Blogspam revisited.

PHPProgrammingWordpress
382 words, 2 mins

Sometime back I wrote about comment spam in the blogs and using fake comment pages in order to catch automated spambots and record their IPs. Over the months I clocked up a few thousand spambots and I thought it might be fun to do something with them. Like block them for a while. :)

Read the previous article for details on how the modified Wordpress comment forms work. In short, any visitor to a form that isn’t linked to from the site pages is a spambot that has been programmed to submit automatically through that page. So, we take the IP of the visitor and store it in a log.

I wrapped all the functionality up in a logip class which can then be included on whichever pages we need it on.

For example, the file wp-comments-post.php is the normal comment submission file and many spambots come looking for this file. The contents of this file are:

<?php
  // IP Log
  include( 'logip_class.php' );
  $logger = new logip();
  $ip = $_SERVER['REMOTE_ADDR'];
  if( !isset($ip) || empty($ip) ) return;
  $logger->add( $ip, 'wp-comments-post' );
  sleep(10);
  header( "Location: http://www.myblog.com/badbot/" );
?>

The visiting bot leaves it’s IP for us and is then sent on somewhere of your choosing. In this case it goes to a page with a short, descriptive message on it.

At the top of the header for the blog pages (found in /wp-content/themes/mytheme/header.php) we have this little piece of code:

// if we are showing the 'badbot' page, then skip this
if( $_SERVER['REQUEST_URI'] == '/badbot/' ) return;
include('logip_class.php');
$logger = new logip();
$ip = $_SERVER['REMOTE_ADDR'];
if( $logger->exists( $ip ) ) {
  header( "Location: http://www.myblog.com/badbot/");
}

So, anyone listed in the spam logs will be automatically redirected to the badbot’s page (or wherever you want really).

The log file holds IPs for eternity at present. At some point I’ll add a function to strip out IPs after a certain amount of time but at the moment, I can’t be bothered.

BTW, I still have the commented out form entries in the comments file. The first commented out entry still gets about 35-40 attempts per day, the second commented out entry gets about 5 attempts.