jr conlin's ink stained banana

Spiff!

So looks like the comment blocking is currently operating at around 90%. This morning i noticed a few spams someone planted on the site, but they've been cleaned out. In the process i noticed that there were about fifty other spam comments that were blocked.

Quite obviously, someone was running a script and simply not noticing the fact that the comments weren't appearing, but kept pumping them through regardless.

This, naturally, got me thinking that the best way to raise the bar and block even more comment spam, particularly if it involved little effort on my part. Obviously the easiest way would be to simply change the entry point. (Sorry, web-dev slang. An "entry-point" is one of the ways that random people are supposed to talk to you. Your index page is one of them, but there are a few others as well.) For comments, that means going in and changing the posting entry point from the well known"wp_comments.php" to something less well known.

But a clever hacker is one that not only removes a problem, but leave a trap in it's place. And so that's what i did. Random spammer script kiddie will now try hitting the well known spots where i'll be tracking them. With WordPress, it's remarkably simple, and i'm guessing it's easy to do this with MT as well. It's similar to something my old Frankenblog used to do, but someone put more than a five minutes of thought doing.

(i'd also note that while this is probably fine for smaller sites like mine, it's obviously easy to counter.)

What i did was:

• copy wp-comments-popup.php to wp-new-popup.php
• copy wp-comments-post.php to wp-new-post.php
• modify wp-new-popup.php and change the action to be the new post file
• modify index.php to use: comments_popup_script(400,400,'wp-new-popup.php');
• modify wp-comments-post.php to simply set approved=0 for all posts

The worst thing you can do is give a spammer feedback on whether or not they're successful.

Well, unless you lie to them.