Sneaky spammer sneaks…. and other conspiracies

I’ve stumbled onto something that I wasn’t previously aware of regarding my spam comment attacks… (which btw, I’ve had another 60 since my last post…)

The spammers have the ability to comment on the posts I have in Draft status.

This is a bit disturbing.

I know this because of a particularly odd post header of mine popping up in my comments “Awaiting Moderation” queue. I have a draft titled “Circus Hippos.” Just try and tell me that it’s coincidence that the spammers had some insider knowledge on a dumb title like that.
I deleted the comment before really thinking about investigating it, but I’ve got lots of Draft posts on the cooker, so we’ll see what happens next. I’ll let you know what I find out.

adoring all but spammers with smooches~
jEN

*oh… there aren’t any other conspiracies, as the title implies… it just sounded good. 😉

6 thoughts on “Sneaky spammer sneaks…. and other conspiracies”

  1. Hi jEN,

    once again you have awakened my inner geek!

    I have had a look about in the WP code and I think I have worked out how you can get spam posts that are in draft.

    The only difference between a live post and a draft is the flag setting so there is an ‘post_id’ for the post as soon as you save it.
    The only flag that the wp-comments-post.php checks is ¬¨‚Ć’comment_status’¬¨‚Ć for the value ‘closed’. If it checked the ‘post_status’ flag for ‘draft’ as well then posting to drafts would not be possible. It looks really simple to add this as it is basically a duplication of the ‘Closed’ check with a small change.

    There must be some code that spots if a post_id hasn’t been used yet otherwise the spammer could just fill the comments table in wait for you posting an entry to that ID. I haven’t found that yet but I am sure it must be somewhere.

    Kev

    *what do you mean ‘there aren‚Äö?Ñ?¥t any other conspiracies’ , ahh I see they have got to you as well. 🙂

  2. There’s a good chance the spambots locate the url of the comments posting page (it’s wp-comments-post.php I think – I’m working from memory, not rummaging in files), then just hammer that page with lots of requests… hang on, that might mean serious server load and page requests… I’ll have to look at server logs tomorrow.

    Perhaps they get the reference ID of the most recent post, then post to a bunch of reference IDs below that – some of which would be published, others draft. They are damn clever posting to draft because you are less likely to spot the comments before they go live on publishing the post.
    Anyways, your solution would work, of course, but it might be worth mentioning over on the WordPress forums/site so it could be incorporated into future releases. I’ve not seen a mention of it over there so you might have spotted a good solution to some of the spambot posting.

    One way of completely stopping spambot attacks, at least for a while, is to rename wp-comments-post.php so they cannot find it. Also means changing any references to it elsewhere, but that’s just a search & replace throughout the code.

    I’m kinda disappointed I’m the only one who hasn’t had a spam attack yet… I’m feeling a little dejected, left out and wondering if I smell.

  3. Getting the most recent post then starting below would make sense.

    I had thought about renaming wp-comments-post.php as well but it would only work if the spammer does not harvest the posting url from the most recent post.

    Sorry you are feeling left out nellus, I have quite a few spams that Spaminator caught, if you want I will post them to your blog? 🙂

    Kev

  4. I love my geeks! Thanks for everyone chiming in! I’m running what I thought was the most recent WordPress, 1.2.1 Mingus. Is 1.3 just a beta? Ah- nevermind. I just went poking around the WP site to find out. I’ll wait it out before I dive in. I did notice that the spam measures that I have in place in 1.2.1 are working much better than what I had going before. At least I feel like I have some control now.

    Thanks again everyone… I have some serious tinkering that I want to do with this blog and the CSS, so let the geeking begin!

    smooches~
    jEN

Comments are closed.