I've been seeing 'ouk' as a search term on a few different sets of stats. I couldn't work it out especially when it wasn't just on my sites but others too.

Then today, whilst looking at my WordPress Stats, I noticed a search had been made on Orange UK website. Suddenly I saw 'ouk' as a value in the URL

http://search.orange.co.uk/all?brand=ouk&tab=web&q=test&…

As you can see, the first variable in this URL is 'brand' which has the value of 'ouk'. Because the actual query is the third variable ('test'), I'm guessing stats programs are picking up on the first one.

Well it's solved a mystery for me, hope it may do for someone else!

I've been a bit quiet this week mainly because it's possibly turning out to be one of the busiest weeks of the year for me. I currently have 5 sites underway for work. Luckily they are all similar and can run off the same template files for both style as well as PHP, however it's still fun and games trying to get everything working, especially as I'm still waiting on content and photos and these were meant to be live by the weekend! However on the up side I've had 3 calls today alone from my boss pretty much saying how thankful he is of what I've done. Sometimes it's good to hear that from someone so high up.

In between working on these sites I've also been tackling the HSBC Payment Processor for secure ePayments. A client of mine has a site which was coded a couple of years back by some PHP developers that didn't understand efficiency let alone security! So I've been trying to learn the logic of their shopping cart plus learn how to get the HSBC CPI working – a feat in itself. The PDF supplied by HSBC was of pretty much no help whatsoever. In the end I downloaded the HSBC Payment module for osCommerce, installed this on a test site I have running for testing contributions, and got it working via osCommerce first. Then using the excellent write up on how the module works, I stripped the code down to run standalone. 6 hours of then trying to get that to work, and discovering, thanks to Khalid, that the hash key I'd been supplied had two letters in the incorrect case. The version I'd used on osCommerce had the hash key correct (client's fault for supplying a wrong key). After tearing my hair out all Tuesday, I've now finally gotten all of the code working, so I'm just tying up the final bit which updates the order details.

I feel I've accomplished a fair bit this week!

Any eagle eyed regular may notice that I've added an RSS icon and linked up the Recent Comments title in the sidebar to the recent comments RSS feed from this blog. I've subscribed to recent comments for one particular post in the past but I didn't actually realise you could subscribe to all comments on a blog. Call me slow if you like (you know you want to!).

I'm starting to add these to my feedreader for sites I regularly comment on or enjoy to read, comments 'n all. It's really handy, especially as I comment on a lot of sites and forget to check if I got a response! Anyway, feel free to subscribe. I'm hoping it may increase my commentors too, as the more people that see the comments the more chance there is to spark a conversation/debate.

After my quest to ease the bandwidth load on my site the other day with Spam Fighting, I've also managed to kill my comment spam on this site to zero for the past 12 hours, which considering there's usually 200+ in a day, that's not bad going. I'm still working on the bandwidth consumption issues but I definitely think I've helped it, of course the bandwidth usage at the end of this month will tell the full story.

Just before I go any further, I do use Akismet. However Akismet doesn't stop your bandwidth consumption, it merely blocks the spam from displaying and from you getting loads of notifications about it. I'm trying to take this one step further, and prevent the comments piling up in the first place and ideally stop the spammers from hitting the server altogether.

So what have I done? Just a few little tweaks really:

Renamed the comment script.

A simple change which I'd seen in the past but thought it was too complicated to do. It actually isn't! Simply go into your Comments template file and look for the form action for submitting a new comment. You'll see the action points to wp-comments-post.php, change this to any filename you like (providing it ends with .php). Then go into the root of your blog and find the wp-comments-post.php file and change this filename to be the same as the one you just entered as the action of the comment form. And that's all there is to it. Of course, remember, on upgrading WordPress you'll need to rename the wp-comments-post.php file again, but that's a two second job.

What does this mean? Most spam scripts/bots have been programmed to go straight to your wp-comments-post.php file, so when they don't get it they can't submit anything. I've gone one step further and set up a 410 on this file now in my .htaccess ie.

RedirectMatch 410 ^/wp-comments-post.php

This way it won't even show as a 404 in your stats. I'm not sure if a 410 is a good choice or whether to boot the script to another server using a 301. If bots follow the path they're sent on then the 301 would be a better choice. I'm still looking into this.

Renamed a comment input box

Just incase changing the script name didn't fully work I went one step further and changed one of the input box names in my comment form too. Again, a very simple trick which fools any assuming bots. Open up your comments template file, choose one of the required fields in the form and change the following (I've used author/name as an example):

<p><input type="text" name="author" id="author" value="<?php echo $comment_author; ?>" size="22" />
<label for="author"><small>Name <?php if ($req) _e('(required)'); ?></small></label></p>

and change the input name, input id and the label for attribute values (originally 'author' for this example) to your chosen new name. Of course your comments file won't be exactly like mine but if you're not sure, let me know of your site in the comments below and I can take a look and let you know what to change

After you've changed this you need to update your comment script file, originally called wp-comments-post.php. Open the file up in a text editor and look for line 21 (approximately). You should find the following code:

$comment_author = trim($_POST['author']);
$comment_author_email = trim($_POST['email']);
$comment_author_url = trim($_POST['url']);
$comment_content = trim($_POST['comment']);

Now, depending on which input name you changed will depend on which line you edit. Taking my example into account, change the first line to

$comment_author = trim($_POST['newauthorname']);

Save the file and upload it to overwrite the original. Again on upgrading you'll need to alter this line in the new upgrade.

What does this do? It kills assumption. Bot scripts are programmed to post the variables and values, so if you've changed the variable name then it won't successfully post to that variable. Of course the variable name changed needs to be a required field. So changing the url field won't make much impact besides the bot not being able to submit their link.

Prevent Trackback Spam

After doing the above I had one spammer left and it took me a while to realise they weren't actually submitting to my site but using the trackback link ie. postname/trackback/. So I don't think much bandwidth is used with this method but of course it still meant my comment spam was building up which means another record in the database. Now I don't publicise my trackback links. If you link to a post of mine with a legitimate post of your own, the trackback is automatically created without the need for the trackback link (to be honest I don't fully understand the point of trackbacks!). So with this in mind I did a few searches on the web and came across the WP Hardened Trackback. Simply a plugin that dynamically changes the trackback address of the post on every request so if a person is trying to send a trackback with the wrong URL it'll just be ignored.

Whether this will affect people simply posting and linking to a post of mine, I don't know. I hope it doesn't but until it happens I won't know.

My Reading Material

• Marco – Trackback Plugin
• Shoemoney – Changing Filenames
• Trace Watch – Statistics and Tracker

There should be a shout out to whoever blogged about changing the input name but unfortunately I haven't a clue where I read that!

Yet again the spam and bots on this blog is reaching ridiculous figures. The spam isn't as issue as such. Akismet blocks about 99.5% of it so it never sees the light of day. But the bandwidth on this domain is rocketing and considering there are client sites in the same account I need to try and slow this down a little.

My figures really don't read right that's for sure. According to Feedburner I have around 50 people in total who have subscribed to my RSS feeds (the front end containing all posts, this blog contains just the posts from this blog). With virtually all the feeds pointing to feedburner too, my stats shouldn't be so skewed with hits on the feed files. According to MyBlogLog I had 54 visitors for yesterday, and just over 40 on each weekend day. Yet my stats say I had an average of 280 visitors a day for February! I appreciate I only just fixed my feed file redirects, however for this month I'm still on over 230 visitors a day on average.

So clearly the spam is building up again. Looking through Akismet I can see there are a few certain posts that seem to be drawing the bulk of the spam so I've closed comments off to all posts that are from February and back. It's annoying to have to do this but it's at least one deterrent (hopefully). A couple of IPs have also been blocked that keep cropping up. I realise spammers can and will easily change their IPs but it may deter them for a short period (or at least annoy them!).

Frustratingly I can see the spammers in my stats using Trace Watch. I can see an obvious path that several people in different countries are following, from one post to the next, none of which are directly connected. Clearly all using the same software but annoying the only way of blocking them would be the user agent which is coming up as "Agent String: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" which would block quite a few other users too! So I can't use this to block them which is annoying (hey everyone switch to Firefox and I'll just block IE – Just kidding!!).

It's just all annoying as the bandwidth usage on this site doesn't reflect the true visitors and is instead around 3 times as much as it should be. Unfortunately whilst Akismet does a great job of collecting the spam, it doesn't prevent the bots from hitting the site in the first place. Any suggestions on how to kill off the spam bots further are greatfully received (besides making everyone log in to comment).