2006
10.13

spambot.jpg

Are Spam Bots killing your blog? Here is how to fight back.

I for one do not welcome out robot overlords. They either try to get me to stop smoking now! Or buy some Viagra. Not very interesting for someone with a brain the size of a planet. Lately these little buggers have been creeping onto my blog. I decided to use my human brain to defeat the metal menace, here is how it is done.

First, know your enemy.

The bots putting the spam on your site are probably scripts that have been written by one person, and are then being downloaded and used by another less smart person. That second person is as smart as the script they are using. We can really use that. The script kiddie is running the numbers to hit as many sites as possible. If he has a script that is designed to work with wordpress, and you are running wordpress, then your site gets hit. It gets hit because your wordpress site looks and acts just like every other wordpress site when it comes to submitting comments. If you changed your site just enough to make it not interact correctly with the bots, but still work with the users, you have won.

Prepare for battle

The bots do not see a web page the same way you do. The only thing they are interested in is posting their spam to your blog. If you change the way the post is handled via the code, you close door to the bot but not the user.

Here is the forum code from the comments section of wordpress code, comments.php line 80:

input type=”text” name =”author” value=”‘

The key element here is the name of the input field you are transmitting. I would say add a few characters to the end of the name, and personalize it, then the bot will not be able to use those fields as default values.

For example : input type=”text” name=”author” />

becomes : input type=”text” name=”theguywhowrote”

Change each of these fields to personalize, then also change this code in wp-comments-post.php

$comment_author = trim($_POST[” id=”author” name=”author” />

You get the idea. By adjusting the values you are making the code your own, and making it harder for somebody to automate the process. Try adjusting the size of the comment fields, and the text before the fields. Also, change the order in which you enter the data, like email first. This will work not only in wordpress, but every automated posting environment. If you have bots, change the code and make it yours.

Its ON!

I made these changes and saw my spam die within the day. I still receive an occasional spam, but I think it was entered from meat space, and was not automated. They have enslaved the humans to do their dirty work. I don’t know how to prevent that, unless it to is a script that just makes it easier for a human to enter the code in. Like those visual verification code generators that pass vvc challenges to humans for verification. I am not kidding, vvc sweat shops.

If you have some of these auto posting bot scripts I would love to see them. I am sure we can devise some more ingenious ways of defeating this troublesome menace. That’s one for the humans.

Comments are welcome,

Doug

1 comment so far

Add Your Comment
  1. I have some htaccessrules for that. Have a look at this post. :)