what could cause the site to go white? (there is no space before or after the original tag, if I comment out the complete code and leave just the main tags, site is okay).
Having the same problem as marlyse… when I activate the plugin, I don’t get any HTML output. My host has error reporting almost completely disabled so I’m still looking into this.
I’ve already exchanged emails with Marlyse, and she has this problem with some other plugins, as well. So I think it may be something specific to certain server setups, and not necessarily something in my code. Of course, if someone spots something that indicates otherwise, please let me know!
I’ll second the interest in seeing a text matching version. I’ve spent the last 48 hours purging spam from someone who’s spoofing a variety of IP’s but plugging the same list of sites in the comments.
Wanted to let you know that I’ve finally found out what created the problem: it seems that sometimes when downloading a php file or somehow obtaining code from somebody else, unvisible characters sometimes translate not php friendly. Barely visible is the worst, the usually displayed as a dot ‘empty space’. Only when viewed as phps file, I saw that it would encode these spaces. Looking at it more closely, I found that even though these invisible chars where represented as dots, the dots where ‘fatter’ than the ‘normal’ dots. Once I cleaned that up, I also found that sometimes single quotes would transfer as ‘curly’ single quotes which also again gave problems. Replacing them all with ’straight’ single quotes handled that. At this point I don’t remember which of the above problems I found with your file (as mentioned before, I had these ‘white site’ problems with various - but not all - plugins. Hope this makes sense and if somebody else encounters the same problem a place to look at.
Fantastic!
Um, isn’t this a little lame though (not in terms of the awesome work you’re doing, but just in terms of how it works)? I mean, you have to blacklist the individual ip by hand. I could do that in a darn .htaccess file and be done with it. But any spammer worth their salt is just going to post from another ip. Is there no way to atomate this in the interface?
well, i’m gonna give it a whirl - and use it in conjunction with kitten’s spamilator, and spam words. maybe someday we’ll outbeat the spammers at their own game. here’s to hoping! oh, for my own amusement, i modified the message the spammer will receive to read:
thanks much for the hard work!
I personally think this is a dangerous route, because IP-blocking only works for a short time. Unless you flush your IP list from time to time, you could be blocking legitimate users.
See one of my earlier comments. Also note in the plugin source code, if you enable email notification, it says this:
See my SpamValve project for an IP-blocking option which dynamically unblocks hosts after a period of inactivity.
that’s too tight! can i put an hour’s delay?
I disagree with the idea that blocking IP’s is bad. The reality is there are large blocks of IP’s that are truly bad. They are the source of a great deal of spam. Not only that but they are outside my reader area as in outside the country. Almost all of them are in Asia, primarily in China. I block them not just from my blog but also from all email and web site access to all of my web sites. They do not matter to me and they were creating a heavy load on my servers. Since blocking them my spam load has gone way down. Unblocking them allows more spam. Reblocking them fixes it. They’ll stay blocked.
It seems that when i activate tarpit characters on my site go weird. Ive got á and é and the likes in my site and it these ones which get changed through the site. Any ideas on a fix?
kexapyp.cn;66.232.112.242;66.232.127.71;ns1.clubcolanews.com;ns2.clubcolanews.com
[…] […]
CHAITGEAR » SmartDisk Unveils FlashTrax XT Portable Media Player+Recorder Mobile, News Jefte.net » Css-based design in 60 seconds Articles Math Jazz » The World’s Longest Web Page Code geek ramblings » Spammer Tar Pit Plugins, WordPress CHAITGEAR » Square7 Launches Olympia DualPhone Skype Handset in UK News, Gadget geeksmakemehot.com » Can Unicorn’s Fly? Personal, Geeky Fun, #wordpress
I agree with Frank about other information can all be used in the filtering process, because some of the universities and Libraries and other institutions share the same IP for all students and this is my case, always finding my IP to be blocked while I never entered the site before.
?????? ????????. ? ??? ??? ?? ?????? ??????? ??????????????? ????????????????
thank you
59 Trackbacks
more spam fun
This has to be a record setting blogging day for me. I think it’s my 6th or 7th post - not mention an edit to a previous post which should count as well. This is an update to that attempt at spamming…
Dougal has had a REPEAT spammer visit his blo…
geek ramblings >> Spammer Tar Pit
geek ramblings >> Spammer Tar Pit: I like to call this the “PissOff” plugin. Dougal and I were discussing this yesterday while our respective weblogs were getting flooded with comments and he has come up with a really nice solution. This one stops fl…
[...] in waves. Dougal helps you slow them down a bit, and then give them a piece of your mind. Spammer Tar Pit is a plugin that checks whether comments are from known spammer IPs in [...]
[...] ccuring what has actually happened in WordPress development in the last week: Dougal wrote a plugin to slow down spambots, literally; Alex made a new style for the styles page; K [...]
[...] floods in WP written on Aug 31, 2004 Filed under: meta-blog projects to try spammer tar pit kitten’s spam words Comments » The U [...]
[...] ecent comment flood attempt comes to mind. Dougal came up with the wonderful Spammer Tar Pit plugin to temporarily stop the floods and that plugin gave me some idea [...]
[...] my own good & look into either Kitty’s SPAM Killer Plugin or some plugins that Dougal & Markreleased lately. [...]
[...] people attempting comment spam: to kill it, I use Kitten’s Spam Words allied to the Spammer Tar Pit. Both are Wordpress plugins. And work damn well, I’d add. Unfort [...]
[...] m @ 7:28 am Two WordPress anti-comment-spam plugins: Kitten’s spam words and Spammer tar pit. Comments » The URI to [...]
[...] der against future spams. Fire the cannons, with a chest full of booty! And thanks t’ me Spammer TarPit plugin, I get th’ amusement o’ seein’ some feedback when I block th’ nex [...]
[...] spam comment。 除了以上兩個 plugin,還在Geek Ramblings這個 blog 找到個å«spammer-tar-pitçš„ plugin,這個 plugin ç”¨çš„æ–¹æ³•æ›´åˆ©å®³ï¼Œç•¶å®ƒç™¼ç¾ comment [...]
s
Comments were spammed again, so I’ll go about installing Dougal’s Spam Tar Pit.
Comments
The URI to TrackBack this entry i [...]
rning. The spams are coming from several different IP numbers (which all now blocked by my Spammer TarPit plugin), and the hosts appear to be different types. All of them appear [...]
Spammage = popularity?
Well, I got my first blog comment spam. I guess that means someone somewhere is reading this, which is kinda cool I guess. I’ve found a few WordPress plugins and patches that will prevent the spam which I’ll add at some point in the next few days -…
commentaires (11, dont un seul a été placé en modération) Vu notre emploi des plugins Spammer Tar Pit, Kitten’s Spam Words et Three Strikes Spam, il a du soumettre ses [...]
October, 2004; evening time - No Comments
I don’t know if Dougal’s Spammer TarPit is just going slightly overboard on my weblog. Since the 11th of October [...]
Tarpit and Comment-Pay Plug-Ins
Doug Campbell’s Spammer Tar Pit and Kitten’s Comment-Pay are cute ideas. Possibly impractical, but cute. Both are for WordPress but…
qui il comment spam. Stamattina ne ho cancellati 4. Abilitati Kitten’s Spam Words e Spammer Tar Pit.
Commenti
»
La U [...]
Three Strikes TarPit
I was hit by a wave of spam today. On Raena’s recommendation, I had Kitten’s Spam Words running, so the spam wasn’t visible on the blog, but I still had to log in and delete it all from the moderation queue.
Pain in the arse.
So I went looking…
hose that don’t pass the blacklisting rules. The final piece of this puzzle would be Dougal’s Spammer Tar Pit to immediately block access to all WordPress powered PHP [...]
Stemming the Tide of Comment Spam With a Tar Pit
Many [rmfo-blogs] users have had their Weblogs indexed enough by Google to now be suffering from comment spam. What follows is an tutorial for an advanced technique for stemming the flow of comment spam; this involves installing a WordPress plugin and…
to compare some of the other spam plugins out there, so in no particular order here goes. Spammer Tar Pit This is one of those ideas that I wish I had had. The concept is to tie [...]
ijn bescheiden mening veel interessanter, is Kitten’s Spaminator, een combinatie van Tar pit en Three Strikes. De laatste gebruikte ik al in de tweetrapsraket, en dat werkt [...]
SPAM Prevention with WP!!
Are you being spammed? Do you use WP? If the answer is YES, then you MUST read this…..
Spam
Kitten’s Spaminator vereint die Funktionen der beiden Anti-Spam-PlugIns Tar Pit und Three Strikes Spam Prevention
This entry was [...]
-Spammer for WordPress Blogs Spammer Tar Pit Anti-Spammer for WordPress Blogs Blac [...]
om kombinerar det bästa från ‘Three Strikes Spam Prevention Plugin‘ och ‘Spammer Tar Pit‘. Det låter kanske onödigt att ha flera olika typer av antispam- [...]
hate it. So, to save my precious time and effort I have installed a new plugin called the Spammer Tar Pit¬. Technically, it gives the spammer a slow down thereby giving them [...]
enti di utenti o amici, ecco che allora entra in gioco un simpatico plugin per WordPress: Tarpit qui potrete trovare il Link [...]
217;ve switched off the comments. Thanks to a couple of Wordpress plugin’s: » Tar Pit » Kitten’s Spam Words I am able to control them, but I’m stil [...]
the Caymans that want to use my site to advertise without paying for it. Check these out: Spammer Tar Pit lets you blacklist IPs Kitten’s Friendly Comments allows you to m [...]
as the spammer, but I’m not concerned about it: my understanding is that my plugin (Tarpit) will only block comments from the listed IP addresses, not actual access to the [...]
for moderation, so they never appeared on the site, but what a drag. I just installed the spammer tarpit plugin to waste their time. Now when an IP I’ve moderated tries t [...]
ten’s spam words, (which dynamically updates a blacklist of words, URIs and IPs) and tar pit. someone on the #wordpress IRC recommended spam karma, which i will try if this [...]
nator. My main interest lies in the fact that it combines the best of the other plugins (Tar Pit and [...]
ouple of plugins to combat against comment spam: Kitten’s Spam Words Plugin, and the Spammer Tar Pit. So I am going to disable the comment moderation and trial these two to [...]
ated some of my custom-written filters and added them to the trackback.php file) and using Spammer Tar Pit, which is explained on the page as so: [b]What it does[/b] [b]If you [...]
[...] oad NOW price of $89.99. A sweet deal! I have more spam in my trash folder. Thank god for Spammer Tar Pit! But that means someone has made it past my .htaccess f [...]
[...] es long to make their move…that was then, this is now: Kitten’s Spaminator and Spammer Tar Pit to the rescue. This entry was posted [...]
[...] to combat it. Some of the ones I will be reviewing for possible use will be: AuthImage Spammer Tarpit WP Blacklist Spam Karma WP-Hashcash dns-anti-spam TrencaSpammers
[...]
[...] —¥ä»˜ã‘ã«é–¢ä¿‚ãªãèªè€…ã«ï¼‘ページ目ã‹ã‚‰èªã¾ã›ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ スパマー・ターピット (Spammer TarPit)訪å•è€…ã® IP ナンãƒãƒ¼ãŒ moderati [...]
RSS 2.0 Valid XHTML [IMG Get Firefox!] Powered by WordPress Plugins Kitten’s Spam Words Spammer Tar Pit Update Linkroll WP Grins View Level Cats Show/Hide More
[...] ijn bescheiden mening veel interessanter, is Kitten’s Spaminator, een combinatie van Tar pit en Three Strikes. De laatste gebruikte ik al in de tweetrapsraket, en dat werkt [...]
[...] -Spammer for WordPress Blogs Spammer Tar Pit Anti-Spammer for WordPress Blogs Blac [...]
Weekend the best time for trackback spam
As the weekend draws to a close, I can look at my inbox and see 20+ attempts to spam using trackbacks. During the week the spam is at a much lower level, apparently spammers think/know that bloggers don’t check their blogs as much over the weekend and…
[...] del blog. Un applauso anche allo staff di TopHost, che ha preso a cuore i miei problemi di utenze non gradite e stan [...]
[...] r can choose the look of the blog that they like), an image management and a very powerful spam killer. (The only downfall of doing a blog is that spambots find the blogs and lay [...]
Seems there’s another comment here that didn’t get raped by TarPit . Hey, here’s an idea — instead of spending all your free time wallowing in self pitty and angst (by “free†I mean when you aren’t self loathing and playing the poor pitiful victim of a cruel uncompassionate world), maybe you should consider
CHAITGEAR » SmartDisk Unveils FlashTrax XT Portable Media Player+Recorder Mobile, News Jefte.net » Css-based design in 60 seconds Articles Math Jazz » The World’s Longest Web Page Code geek ramblings » Spammer Tar Pit Plugins, WordPress CHAITGEAR » Square7 Launches Olympia DualPhone Skype Handset in UK News, Gadget geeksmakemehot.com » Can Unicorn’s Fly? Personal, Geeky Fun, #wordpress
[...] f comment spam I receive; I now have four layers to my comment spam defense. The first is Tar Pit, a lovely little device that slows spammers down and eventually bans them from [...]
[...] Jag har även installerat Kitten’s Spam Words . Med den och TarPit sÃ¥ skall jag inte fÃ¥ sÃ¥ mycket spam pÃ¥ denna och andra sidor pÃ¥ denna server… [...]
[...] I know this is bad netizen-y behavior, but I just blocked several IP addresses from posting on this site. I’ve been getting hit with 30-50 spams every time I post, and since I’m working off of an anonymous wireless connection coming from somewhere in my parents’ neighborhood, I don’t have time for social niceties. I’m thinking about installing Spammer Tar Pit or some other anti-comment spam plug-in, but it will have to wait until I don’t have to depend on my computer being in juuuust the right position in order to be connected. [...]
[...] [...]
[...] geek ramblings » Spammer Tar Pit Dougal came up with the wonderful Spammer Tar Pit plugin to temporarily stop … 除了以上兩個 plugin,還在Geek Ramblings這個 blog 找到個叫spammer-tar-pit的 … [...]
Spammers Tarpit…
Spammers tarpit has been posted. It’s a plugin that’s supposed to ask spammers to go away. Not an ideal solution as far as I can say. I’d prefer just increasing the delay, first a minute, then a minute and a half, until they go away. …
[...] Visit [...]
[...] Visit & Download [...]
[...] I already had in my old version of Word Press, but definately worth a mention here, is the “TarPit” plug in for trackback [...]
[...] har även installerat Kitten’s Spam Words . Med den och TarPit så skall jag inte få så mycket spam på denna och andra sidor på denna [...]