Wordpress SPAM II - Anti spam measures continues

Well, that didn’t seem to have done the job, apparently the bot reads in the form before posting its message.  Which is the good news! She doesn’t blindly scan for wp titles on pages obtained through a google search (or by selecting ip ranges for that matters).

Today I’ll add in an extra dynamic form field which is inserted just before the onsubmit.  An extra input field is dynamically inserted with DOM->appendChild(), which I’ll call “wordpress_anti_spam_measure_B” . Lets see how that works!

function wordpress_anti_spam_measure_B( oFORM ) {
if (oFORM) {
oINPUT = document.createElement("INPUT");
oINPUT.setAttribute("type", "text");
oINPUT.setAttribute("name", "wordpress_anti_spam_measure_B");
return true;

May 16th, 2009 - Posted in wp anti spam | | 0 Comments

Wordpress SPAM

The StatPress statistics revealed all kind of strange script attacks (see here), now we can add spam to the list of one of those thingies. This blog is being polluted with adds promoting all kinds of medicines.. and the strange thing is.. off all places why did they had to come to me ;P

Anyway I still do not want to put up any kind of chaptas, confirm boxes or whatever. Today I’ll start a series of test which will hopefully end this spam maintaining user friendly commenting to articles, cause that´s the whole point of being here in the first place!

Lets see how smart these bots are. I’ll start by throwing in an extra hidden form field:

<input type="hidden" value="on" name="wordpress_anti_spam_measure_A"/>

August 10th, 2008 - Posted in wp anti spam | | 1 Comments

Please moderate

This blog has now been up for a good three months and today I received the first spam message. I´ve heard about the concept of spamming through forms but never cared… until today:

[Thingies] Please moderate: "Working with SabreAMF and Flex 3 using class mapping"
Author : auto insurance (IP: ,
E-mail : <a class="moz-txt-link-abbreviated" href="mailto:d90s_test902@hotmail.com">d90s_test902@hotmail.com</a>
URL    : <a class="moz-txt-link-freetext" href="http://urlser.com/?m6c0v#0">http://urlser.com/?m6c0v#0</a>
Whois  : <a class="moz-txt-link-freetext" href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=">http://ws.arin.net/cgi-bin/whois.pl?queryinput=</a>
2ykl1df-kh7u3ft-tw6q3ff2-0 <a class="moz-txt-link-freetext" href="http://urlser.com/?qbKvI#1">http://urlser.com/?qbKvI#1</a>
<a href=<a class="moz-txt-link-rfc2396E" href="http://urlser.com/?DYEVZ#2">"http://urlser.com/?DYEVZ#2"</a> rel="nofollow">insurance quotes</a>
[url=<a class="moz-txt-link-freetext" href="http://urlser.com/?m6c0v#3">http://urlser.com/?m6c0v#3</a>]auto insurance[/url]
[url]<a class="moz-txt-link-freetext" href="http://urlser.com/?3kTmj#4">http://urlser.com/?3kTmj#4</a>[/url]
[<a class="moz-txt-link-freetext" href="http://black-jack-mo.lookera.net/#5">http://black-jack-mo.lookera.net#5</a> black jack]
"cheap auto insurance":<a class="moz-txt-link-freetext" href="http://urlser.com/?nm4rK#6">http://urlser.com/?nm4rK#6</a>
[LINK <a class="moz-txt-link-freetext" href="http://online-poker-mo.lookera.net/#7">http://online-poker-mo.lookera.net#7</a>]online poker[/LINK]
[img]<a class="moz-txt-link-freetext" href="http://victor.freewebhostingpro.com/1.php">http://victor.freewebhostingpro.com/1.php</a>[/img]

Here´s my dilemma: I could throw in a chapta in order to distinguish between a spamming bot and an enthausistic reader/poster but it greatly reduces the usability. For me personally it’s exactly this reason to decline in a response ’cause I don´t like to create an account for everything.

Furthermore I strongly believe in “security through obscurity”, so let´s see what can be done here.


July 19th, 2008 - Posted in wp anti spam | | 0 Comments