PoliBlog (TM): A Rough Draft of my Thoughts » Techie Help Needed + Some Comments/Trackback Spam Prevention Advice for WP Users

If anyone out there has any experience with running their own server, I need some advice on dealing with attacks on my site. The concentrated attempts by bots to spam my site have been causing the place to shutdown (i.e., to timeout). I am something of a novice at running the site (it is on a VDS) and I need some advice or some pointers as to where to learn how to deal with these problems.

I have managed to radically cut down the amount of comment and trackback spam that actually makes it to the site (even before it is harvested by Askimet or is otherwise stopped from being actually posted for public consumption).

I would recommend highly the auto-close comments plugin and especially the trick of renaming wp-trackback and tweaking the code in two WP files to fool bots into not being able to leave TB spam. The instructions comes via Peter’s Useful Crap:

1) In your base Wordpress directory, rename wp-comments-post.html to something like wp-comments-roller.html, and rename wp-trackback.html to something like wp-trackback-hockey.html.

2) Edit your WordPress files that reference these two files. For most with WordPress 2.0, this means editing one reference of wp-comments-post.html each in your theme’s comments.html and comments-popup.html files (found in the folder wp-content/themes/yourtheme/); wp-trackback.html is referenced once in comment-functions.html and twice in template-loader.html (found in the folder wp-include/).

So far it is clear that the bots seeking wp-trackback are being stymied by this move. I have had no TB spam on PoliBlog Main or any of the sideblogs since I made this change on Friday evening.

However, it still appears that the very act of the bots looking for the file were overloading my server and causing timeouts (too many 404s, I guess). I have IP blocked the offending IPs (from St. Petersburg , Russia, of all places), so I will see if that helps. However, since I can still see their attempts in the logs, I have to wonder if even when they are blocked if they can somehow slow down the system.

Of course, every time this happens, I think back to this ‘toon.

Lousy spamming b*stards.

Sphere: Related Content

4 Comments

The trackback url for this post is: http://poliblogger.com/wp-trackback.html?p=11443

NOTE: I will delete any TrackBacks that do not actually link and refer to this post.

I don’t run my own server, but I have seen many comments and noticed a substantial number of wp blogs running Dr Dave’s Spam Karma. After some backups and app maintenance I am going to try it. It is a simple wp plug-in and you may care to try it while seeking the best solution.
Cheers

Reply - Quote

Comment by Stanford Matthews — Monday, February 12, 2024 @ 7:20 pm

I used to run SK, and it is impressive, but doesn’t solve the problem I am having. The problem with SK is that it takes up huge amounts of MySQL database space over time (at least it does if you get a lot of spam).

I have handled (for now, it would seem) the spam problem but need to find a way to fend off the bots.

Comment by Dr. Steven Taylor — Tuesday, February 13, 2024 @ 7:54 am

Preventing TrackBack Spam and Bad Robots

Steven Taylor passes on some good suggestions for derailing trackback spammers.
He’s also soliciting advice for keeping pesky robots from visiting. Clearly, the robots in question have not been programmed according to Asimov’s specificat…

Trackback by Outside The Beltway | OTB — Tuesday, February 13, 2024 @ 8:28 am

Use the Trackback Validator plugin. I turned Askimet off completely, since my blog is only suffering from trackback spam, and Trackback Validator handles them perfectly. In the years I’ve been using it, it’s allowed ONE spam trackback through into the moderation queue (the spammer set up a pseudo-blog which had a legitimate link back to my blog).

Security-through-obscurity may work for a while, but eventualy one of the 10-cent-per-post humans willl find it, and will force you to change it again. And again. And again. Trackback Validator simply checks to see if the linked page legitimately comes back to you…something spammers almost never spend the time doing.

Comment by Charlie Summers — Tuesday, February 13, 2024 @ 4:30 pm

The PoliBlog Collective		Information academic site e-mail c.v. columns legal rss .92 2.0
The Collective ARCHIVES June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024	Monday, February 12, 2024 Techie Help Needed + Some Comments/Trackback Spam Prevention Advice for WP Users By Dr. Steven Taylor If anyone out there has any experience with running their own server, I need some advice on dealing with attacks on my site. The concentrated attempts by bots to spam my site have been causing the place to shutdown (i.e., to timeout). I am something of a novice at running the site (it is on a VDS) and I need some advice or some pointers as to where to learn how to deal with these problems. I have managed to radically cut down the amount of comment and trackback spam that actually makes it to the site (even before it is harvested by Askimet or is otherwise stopped from being actually posted for public consumption). I would recommend highly the auto-close comments plugin and especially the trick of renaming wp-trackback and tweaking the code in two WP files to fool bots into not being able to leave TB spam. The instructions comes via Peter’s Useful Crap: 1) In your base Wordpress directory, rename wp-comments-post.html to something like wp-comments-roller.html, and rename wp-trackback.html to something like wp-trackback-hockey.html. 2) Edit your WordPress files that reference these two files. For most with WordPress 2.0, this means editing one reference of wp-comments-post.html each in your theme’s comments.html and comments-popup.html files (found in the folder wp-content/themes/yourtheme/); wp-trackback.html is referenced once in comment-functions.html and twice in template-loader.html (found in the folder wp-include/). So far it is clear that the bots seeking wp-trackback are being stymied by this move. I have had no TB spam on PoliBlog Main or any of the sideblogs since I made this change on Friday evening. However, it still appears that the very act of the bots looking for the file were overloading my server and causing timeouts (too many 404s, I guess). I have IP blocked the offending IPs (from St. Petersburg , Russia, of all places), so I will see if that helps. However, since I can still see their attempts in the logs, I have to wonder if even when they are blocked if they can somehow slow down the system. Of course, every time this happens, I think back to this ‘toon. Lousy spamming bstards. Sphere: Related Content Previous Related Posts Site News MySql Weirdness The Ugliness that is PoliBlog Lovin’ WordPress Cool Beans Filed under: Blogging, Computer Stuff \| \| 4 Comments el pt I don’t run my own server, but I have seen many comments and noticed a substantial number of wp blogs running Dr Dave’s Spam Karma. After some backups and app maintenance I am going to try it. It is a simple wp plug-in and you may care to try it while seeking the best solution. Cheers Reply - Quote Comment by Stanford Matthews — Monday, February 12, 2024 @ 7:20 pm I used to run SK, and it is impressive, but doesn’t solve the problem I am having. The problem with SK is that it takes up huge amounts of MySQL database space over time (at least it does if you get a lot of spam). I have handled (for now, it would seem) the spam problem but need to find a way to fend off the bots. Reply - Quote Comment by Dr. Steven Taylor — Tuesday, February 13, 2024 @ 7:54 am Preventing TrackBack Spam and Bad Robots* Steven Taylor passes on some good suggestions for derailing trackback spammers. He’s also soliciting advice for keeping pesky robots from visiting. Clearly, the robots in question have not been programmed according to Asimov’s specificat… Reply - Quote Trackback by Outside The Beltway \| OTB — Tuesday, February 13, 2024 @ 8:28 am Use the Trackback Validator plugin. I turned Askimet off completely, since my blog is only suffering from trackback spam, and Trackback Validator handles them perfectly. In the years I’ve been using it, it’s allowed ONE spam trackback through into the moderation queue (the spammer set up a pseudo-blog which had a legitimate link back to my blog). Security-through-obscurity may work for a while, but eventualy one of the 10-cent-per-post humans willl find it, and will force you to change it again. And again. And again. Trackback Validator simply checks to see if the linked page legitimately comes back to you…something spammers almost never spend the time doing. Reply - Quote Comment by Charlie Summers — Tuesday, February 13, 2024 @ 4:30 pm RSS feed for comments on this post. The trackback url for this post is: http://poliblogger.com/wp-trackback.html?p=11443 *NOTE: I will delete any TrackBacks that do not actually link and refer to this post.* Sorry, the comment form is closed at this time.	Sterling Jewelry Time Clocks Food Equipment Office Machines Cash Registers Ricoh Fax Machines IBM Typewriters Copy Machines Office Supplies Office Equipment Visitors Since 2/15/03 Blogroll --- Advertisement Advertisement