1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Comment spam is taking my website down!

Discussion in 'Black Hat SEO' started by Nosence, Mar 12, 2013.

  1. Nosence

    Nosence Senior Member

    Joined:
    Dec 28, 2010
    Messages:
    925
    Likes Received:
    42
    I have a captcha and askismet to keep the spam monitiored but the last 2 days I have been getting hit so hard with spam it is taking my website down.

    Any ideas how to combat the spam the server is crashing every half hour. Liquid web is trying to help but its not working. This is a wordpress site.
     
    • Thanks Thanks x 1
  2. Qokaine

    Qokaine Regular Member

    Joined:
    Mar 8, 2009
    Messages:
    366
    Likes Received:
    122
    just disable comments or put them into moderation, ez peezy
     
  3. Nosence

    Nosence Senior Member

    Joined:
    Dec 28, 2010
    Messages:
    925
    Likes Received:
    42
    Is there a way to disable it for the entire site? this site has about 10,000 pages

    and my main problem is I cant get the site to stay up long enough to do anything
     
    Last edited: Mar 12, 2013
  4. everythingred

    everythingred Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 21, 2010
    Messages:
    1,871
    Likes Received:
    1,234
  5. proweb

    proweb Regular Member

    Joined:
    Feb 24, 2011
    Messages:
    291
    Likes Received:
    144
    Edit your wp-content file name (or another file name) so nothing loads but a blank screen for your entire site. Then login to WP Admin and make the changes you need including deleting the comments. When that's done, just revert to the previous file name so everything works again.

    OR

    Simply edit the PHP files yourself to remove the option to add comments. You can do this while your site is offline and then upload the changes when it's back up.
     
  6. bubbaranks

    bubbaranks Junior Member

    Joined:
    Jan 29, 2013
    Messages:
    187
    Likes Received:
    23
    Occupation:
    Living off big G
    Location:
    UK
    Take the IPs from the ones that have hit you the hardest and block them if you scrapebox harvest public proxies and add them to your ban list I found this works quite good, or you could just make users register before posting, update your spam filters I filter out all the usual crap use scrapebox again to scrape words like Viagra ete and add them to the comment blacklist
     
  7. nirose

    nirose Senior Member

    Joined:
    Oct 24, 2008
    Messages:
    984
    Likes Received:
    437
    Location:
    somake.us
    I would suggest you keep the wordpress site on maintenance mode by using a plugin

    Code:
    https://wordpress.org/extend/plugins/maintenance/
    then use this plugin to disable comments globally.
    Code:
    https://wordpress.org/extend/plugins/disable-comments/
    Also use a cache plugin like super cache or such so your site won't collapse due to too many entry processes and such.
     
  8. mrblackjack

    mrblackjack Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 6, 2011
    Messages:
    960
    Likes Received:
    553
    Occupation:
    I live alone, I work alone, I make money alone
    Location:
    G00gle LaNd
    Follow the beneath steps to secure your blog from comment Spam. As far as I'm concern, this is the only method to prevent 100% of comment spam. I use it on my blogs without having akismet at all and without blocking lists of ip's. The method was first published in my blog here: http://www.black-jack.co.il/black-jack-vs-auto-submit-bots/ (published in Hebrew)
    here, I'm gonna blue print the the shorten version of the steps:

    First, you need to understand that Wordpress has a major weak point when it comes to comments and it is the fact that the file that handles comment processing is well-know and easy to track. This problem is common to all open-source platform and it is may referred to as "Foot Prints".

    Now, you need to combine to following three steps in order to 100% secure your blog.

    1. htaccess (found in: root directory)
    paste the following code snippet in your .htaccess file:

    Code:
    RewriteEngine On
    
    # block comment spam by denying access to no-referrer requests
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.*your-domain.com* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule ^(.*)$ http://www.mattcutts.com/blog/ [R=301,L]
    
    This code snippet validates against the traffic source whether it was refereed to the "wp-comments-post.php" from your domain. The "wp-comments-post.php" is responsible on comments processing.

    2. wp-comments-post.php file Replacement (found in: root directory)
    As I said above, WP is an open-source platform hence is more vulnerable to attacks due to known Foot-Prints. The file wp-comments-post.php is one of those Foot-Prints, therefore, you should replace it.
    So, change the file name from "wp-comments-post.php" to something less obvious like "fuck-you-bots.php" and save.

    track the file: "comment-template.php" (found in: /wp-includes) and CTR-F to find the string "wp-comments-post.php". Replace it with the new less obvious file name you had created in step 2. i.e., to "fuck-you-bots.php"
    and save the file

    3. Creation of new "wp-comments-post.php" file
    Well, you should create a new empty file name named: "wp-comments-post.php" in the root directory. Why? cuz while bots blast your blog with comments spam, your website will load a 404 if the filename "wp-comments-post.php" wont be available (remember we had change its name to "fuck-you-bots.php") for each request (that's alot!). So, instead of exhausting the server with each request and returning a 800kb +- 404 page, if the filename "wp-comments-post.php" be available to the bots, but will be empty, the bandwidth transfer will be almost 0.

    4. Cookies.
    Since scrapebox or other wp commenting bots cannot handle cookies, so, you should set a unique cookie to each visitor and validate him/her against the cookie existent.
    So,

    Open your header.php file (found in your theme directory), and paste the following piece of code at the beginning of file:
    PHP:
    <?php
    if(!isset($_COOKIE['human-user'])){
            
    setcookie("human-user"$_SERVER["REMOTE_ADDR"].$_SERVER["HTTP_USER_AGENT"], ,'/');
    }
    ?>
    This piece of code set a cookie named: "human-user" to each visitor of your wp site.

    Now, open the custom comment handling file you have set in step 2, i..e. "fuck-you-bots.php" and paste at the beginning of it the following code:

    PHP:
    <?php
    if(!isset($_COOKIE['human-user']) || $_COOKIE['human-user'] != "".$_SERVER["REMOTE_ADDR"].$_SERVER["HTTP_USER_AGENT"].""){
          die();
    }
    ?>
    This code validates against the comment sender whether he/she has the unique "human-user" cookie been set previously. If he/she has it, the comment will go through; otherwise, page will die returning a blank file.

    That's it, these are the steps to create a total defense against auto-comment blasting bots.

    I suggest you back-up the files since o wp updates, the will ran over. I thought of creating a plugin to handle these steps, but don't really have the time.

    This, will defend your blog from auto-commenting bots and will prevent server exhaust on each comment request.
     
    • Thanks Thanks x 3
  9. No.RuleZ

    No.RuleZ Elite Member

    Joined:
    Jul 23, 2010
    Messages:
    1,733
    Likes Received:
    358
    use captcha on the comments or put them on approve first