Protect Spam Comment Using HTTP Referrer

In my previous entry, I highlighted the fact that you should partnered Akismet with other spam prevention plugin namely “Bad Behavior”. The problem with this method is, there are times when each of these two may encounter unexpected downtime. This will create a huge hole to your blog and believe me, spambots going to have orgasm from it.

Do you know that one of the powerful spam prevention is your silent .htaccess file? By adding few lines into it, you can deny all requests that do not originate from your domain using HTTP referrer technique.

Whenever readers wish to leave a comment, most of the time they post it via your comments.php template. The comment is then processed by initiating the script which is carried out by wp-comments-post.php. This is not the case for spambots as the target is not your comments.php but the later.

By blocking all requests for the comments-processing script that are not sent directly from your domain, you immediately eliminate a large portion of blog spam and here’s how.

All you have to do is to paste these lines into your existing .htaccess file and you are done.

# block comment spam by denying access
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ ^http://%{REMOTE_ADDR}/$ [R=301,L]

The last line is to send back the spambots to where they came from. In order words, you send them to spam themselves. Pretty neat eh? Thanks to PerishablePress for the tips.

digg reddit delicious stumbleupon technorati furl ma.gnolia
Does this post useful? Subscribe to RSS Feed for updates.
Posted on: July 5, 2008 | Under Blog Security 
 

Share your thoughts




Speak your mind