Comment Spam Honey Pot

October 4th, 2003

I tried Burning Bird’s Quick Fix for fighting comment spam. No luck. In the long term I’d really like an implementation of Simon’s URL blacklists for MT, one without the overhead of Jay’s implementation (which struggles valiantly to avoid modifying any of MT’s code). In the meantime I’ve got one entry which attracts most of my comment spam, and I’m going to turn it into a honey pot/tar pit style trap.

Media Consolidation attracts a high number of spam comments(presumably the first one brought more, and even though I’ve deleted them, they are still in Google’s cache of the page) A significant percentage of all my spam is directed at that entry. So I wrote a super quick, and dirty Perl script designed to be run out of cron that looks at anyone who has posted a comment to that entry, and bans their IP. Supply it with a list of entry ids, and a list of white listed IP address, and the script should handle the rest. Currently it prints a note about banning an IP to stdout, which will cause cron to send you a note, you can comment this out if you like.

Without further ado, mthoneypot.pl

Presented ‘As Is’.

Working with Squid

Btw., if anyone else on Earth is running a squid accelerator on their blogging box, then you’ll need to path MT to recognize the appropiate remote ip. I did this by replacing MT::App::remote
ip with this remote ip impl
sub remoteip {
    my $app = shift;
    if ( $ENV{HTTPXFORWARDEDFOR} ) {
    return $ENV{HTTPXFORWARDEDFOR};
    }
    elsif ( $ENV{MODPERL} ) {
    return $app->{apache}->connection->remoteip;
    }
    else {
    return $ENV{REMOTEADDR};
    }
}

Tagged: Uncategorized

Comments are closed.