I’ve had a minor modification to my Spammer TarPit plugin in place here for a couple of weeks, but I’m just now getting around to updating it for public consumption. New in version 1.3: the plugin will now emit an HTTP 403 “Forbidden” status code, and the content-type is set to “text/plain”. There’s little hope that a spammer bot will actually recognize and respect the 403 status code, but at least it’s proper semantics on the part of the plugin.
Related posts:
- Spammer Tar Pit
" My spammer came back for another visit, so I decided to have a bit of fun. Here is my second WordPress plugin: TarPit (txt,..." - Spammers are stupid
" For the past three hours, a spammer has been attacking this site, attempting to post comment spam. Of course, none of the over 600..." - Spammers are still stupid
" I’m getting hammered by a comment spammer again. It started yesterday afternoon, and according to my logs, it’s still going on this morning. The..." - HeadMeta Update
" Prompted by some recent comments, I have made a minor update to my HeadMeta Plugin. There are now links to the color-coded PHP source,..." - Plugin: SpamForceField
" SpamForceField is my newest anti-spam plugin for WordPress. This one does a couple of interesting things: All connections via pinappleproxy are denied. Every connection’s..."
5 Comments
you might be able to clean up the regex with something like:
"/^([0-9]{1,3}\.){2}([0-9]{1,3}\.?){1,2}$"/That way, the last quad can be dropped for spammers that are working a subnet.
However, you would run the risk of blocking innocent bystanders who are in the same subnet.
The tarpit shouldn’t be considered a first line of defense in blocking spam. I find that far more of the spam targeted at my site is blocked by the normal moderation checks than by my tarpit. The tarpit is mainly useful for cases like I was seeing a week or two ago, when an automated program is sending spam after spam after spam from the same address.
I’ve seen hundreds of spams sent to moderation over the past few days, but only 4 hits have triggered the tarpit.
and if i want to ban a subnet, like 82.55.x.x-82.59.x.x how i do?
Hi there, I just downloaded and installed your plugin since I also am a target for the damn crap bots. My Q ( ignorant and stupid as it might be )is how/where do I add the ip’s I want to block? How is it supposed to look like when I add them?
Thanks for your time
/Michael
Dougal, what happened to the code for your tarpit plugin? I go to http://dougal.gunters.org/blog/2004/08/25/spammer-tar-pit, and then from thereon, to http://dougal.gunters.org/tarpit.txt|phps, but guess what, “Apologies, but we were unable to find what you were looking for. Perhaps searching will help.” …
4 Trackbacks
away (aint the blogosphere and its wonders great?) and has put my fears to rest. I’ve reenabled the plugin, and I’ll just have to stick it to the spammers. Gerrr! Thanks Dougal for your support and your wonderful plugin! Update 2: Spammer TarPit Version 1.3 has been released, which makes semantic 403 Forbidden errors. Great work, again. I don’t know if Dougal’s Spammer TarPit is just going slightly overboard on my weblog. Since the 11th of October (that
Death to All Comment Spammers
I am now trying Dougal’s Tarpit plugin to see if I can discourage the video gambling spammer who is flooding my comments.
[...] Il secondo livello è formato da una versione modificata di SpamTarPit con un meccanismo d’una astuzia letale: interroga in continuo un rpc che lista gli open proxy e se un ip che ha visitato il blog "Match" ossia combacia, lo aggiunge nella blacklist. Questo ha uno svantaggio, per un po’ si è dentro il blog, ma non dura: entro 5/10 minuti l’indirizzo ip è out, quindi è anche difficile lasciare un messaggio, dato che la gestione di essi è affidata ad un sistema a doppia validazione ed infine, il terzo livello è Spam Karma II: l’ideale presidio se per caso le prime due difese siano varcate. Quindi spiacevoli episodi a base di cassamortari e minacce non dovrebbero presentarsi. [...]
TarPit…
I don’t know if it was due to Dougal’s TarPit plugin, but the comment spammer seems to have gone away for now. He is not missed.
……