Blog Comments Bot Spamming Protection – Easy Solution

by on April 21st, 2008

Just deleted 250 spam comments manually one by one. Oh! it was hell of a job alright… Finally I figured it out that I have to add some plugin to stop spamming. I have tried some but some of those did not work and some I did not like. I have tried Captcha God Father, Cryptograph, mycaptcha, simple captcha, Spam Karma and yacaptcha. One of these was not generating image; one of these was generating image but was not validating it and was always giving error of wrong code and one of these was more then 1MB size with hell of instruction. Spam Karma was accepting every comment in spite of the fact that I have checked the option of always moderate a comment and it also approved a comment with three links when I have put limit of two comments. I figured it out that I will have to search more in this regard to find some Captcha Plugin. Easy to install and with less code from WordPress Plugins directory.

One of the thing which I am noticing is that most of the comments are auto fired. I mean some kind of softwares or bots are firing rubbish comments with loads of rubbish links towards my wp-comments-post.php file which is putting these into my moderation queue.

Alright I will design my own captcha. Simple one. But for now I have a solution to cope with auto bots and spiders or nasty softwares which generate spam. Note starting <?php and ending ?> in file at your blog root named as wp-comments-post.php. This is the file which takes comments and ads it into your database. If we add some sort of check into it that only and only requests from the same domain at which your blog is will be processed further then I think we can get rid of auto mass spamming problem. Ok Follow the isntructions…

Open wp-comments-post.php in any editor. Modify it accordingly

wp comments post.php File modification
<?php
// at the beginning of the file ad these lines
if ($_SERVER['HTTP_USER_AGENT'] == "" || $_SERVER['REQUEST_METHOD'] != "POST" || strstr(strtolower($_SERVER['HTTP_REFERER']), "http://www.yourdomainname.com") == false)
{
echo "No spam please";
exit();
}
else
{
// :::: wp-comments-post.php file rest of code here ::::
// close the condition started above, here
}
?>

Be careful and try this at your own risk. Backup the file first. Try this and auto bot spamming will be blocked. I have applied it and now I can see no more auto comments from bots like with hundreds of URLs. What this code does, it checks the referrer, if the request is coming from the same domain (in case the form was posted) then it will allow the file to execute its rest of the code otherwise it will simply exit.


Share

3 Reviews

  1. Hiroshi says:

    @rommel browne: Try these:
    Flood control – Control posting flood from admin control. Implement posting limits.
    Use CAPTCHA or Textual Confirmation and e-mail confirmation during registration process
    Use Akismet – http://akismet.com
    Change technical details of the forum software to confuse bots, for example, changing “agreed=true” to “mode=agreed” in the registration page of phpBB.
    Block posts or registrations that contain certain blacklisted words.
    Disable signature in forums.
    Moderate new users. Approve them for unmoderated posting only after they’ve posted a number of posts.

  2. Hiroshi says:

    @rommel browne: You have a forum. If you had a blog then its easy. Blog has got plugins e.g. Akismet and hacks e.g. comments template modification to check and distinguish in between the genuine referrer and automatic bot. Blog also lets you block IP and certain keywords. For Forum its different. Forum has got different hacks. You can search mods and hacks for your forum to block spam. You can also block posting from bots and automatic spamming software by using above code in the file which posts the thread. By using this php code in top of the php file, it will check the correct referrer. It will check that the page has been loaded from your domain or not.

  3. rommel browne says:

    there is a bot spamming in my website forums everyday. i track his ip and he is from Korea republic. i ban his ip everyday but he have a lot of ips so don’t make much sense. its getting frustrating and i want it to stop. i email him for and kindly ask him to stop but he continue. can you help me?