We've been getting hit by this as well, at the rate of approximately 100 per hour. The only commonality is that the author email address are all randomJunk@mail.com.

Does anyone know of a way to block comments based on author's email address being *@mail.com?

Yeah, I've been hit by them too. Got over 100 spams last night. Deleted all of them manually :(

This is the exact problem I am having. I thought it might be another webmaster trying to get me to block google.com locally. Goodby comments!

I'm also getting hit with massive numbers of these things. For the ones where they enter a URL of google.com, it's easy to delete them as a group using the anti-spam tool (but I have to make sure not to blacklist google as a referrer). But for the random URLs, it's much harder.

So, to repeat someone else's question, is there a way to blacklist comments which put mail.com in the email field?

And then, I have another question/suggestion: Could someone provide code (which I presume would be fairly easy to write for someone good at such things) to add a "delete" link next to the "edit" link when displaying the list of most recent comments? At least if I could just go down the page hitting delete, that would make this process faster.

Thanks!
ross
www.rossputin.com

I had one other idea....how hard would it be to automate closing comments after a posting is more than X days old?

I too got a lot of what I call grafitti spam, since it seems designed to do nothing else but deface the comments on a blog.

After deleting a hundred or so yesterday, I just got done deleting another hundred or so this morning. But first, I did a WHOIS on a most of them:

58.224.0.0 - 58.239.255.255 // Hanaro Telecom, Inc., Korea
59.0.0.0 - 59.31.255.255 // Korea Telecom
61.78.0.0 - 61.85.255.255 // Korea Telecom
61.96.0.0 - 61.111.255.255 // Korea Network Information Center
124.48.0.0 - 124.63.255.255 // Powercomm, Korea
220.116.0.0 - 220.127.255.255 // Korea Telcom
218.232.0.0 - 218.233.255.255 // Hanaro Telecom Co, Korea

61.129.102.0 - 61.129.102.255 // Shanghai Global Network Co., Ltd.
61.189.128.0 - 61.189.255.255 // Chinanet Guizhou province network
61.238.244.84 - 61.238.244.87 // Sinotech Resources Ltd - Nan Fung Ctr, China
219.223.122.0 - 219.223.123.255 // China

Looks like it may be time to find Whoo's post about using .htaccess to block IP blocks.

I know of no way to screen/block comments by email addy. It shouldn't be too hard, but so what: it shouldn't be too hard to have a million dollars and a pair of hot blonds...

Closing comments after X amount of time has been done. [url=http://forums.b2evolution.net/viewtopic.php?t=4906]See This Thread[/url] for a link to my blog post about it and some feedback and such about it.

IP blocking might be the most effective method, but that's outside the scope of b2evolution EVEN THOUGH it will help b2evo users. I personally use a utility my host provides, so I know nothing of writing it on my own.

I wonder if y'all are seeing this crap on a particular post in your blog. If so simply close comments on that post and be happy. I know when I get assaulted by referer spam it focuses on one post. I've no idea why they like that post, but the spammers that feel the need to hit me 100 times in one night *always* use the same post.

@EdB
the spam is aimed at old posts but not a single old post
Mine ranged across 4 or 5 posts which I closed but to no effect. They just found another old post.

This is a new method, designed to screw the effectiveness of blacklists and is a concerted flood.

I can't be bothered deleting 100's a day and it's pointless to blacklist them.

I'll restore my comments tomorrow and see what happens, but I'm pretty sure they will just scream through the open door again.

EdB, to answer your question

I wonder if y'all are seeing this crap on a particular post in your blog.

Unfortunately, as this attack progressed, that wasn't the case. We received approximately 100 of these spams per hour, across all four of our public blogs, and their associated linkblogs, where we had forgotten to disable comments, and against a wide variety of posts, not just three or four, including our newest posts. It did die down early Monday morning.

To answer your other question

It shouldn't be too hard, but so what: it shouldn't be too hard to have a million dollars and a pair of hot blonds...

I hear that getting the million isn't tough at all, but... A million isn't enough any more. ;)

JosephDP wrote:

We've been getting hit by this as well, at the rate of approximately 100 per hour. The only commonality is that the author email address are all randomJunk@mail.com.

Does anyone know of a way to block comments based on author's email address being *@mail.com?

htsrv/comment_post.php :-

<?php
if(strpos( $_POST, '@mail.com') )
	exit; // why waste resources?
/**
 * This file posts a comment!
 *
 * b2evolution - {@link http://b2evolution.net/}
 * Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
 * @copyright (c)2003-2005 by Francois PLANQUE - {@link http://fplanque.net/}
 *
 * @package htsrv
 */

¥

Thank You, ¥, we'll check it out.

EdB asked:

I wonder if y'all are seeing this crap on a particular post in your blog.

Mine was across the board. 10-12-16 different topics on four blogs, some new and some topics a few months old.

¥åßßå wrote:

JosephDP wrote:

We've been getting hit by this as well, at the rate of approximately 100 per hour. The only commonality is that the author email address are all randomJunk@mail.com.

Does anyone know of a way to block comments based on author's email address being *@mail.com?

htsrv/comment_post.php :-

<?php
if(strpos( $_POST, '@mail.com') )
	exit; // why waste resources?
/**
 * This file posts a comment!
 *
 * b2evolution - {@link http://b2evolution.net/}
 * Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
 * @copyright (c)2003-2005 by Francois PLANQUE - {@link http://fplanque.net/}
 *
 * @package htsrv
 */

¥

It didn't work for me, I suppose...

Change it to $_POST['email'] and it should work

¥

¥åßßå wrote:

Change it to $_POST['email'] and it should work

¥

It seems to have worked :)
Thanks

@ ¥åßßå

To get through this but still allow comments, is it possible to turn off the requirement for an email.
In other words, if a live person can read the instructions and not provide an email, then they can post.

the Bot, that will continue to fill in the email field will get the blank page and the Human can post a comment.

?? y/n

I think I may have stumbled upon the easiest possible solution for stopping comment spam. I tried installing a turing test and all sorts of other stuff, but it was difficult to get it to work, and required changing several files. This method is, as far as I can tell, unbeatable and extremely easy to implement.

What I wanted to do was make it so that only registered, logged in members could post comments. I installed one hack that claimed to do that, but the hack failed to prevent visitors from commenting by simply going to the permalink page. If you want to stop them un-registered visitors dead in their tracks, try this.

Open _main.php in your skin's folder and find this section:

<?php // ------------- START OF INCLUDE FOR COMMENTS, TRACKBACK, PINGBACK, ETC. -------------
			$disp_comments = 1;					// Display the comments if requested
			$disp_comment_form = 1;			// Display the comments form if comments requested
			

Replace that section with this code:

<?php // ------------- START OF INCLUDE FOR COMMENTS, TRACKBACK, PINGBACK, ETC. -------------
			if( is_logged_in() )
				{ 
				$show_comment_form = 1;
				}
			else	
				{
				$show_comment_form = 0;
				}		

			$disp_comments = 1;					// Display the comments if requested
			$disp_comment_form = $show_comment_form;			// Display the comments form if comments requested
			

The logic statement ensures that no matter what, the user must be logged in, or else the comment form will not even be displayed.

This latest spam nearly made me laugh out loud. There was no URL given, simply a name and the words:

"Sorry for this"

Three blogs were hit, and the posts were from February. The e-mail addresses were from different domains, unlike the @mail.com stuff from a few days ago.

[Edited, because I shouldn't be doing this while at work and I wasn't paying attention.]

BaileyWTNH wrote:

This latest spam nearly made me laugh out loud. There was no URL given, simply a name and the words:

"Sorry for this"

Three blogs were hit, and the posts were from February. The e-mail addresses were from different domains, unlike the @mail.com stuff from a few days ago.

Just got the same spam! >:-<

scottsforum wrote:

The logic statement ensures that no matter what, the user must be logged in, or else the comment form will not even be displayed.

Spammers don't visit your web and click the permalink and type in their spam. They automatically directly access comment_post.php, meaning this will only stop random people from leaving a comment.

Ah, ok. Thanks. I was wondering how that could possibly be right.

But how do they access comment_post.php? Could a similar bit of code be used in that file to reach a similar effect?

John wrote:

@ ¥åßßå

To get through this but still allow comments, is it possible to turn off the requirement for an email.

Yes, change the email required setting (urm, one of the conf files or admin or somewhere...... think of it as a treasure hunt ;) ) then change the hack to if( @$_POST['email'] ) exit;

scottsforum wrote:

<?php // ------------- START OF INCLUDE FOR COMMENTS, TRACKBACK, PINGBACK, ETC. -------------
			if( is_logged_in() )
				{ 
				$show_comment_form = 1;
				}
			else	
				{
				$show_comment_form = 0;
				}		

			$disp_comments = 1;					// Display the comments if requested
			$disp_comment_form = $show_comment_form;			// Display the comments form if comments requested
			

You don't need all that code, just :-

<?php // ------------- START OF INCLUDE FOR COMMENTS, TRACKBACK, PINGBACK, ETC. -------------
			$disp_comments = 1;					// Display the comments if requested
			$disp_comment_form = is_logged_in();			// Display the comments form if comments requested

As EdB said though, they also hit comment_post.php directly so you need to add the following to htsrv/comment_post.php :-

require_once( dirname(__FILE__) . '/../evocore/_main.inc.php' );
// check if logged in
if ( !is_logged_in() ){
header_nocache();
header_redirect();
exit;
}
// end check

;)

@¥åßßå Guru :)

Thanks mate, I'll give it a spin

lol, I think the Guru stands for Garrulous user requires uninstalling :p

¥

EdB wrote:

I know of no way to screen/block comments by email addy.

mod_security :)