WordPress spam…

So, I was looking at the start of the year about 8% of my stats was SPAM.yuck. Then something insane happened this week, it jumped to 28%.

So I crossed that point when something would have to be done!

I’ve already installed stuff to detect the spam, and it does a good overall job.  But I wanted to take it to the next level and block all traffic from the spammers! Anyone who SPAM’s probably is engaged in other nonsense that makes me not want their traffic.

Thankfully for me and this brave new era of google, I could quickly find someone has done 99% of the leg work for me right here! Thanks to Sakis’s hard work I was able to add some minor tweaks, and generate a full iptables config, flush & add the new rules, then have cron run it every few minutes.

Pretty cool stuff if I do say so myself!

Since the primary site is now offline, I’ve updated with an archive.org link. For what it’s worth, here is the meat of the article in question:

Dodging WordPress comment spammers

I admit: Allowing anyone to post comments is bad practice. Though, I’ve got my reasons to stand my ground. I’ve many times read something on a blog and to some of them I even had something to add. Could potentially help blog’s author or future visitors by sharing my own experience or request a solution to one of my problems by posting a question. Guess what? I am so lazy that I rarely go through registration procedure, just to enable me posting a comment.

I am one of those that insist dialog and discussion is always constructive as long as both ends feel like establishing it. I do not want to lose the opinion and comments of stopping-by visitors, just because I want a “safe” thing that runs on its own. But, “buts” exist. My blog is currently one month old, still it manages to receive 300+, in average, spam-oriented comments per day, while I’ve even witnessed a 1k/day.

Thank god, WordPress provides blacklist features based both on IP addresses and comment content. And it really does a good job: After messing around with your recent “spam” you can easily end up with a list that accurately detect a non constructive comment. However, you’ve not solved all your problems this way:

  • New comments still come. They are just automatically rated as spam.
  • Your database fills with garbage.
  • Your web traffic statistics are spoiled.
  • You waste bandwidth.
  • You waste CPU time.
  • If your spammer ever stop selling drugs and starts advertising flesh, all your content matching rules go away.
  • If your spammer loose interest into being a blog spammer and switch to a port-scanner, you will receive that too.

How about you refuse them a spare TCP socket? Besides, you don’t even wanna know them. All their connection attempts will end-up to void. Time for some “iptables” magic.

WordPress has already stored their IP addresses within its database. Consult that wp-config.php file you lately edit when you firstly installed WordPress, and refresh your memory on what your database name, username and password is. Mine are:

$ grep "DB_" wp-config.php

define('DB_NAME', 'mywordpress');

define('DB_USER', 'sakis');

define('DB_PASSWORD', 'myextrastrongpassword');

define('DB_HOST', 'localhost');

define('DB_CHARSET', 'utf8');

You now have to use that information into constructing this single-row command:

Check my example:

$ mysql -f -p --user=sakis mywordpress <<<"select distinct CONCAT('iptables -A INPUT -s ',comment_author_IP,'/32 -j DROP') from wp_comments where comment_approved='spam' order by 1 asc" | grep -v "^CONCAT" >> THEY_BOTHER_ME
Enter password:
iptables -A INPUT -s -j DROP
iptables -A INPUT -s -j DROP
iptables -A INPUT -s -j DROP
iptables -A INPUT -s -j DROP
iptables -A INPUT -s -j DROP

You now have a simple recipe, named “THEY_BOTHER_ME”, ready to be executed (as root):

$ su


Make sure you hook “THEY_BOTHER_ME” at your system’s start-up procedure and construct a cron/at job to periodically refresh it.

I’ve created a file named /etc/cron.daily/update_spammers.sh, with the following contents:



before=`cat "${fileloc}" | wc -l`
before=`echo ${before}`

cp "${fileloc}" /tmp/BOTHERS.$$

mysql -f --user=sakis --password=myextrastrongpassword mywordpress <<<"select distinct CONCAT('iptables -A INPUT -s ',comment_author_IP,'/32 -j DROP') from wp_comments where comment_approved='spam' order by 1 asc" | grep -v "^CONCAT" >> /tmp/BOTHERS.$$

sort /tmp/BOTHERS.$$ | uniq > "${fileloc}"
rm -f "/tmp/BOTHERS.$$"

. "${fileloc}"

after=`cat "${fileloc}" | wc -l`
after=`echo ${after}`

di=`expr ${after} - ${before}`
di=`echo ${di}`

printf "[%s] Spammers updated. Added %d new spammer(s) (Before: %d, After: %d)\n" "`date`" ${di} ${before} ${after}

And sadly, his original script is now offline.  This should be enough for anyone to get going on this exciting spam adventure…

Elite Dangerous

There has been some buzz about for years (decades?) about a new Elite game.  Sure the Frontier sequels were simply amazing, but now that PC’s are far more advanced than they’ve ever been, what would Elite look like today?


So here is a small taste!

Unlike other video games, there has been a movement afoot of the end customer directly financing the upstart cost for projects to get them off the ground.  The idea being that people themselves may be interested in a product, and they can cut out the middle men of marketers & financiers, and do so in a mob fashion.  Kickstarter is one of many sites built for this purpose.

So I was surprised to find that David Braben (Of recent Raspberry Pi fame), had started one for the future of Elite, right here.  He is trying to raise a hefty £1,250,000 to directly fund this new version of Elite.  Right now he is £683,487 short but has 41 days to go.  I would imagine that one of the reasons of why they want to go this way, is that during the Frontier days when GameTek went bankrupt, leaving much of their distribution and marketing in the air.

Is this madness?  Maybe a tad, but the original developers behind Wing Commander managed to fun their project, Star Citizen on Kickstarter as well!

Of course here is the original pitch video:


And be sure to check out the projects website.

Oh yeah, and as part of my jdosbox rescue, I’ve cleaned up the Frontier Elite & First Encounters images so they work now!

So I got to play with a ‘surface’ yesterday

Honestly it’s not that bad, the UI is surprisingly snappy.  The thing has a quad core processor, 2GB of ram..  the bundled keyboard… sucks. badly.  I don’t even know why they even made it.

Surprisingly, there is adobe flash on the platform.  Getting to the command prompt was pretty trivial, although I didn’t have any pure unsigned .net exe’s on me to test..  I forgot to check if the runtime included csc.exe …

The price is just too high for the platform to be compelling to be honest, it would have been a contender around the time the iPad launched, but true to MS’s nature they always let others lead before they enter the market.

Maybe after Christmas sales, or the lack of, there will be some motivation on Microsoft’s part to price it more competitively.

Also DOSBox would be a nice to have for Windows RT … but if it is all walled garden crap who knows if that’ll happen easily…

Aclock BSOD

(This is a guest post by Antoni Sawicki aka Tenox)

Do you remember the famous Windows NT Blue Screen Of Death? For years it was a source of jokes and bad reputation of Windows reliability.

There even was a Blue Screen Saver. Today we fortunately see much less of it, but it still is there, reminding us that Windows NT internally is in fact a text mode operating system. The 1989 NT Design Workbook tells us that in the early days of development, before OS/2, Win32 subsystems or any GUI were developed, there was an ANSI console and bunch of command line utilities running in the text mode. Sadly all were removed in the retail version. The only true text mode application left around was autochk. Since the day Aclock was conceived I always wanted to run it on the NT text mode boot screen. In it’s twisted logic it actually makes a perfect sense.

So how do you actually output to the BSOD screen? Initially there was a lot hope in Windows NT Native Application, which can use NtDisplayString() function to display text before GUI takes over. Mark Russinovitch has written a sample Native Application with source code. Unfortunately I soon realized that NtDisplayString() does not allow for any control characters that would let me position the cursor or clear the screen. It doesn’t let much more than to display “Hello World” during Windows boot. This unfortunately wasn’t what I was hoping for. Out of lack of further ideas the project was shelved for nearly 10 years until I recently got some help from a real windows insider.

The new hope came from a HalDisplayString() and it’s helper functions HalQueryDisplayParameters() and HalSetDisplayParameters()which return screen resolution in characters and allow to position the text cursor. Exactly what I needed! Unfortunately these functions are part of the NT Kernel and there was absolutely no hope of calling them from user mode, even a Native application.

So a device driver version of Aclock was conceived. Err WHAT? Yes! A Windows Kernel Mode Device Driver version of Aclock. It sounds like craziest idea and most ridiculous waste of time ever. Worse than that, it definitely is! Despite that, development of the driver was actually surprisingly straight forward and the most difficulties I had was to do with setting up the right environment. It required Windows NT 4.0 SP6, an old version of NTDDK, SDK and Visual Studio. Once I had the project set up correctly, the only thing left to do was to figure out the kernel mode equivalents of some of the things I was getting for granted, for instance sleep(). My last surprise was rather unexpectedly difficult access to floating point in the driver. I was advised to avoid, so I have generated a pre computed tables of sin and cos values for every minute on the clock dial.

Aclock running on Windows NT BSOD in Kernel Mode

I must say that VMware Workstation Snapshots came very handy for launching and testing of the driver. It spared me from constant rebooting and re-launching the whole environment. I could load aclock and literarily click “back” like in a web browser.


Since running the driver on your own system will render it unbootable (you can always do a snapshot or use last known good configuration) I have built a minimal Windows NT Embedded (NTe) image that loads the driver on startup. It’s available as OVA image.

Windows NT Embedded project

The next steps may involve porting AA-Lib to NTHAL. From there the possibilities are unlimited aalib-quake? 😉

Update:  Video

Aclock Windows NT BSOD Driver from Antoni Sawicki on Vimeo.