Referrer-Spaming(or Comment-Spam) is hot thesedays, which is a growing headache for webmasters in many ways:
1. It abuses your web server severely.
2. It's not just annoying to delete the spams everytime you check your web site, but just... GIVE ME A BREAK!!!!
Thanks to the appearance of "Protector", Headache-1 can be dealt with automatically since it can restrict the simultaneous accesses from the same IP.
Headache-2 is not that problematic for the community sites where all the comments are posted by registered users like here. But for the web sites where comments are open to public, it is.
Possible solutions:
1. .htaccess SetEnvIf Referer "(.*)(ronnieazza|future-200|loan|loans|6q|diet-pills|sex|freakycheats|psxtreme|learnhowtoplay|online-deals-4u|poker|gambling|chat-nett|fidelityfunding|terashells|casino|crescentarian|yelucie|smsportali|viagra|blackjack|porn|nude|naked|adult|anal)(.*).(.*)" ToTheDeepestAbyssOfHELL
<Files *>
Order allow,deny
Allow from all
Deny from env=ToTheDeepestAbyssOfHELL
Files>
So called "Referrer Spams" contain banal referrer information to entice webmasters into their crappy web sites. I know that none of them may well click such feeble links, though they seem to think it works, somehow...lol Anyway, we can exploit this poor information.
2. xoops_refcheck()include/comment_post.php
line232
if ($uid == 0) {
+ if ( ! xoops_refcheck() ) {
+ redirect_header($redirect_page.'='.$com_itemid.'&com_id='.$com_id.'&com_mode='.$com_mode.'&com_order='.$com_order, 1, _NOPERM);
+ exit();
+ }
switch ($xoopsModuleConfig['com_rule']) {
case XOOPS_COMMENT_APPROVEALL:
Given that no registered user commits spammming, it can block "referrer-spams" as long as they hold external referrer infomation. It would also block legitimate comments because many people simply have no idea what the firewall software in their computer does. To avoid this unintended inconvenience, you can disable referrer-check
only when the empty referrer is recognised. Please search "Xoops FAQ" for the detailed information about it.
Btw, this function is accessible from all the modules. So this hack can be applied to those modules that use their original commenting system: B-wiki, WordPress, and etc..., too.
3. g_ticketMaybe, it's not that difiicult to implement GIJOE's ticket system to Xoop's commenting system... But I DON'T KNOW HOW TO do it!!! lol
4. A unique attribute and its correspong value to comment forms.This technique is widely adopted by many blog softwares to confirm if the comments are sent from your comment form.. But how can I implement this function to Xoops? That's the question. As far as I know, "Comment Callback Function" seems to be the one. But, again, I DON'T KNOW HOW TO assign an extra parameter with the provided xoops-form class... lol
Maybe, instead of assigning it, I can set a certain attribute and its value as an default extra-parameter by hacking core files in class/xoopsform, and insert "if ( A!==B){exit;}" into include/comment_post.php...
IMHO, I want this feature to be available from the admin panel in the future: Webmasters can define their original attribute and its corresponding value for the comment forms in their web site.