Your thoughts on spam filtering

So I bought a domain on the 13th of this month. I haven’t shared the domain to anyone so no one really knows the domain name. I used my MVC application on that domain and I set up a statistic tracker such as ip, the URL they visit, and the time they visited that page.

Amongst 75 page requests, about 5 of them were WordPress related requests. I know that the total count was most likely from scrapers and crawlers, but that 5 requests makes it a little suspicious. Especially since I never run WordPress and I don’t have the intentions to run such a software. I know how to make my own.

So it has brought my attention to this. I know for sure these are spam bots. Around 24% of the Internet is powered by WordPress and with new spam bots growing by the thousands. They are specifically made to target WordPress websites. So here’s the thing. I don’t use WordPress as I have said above and the likely hood f me using WordPress for any of my projects is as slim chance as you and I winning the lottery.

So I was thinking about before even inserting the request data to my db and clogging up resource. I was going to create an array of random websites that could potentially screw with these spam bots. I was thinking about putting Hur Dur in there along with a few porn sites that have tons and tons and tons of pop ups. And these sites will be picked and redirected at random.

To determine if they are spam bots, I am just going to make sure that the request URI does not contain anything related to WordPress. If it does, this will trigger the redirection. No legitimate user will be caught in this detection unless they too are snooping around for WordPress related stuff.

I already use HoneyPot, but this only works for form submission. I don’t want to clog my db with all these requests relating to WordPress.

Thoughts on this approach.

I think it’s a common thing today. Likewise, I have nothing to do with WP, but when I look at my server logs there are a whole load of requests for things like wp-admin. So I think it’s just a load of bots sniffing around the web, assuming any site could be a WP one and looking for weaknesses.
I already have a redirect to forward them on to my “honeypot”, but you may be right, that’s a waste of resources. Maybe I would be better to just [F] them off, (403 that is).

1 Like

I was actually thinking about attempting to crash them with their own request. Sort of like a DDos on their own IP. Maybe even on their 192.168.x.x This would most likely stop them from screwing with you because their Internet would be down. However, thinking about the resources that would take that to happen, it would be a high CPU usage on your end as well as having to flood that much ping request on the bot’s 192.168.x.x Another thought is that this probably isn’t possible either because most languages that aren’t actually touching the client’s computer will most likely not affect them at all. The only way I can think of is forcing them to download a .exe file that is like a worm or something that infects that bot.

We are in the 21st century where there are more than 30 programming language, but none of them can help us protect us from these kinds of bots. It kind of makes me wonder why even protect ourselves if spam bots can basically bypass anything regardless of respecting policies or not.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.