Comments on: More SPAM controls

By: Marc

Marc — Mon, 14 Feb 2005 13:48:50 +0000

Wow, I don’t believe that any one of thoes rules is true…but nice tie in with poker… 8^)

By: duplicacion serigrafiado

duplicacion serigrafiado — Mon, 14 Feb 2005 10:33:17 +0000

Three rules for the spam game:

1) you can not win.
2) you can not draw.
3) you can not leave the play.

Greetings,

Antonio, from Malaga (Spain)

By: marc

marc — Wed, 22 Dec 2004 22:41:04 +0000

Cool! Glad it’s working for you.

By: Armitage

Armitage — Wed, 22 Dec 2004 22:11:06 +0000

Seems to be working. I’ve had some problems with rewrite rules and people adding or not adding the www. before. Thanks for the help, great idea :)

By: marc

marc — Wed, 22 Dec 2004 21:32:03 +0000

Sure. Right now, as it is in in the example, the rewrite rule works for all hosts. The second rewrite condition “RewriteCond %{REQUESTURI} �.*wp-comments-post.php$�” is a regular expression for any URL that contains “wp-comments-post.php”. You can narrow the focus to a particular host by specifying that in the regular expression: RewriteCond %{REQUESTURI} �.myhost.someserver.wp-comments-post.php$� would limit the rewrite to only URLs that are from myhost.someserver that contain “wp-comments-post.php”.

However, if you have seperate virtual hosts, you can simply use the above directive in the individual host’s global httpd.conf and it will affect all accesses to that host. For example, I run several vhosts on virtual0.mecworks.com, one of which is blog.mecworks.com. The directive is placed only in the blog httpd.conf file.

Does this help you out?

By: Armitage

Armitage — Wed, 22 Dec 2004 19:38:50 +0000

Is there a way to make the rule work with any subdomain and none? For example, so it’d work if the person were accessing the site from http://flatplanet.ws/ or http://www.flatplanet.ws/ or even http://something.flatplanet.ws/ ?

By: marc

marc — Fri, 12 Nov 2004 20:17:24 +0000

It should be noted that the referrer check will work until the bot writers start forging their referer headers to be the site they are connecting to. However, it's just one of many tools to help stop spammers. I have also implemented the authimage plugin which adds a strong level of human verification to the comment submission process.

By: marc

marc — Mon, 01 Nov 2004 16:14:51 +0000

No problem. Please let me know how it works. I have had no comment SPAM since I set this up but I would like to hear experiences from others too. It might also work in a .htaccess file I beleive, but I haven’t tried that yet. The referer could also be easily checked in PHP and become a default security feature of WordPress that could be enabled or disabled (dis/allowing for comments from clients that do not send a referer). Any form action scripts would have to check that a referer that is at least the server itself and could also check a list of approved referers (possibly any virtual hosts that are on the same server).

By: Mr. Dew

Mr. Dew — Mon, 01 Nov 2004 15:33:31 +0000

i used your method, i think it should work now, thanks for that :)