WPBlacklist Patch

In alot of spam comments, I’ve noticed that spammers enclose their URL’s in [url] and [/url] tags. When WPBlacklist tries to add these URLs to it’s blacklist, it picks up the opening bracket of the [/url] tag. What this does is make the entire URL regex-unsafe, because the opening bracket indicates the start of a character set. With no closing bracket, the preg_* function call barfs.

I’ve created a small patch file which escapes opening brackets in the URL’s. It gets rid of the preg_* function call failures, but I haven’t done uber-extensive testing, so I’ve no idea if this breaks anything else. Anyway, there it is, use at your own risk.

Interesting Links

It’s been a bit of a slow Sunday (for once), so here’s a few things I’ve been looking at lately:

  1. DNS Amplification Attacks – An interesting paper by Randal Vaughn and Gadi Evron that outlines the mechanics behind the recent attack against Blue Security.
  2. Computer Security Threats – An online video of Mikko Hypp√∂nen’s (Chief Research Officer, F-Secure Labs) recent presentation at DePaul University in Chicago. A good talk, but the sound quality is really crappy.

Flying Cans of Meat Pt. III

Is anyone else under an enormous barrage of comment spam? I used to get maybe something like 5 or 10 spam comments a day tops, but over the last few weeks, the number has skyrocketed to (literally) over 400 a day!

To me, this can only mean one of three things:

1. This blog is far more popular that I originally thought (not terribly likely).

2. The spammers have decided to single me out for some reason (do I look that much like a blue frog?).

3. The spam comment problem has just gotten that much worse across the board (in which case we’re all screwed).

So yeah, if you’ve seen this spam explosion too, or if you have any tried-and-true methods for dealing with it in WordPress, let me know.