Current version: 2.2
Overview
Referrer Karma is a rather simple script that prevents malicious bots from accessing your pages, flooding your logs and possibly draining your server’s bandwidth. All it does is check that an incoming bot has a valid referrer field URL (i.e. that the page it claims to come from, does exist and does have a link to your site). If RK thinks the incoming visitor is a malicious bot, it displays a 403 error page (which will not be counted as a visit by log analyzer tools) and uses HTML redirecting to the original URL to avoid blocking legitimate visitors (See below for details).
RK keeps a detailed log of referrer URLs that have been blocked, approved or skipped, as well as a short-life black/whitelist of previously examined referrers. It is designed to take the least amount of time possible when examining an incoming referrer. The interface lets you manually whitelist or blacklist a particular URL, as well as add important domains to a static whitelist file.
Recent versions also interface with Wordpress’ anti-comment-spam plugin Spam Karma to block spambots before they even reach your comment page (note that you do not need to be running either SK or WP in order to use RK: this feature is entirely optional).
Requirements
You must of course be running PHP.
You also need to have URL fopen or CURL enabled on your install of PHP (most servers have at least one of either, but you might want to check with your host).
Download
http://wp-plugins.net/downloads/ref-karma.zip
Disclaimer
Please read carefully the details and warnings below. Only install if you are comfortable with a certain level of risk (nothing I consider a show-stopper, personally). Overall, I just cannot afford to do personal support for everybody, since I should not even be spending a second developing this at this point in my life. Which doesn’t mean I won’t listen to suggestions or bug reports (particularly bug report with a code fix: these are much appreciated). But as a rule, consider yourself on your own with this plugin.
Instructions
Install is really easy… provided you follow carefully these instructions. There are no traps and nothing that anybody with basic knowledge of the web cannot do.
- Drop all the files (referrer-karma.php, rk_settings_sample.php, whitewords.txt and whitelist.txt) anywhere on your web server. If you are a WP user, I would recommend copying them into wp-content
- Edit rk_settings_sample.php and fill in the necessary values (there are comments to guide you inside the file). Basically, the only required values are MySQL connection variables. It is recommended to set a password value too. Ensure that
$can_configureis set totrue(it sets Referrer Karma into “setup” mode). Save and rename the file to rk_settings.php - Browse to
referrer-karma.php?ref-karma-setup=true(after prefixing the correct path to the file on your server, of course). And make sure all the checks are successful. - If the setup is successful: edit the rk_settings.php file again and switch off setup mode by setting $can_configure to ‘false’. This step is essential and any attempt to use RK will fail if the variable is not set to false.
- Open the main PHP file of the page your want to protect: this can be any file that spammers are likely to hit often (e.g. your blog’s ‘index.php’ file) and copy-paste the lines you were given on the setup screen (“include” etc). To be effective, the call to RK should be inserted at the very top of the very first file ever used by the pages you are protecting (a common header file or the top of a template), before any HTML or PHP.
- Sit back
- Enjoy the show
Displaying RK stats
Matt put together this very cool little plugin for Wordpress that will automatically insert RK stats in your footer (the same way SK does). You still need to install RK separately.
A few very quick things
- You can manually add whitelist domains to the file whitelist.txt (just add a new line with your friend’s domain)
- You can do the same with keywords (used on the whole referrer string) in whitewords.txt
- Whitelist and whitewords supersede blacklist, so even if an entry is blacklisted, whitelisting it will make it go through.
- Don’t hesitate to reset the list any time: it isn’t very costly to build, more like a “cache”.
- List entries automatically expire (if not used) after 10 days (you can set the number of days in the settings file).
- Use the password feature (set a password in the config file and append
&pwd=[your password]to the setup URL) in order to access the setup screen when you are out of setup mode (i.e. when you have changed the value of $can_configure back to false). - At the bottom of the setup screen, you will see links to: 1) Reset the tables (whitelist, blacklist and logs) 2) See logs 3) See current entries in the white/black list 4) See logs without 403’s (allow you to see at a glimpse recent additions to the black and white lists, without the hundred following spambot attempts).
- If you enable Spam Karma compatibility in the settings file, RK will automatically use SK’s IP blacklist to block spammers at the door. This is a no-risk block though, as visitors will still be given a “click through” link to unban themselves and browse your site.
- Recent versions of RK also allow you to set a regex to be used on the referrer’s page content to check for validity (for example, you could set it to approve any referrer that contains your page’s name in order to lower the risk of false positive).
How RK works
Here is, in a nutshell and with some simplification, how Referrer Karma decides whether to allow a referred inbound link or not. The steps order is important (i.e. if a test is conclusive, the script doesn’t go any further):
- If there’s no referrer or if it’s from the same domain: OK
- If the referrer’s domain is matched by an element of whitelist.txt: OK
- If the full referrer is matched by an element of whitewords.txt: OK
- If the referrer’s IP matches an ip_ban value (means this IP has been known to access many times through a bad referrer) in the blacklist table: 403
- If the referrer’s domain matches a white entry in the table: OK
- If the referrer’s domain matches a black entry in the table: 403 plus ban IP after a certain number of attempts
- If the referrer’s domain is not in the table, then RK parses the referrer’s source page and:
- If the source contains the target domain (yours): OK and added as white entry in the table
- If it does not: 403 and added as black entry in the table.
- If the referrer’s domain is not reachable or does not appear to be a proper URL: OK but the function returns false (basically, you can decide to be extra paranoid and refuse the connection when check_referrer() returns false).
OK means that the page is displayed absolutely normally (the user will never know he’s been screened).
403 means the user receives a “403: Access Forbidden” error, with a notice informing him that he has been detected as potential Referrer Spam. The user is not barred altogether from viewing the page (only from this referrer): he is provided with a special link on the error page that will redirect him to the page he was originally coming for.
There can and will be a few false positives. Possibly a few bad whitelisting (e.g. a spammer getting whitelisted through a trick of some kind, although this is unlikely). And more likely a few bad blacklisting: if for some reason the referrer page is not publicly accessible (e.g. a webmail server or such). The latter is why there is a default list of whitelisted domains that contains most search engines and other domain susceptible to appear in a referrer without containing your URL.
I am in the process of building a semi-exhaustive list of webmail domains to be whitelisted by default, as there is no other way to tell these apart from a bad referrer. Feel free to send me your own suggestions.
Optional: Extended features
There are basically two extended filtering features you can use with RK:
1. SK integration
The following setting only apply if you have Spam Karma installed and running. If you don’t, there’s no need to worry about it: RK will still do its job. But having RK take advantage of SK’s blacklist (and vice versa) helps minimizing CPU and bandwidth costs on your blog.
Open your rk_settings.php file and replace the following two lines:
$use_SK_blacklist = false;
$secret_blacklist_string = "rumplestiltskin"; // CHANGE that value if you use the SK blacklist: pick any word you
by:
$use_SK_blacklist = true;
$secret_blacklist_string = "[some random word you pick]";
The first variable tells RK to use SK’s list (make sure it’s installed!). The second one is a sort of “fingerprint” (you don’t need to remember it, just fill in anything you want) that is used to allow banned IP to auto-unban themselves.
2. .htaccess Blacklisting
This one should probably be only used if you have some experience tweaking your .htaccess file.
Basically, if you forward or mod_rewrite a URL toward: referrer-karma.php?rk_redirect_to=[some URL]&rk_ban_this_ip=1, the client IP will automatically be blacklisted in SK and will receive a 403.
If you provide a redirection URL for the rk_redirect_to param (for example, the original URL), RK will offer to lift the ban and redirect the user, upon simply clicking a link. If you leave that parameter empty (nothing after ‘=’), the user will only get a rather dry “get lost” message… so make sure you only do that for absolutely unmistakable spam.
For example, I have added one simple rule to my .htaccess file:
RewriteRule ^cgi-bin/MT/.* http://unknowngenius.com/blog/wp-content/referrer-karma.php?rk_redirect_to=&rk_ban_this_ip=1 [NC,L]
This rule insures that any spambot randomly trying to locate a Movable Type script (e.g. mt-comments.cgi) will end up in my permanent banlist: not only will they receive a 403, but the next time they try accessing any other areas of my blog, they’ll still receive a 403.
Feel free to use this rule (after replacing with your own paths, of course). It ought to work equally well, adapted for any other URLs that are not supposed to be queried by a legitimate user. I believe it would even be possible to put together a more complex set of mod_rewrite rules to redirect spambots that try to access your wp-comment.php file directly without a proper referrer (or without having queried anything else on your server). But be careful if you get into these waters: you could easily break your comments.
Change log
2.1, 2.2: Fixed bugs (SK2 stuff).
2.0: Added SK2 inter-operability. Can now check for a custom regex (instead of only domain name) in referring page’s content.
1.7: Removed RK IP blacklisting (still using SK’s IP banlist, however), as it was both redundant and source of some annoying recursion bug… Shouldn’t matter too much. Complete facelifting for logs and lists, courtesy of Jeff Minard, who might be involved in RK’s future development…
1.6: fixed bugs introduced by 1.5.
1.5: Changed treatment of unreachable URLs. See comment #36 for details.
If you are running anything older, you must upgrade! Nearly every previous versions contained major bugs that have been fixed ever since.
Doc in progress… contact me if you have any question
2005-02-14 at 1.20 pm
Looking good so far, will check back in 36 hours or so and see.
–Ben (ICB in #wordpress)
2005-02-16 at 3.40 am
WordPress Tool: Referrer Karma
Blogging Pro – Blogging News, Tools and Hacks
2005-02-16 at 3.42 am
Great script, but I believe I found a bug in the code that checks if the tables exist. I kept getting the notice that the script was making the tables and it kept dropping my log table.
It seems you perform a SELECT statement trying to get ref_karma_logs.msg_id which don’t exist in the tables created by the script on my server. I changed it to trying to get ref_karma_logs.id and the script works fine, printing that the tables already exist instead of creating them. This is on line 89 or so in the script.
Otherwise, great script. The way it works is very smart and a great idea. I can see this becomming as useful and (sadly) as needed as Spam Karma.
2005-02-16 at 8.21 pm
Is there a way of seeing what the denied page looks like?
2005-02-16 at 8.57 pm
LordRich: Try WannaBrowser – it’s web-based. You can send false referrers with it and see the results.
2005-02-17 at 2.13 am
Copied from the PHP source:
It would appear that you are have been identified as a nasty referrer spammer and, as such, you have been banned from accessing this page directly.
Bad Karma, man, bad karma…
However: If you are only an innocent bystander in the War on Spam, fear not: all you have to do is click on the following link and you will be taken to the page (sorry for the inconvenience):
More info: Referrer Kama’s Homepage
—
So far it has blocked one referrer spam person. This is usually the time they aren’t spamming my logs so we will see how well it works when they really try.
2005-02-17 at 2.35 am
Referrer Karma
Referrer Karma – tool for blocking referrer spam. Looks interesting. [Via]…
2005-02-17 at 3.43 am
Referrer Karma – A Referral Spam Prevention Tool
It seems the same guy who makes Spam Karma for WordPress has gotten fed up with referral spammers after they knocked his website down for several hours.
His solution? Referrer Karma.
This is a new tool created to rid our logs of referral spamming…
2005-02-20 at 9.20 pm
links for 2005-02-20
Save Toby A very clever (and evil) idea! I love it! (categories: clever evil) Ask MeFi – Footpath Protocol…
2005-02-21 at 12.41 pm
For wordpress, is just placing the code in the index.php file sufficient (the one with almost nothing in it, not the one specific to your theme)? I’m still getting a bit of referral spam showing up in stattraq from domains in my Spam Karma list (that nutzu c*nt). But when I stick that domain as a referrer into wannabrowser it gives me the blocked message.
2005-02-22 at 12.28 pm
I’ve started using RK now. Very nice! I like the way it works. Thanks for clearing up the SK issues too. I’ll have to take a closer look at it next.
2005-02-23 at 3.27 am
Any thoughts on packaging ref-karma as a WP plugin?
2005-02-24 at 9.16 pm
There are sites that consistently will not let me in when I am browsing from work, due to ref-karma. Pleeaaaaaaase do something about that.
2005-02-25 at 7.25 am
MacManX, the reason RK works so well is that it is called before WordPress is ever initiated. So I think making it work as a plugin would decrease its usefulness.
2005-02-25 at 7.35 am
Not to mention that the way it’s coded now, it will work with ANY user hosted blogging software. Any user hosted website for that matter. Makes the tool much more useful.
2005-02-25 at 9.03 am
is this plugin compatible with 1.2 mingus?
2005-02-25 at 11.54 am
Dave, I have been using Referral Karma on Blogging Pro and lately people have been complaining that they are being sent to the referrer banned page when they come to Blogging Pro from the WordPress Dashboard.
Any ideas why?
2005-02-25 at 2.59 pm
Michael,
Sorry to hear that RK would block you. But first, it shouldn’t be preventing you from accessing the website, merely asking you to click on the redirect button (with the latest version it will even do the redirection automatically). Otherwise, I would need to have a look at what your work connection gives for referrer and other variables… There’s nothing in itself linked to the IP for RK’s basic detection (it will only add the IP after repeated attempts, and this behaviour has also been improved over recent versions).
dg: RK is NOT a plugin. So it will work with any PHP script, that includes both 1.5 index.php file (I recommend using the root one, since it’s loaded first) or 1.2’s index.php file.
John: Generally speaking, you must be careful that there is no way for RK to tell referrer spammer from people coming from private page (such as webmail etc). This is dealt with in two ways: 1) RK keeps a list of known webmail URL and other important sites that might send referrers without displaying the same thing when RK goes checking (that’s all in whitelist.txt) 2) in order to deal with clicks coming from a distributed file, plugin, or other unknown URL, RK also uses the much more powerful whiteword.txt, which will match any part of the URL with the strings it contain. That allows you for example to exempt any referrer that contain the string “/wp-admin/” if you are distributing a plugin that people might be clicking from (or dashboard, or anything else).
In fact, this string (and many others) have already been added to the whitelist files a few versions ago: upgrading to the latest version should solve your problem.
Generally: you need to keep an eye (especially at the beginning) on your logs, by setting a password and using the setup URL with &pwd=[your password]… If you see regular URLs unjustly being blacklisted (while they contained your URL), please refer them to me, as this is either a bug or a URL that needs adding to the whitelist (please be sure that you are running the latest version fist). RK also allow you to switch a site between white and blacklist, or remove a blacklist entry. It should also help you pinpoint any string you might want to add to your whitewords file (some of them are proper to your own situation and won’t be there by default).
Cheers and don’t hesitate to contact me if you find any verifiable bug with the latest release…
2005-02-25 at 11.32 pm
Thanks Dave, I’ll upgrade and see what happens.
2005-02-26 at 12.10 am
perhaps i’m blind, but where do i add domains to the blacklist? i can’t find anything that looks like one.
2005-02-26 at 12.15 am
Maledei: RK is not based on URL or keyword blacklisting. I might add a user blacklist at some point, but this is not a priority, as these usually yield a disproportionate amount of false positives. Instead, RK builds its blacklist live from people visiting your site from somewhere else. Think of that blacklist as more of a cache of which sites RK thought were OK (so it doesn’t have to check them again the next time). If you browse to the “show list” screen, you can switch a blacklist entry to whitelist and vice-versa…
HtH
2005-02-27 at 12.49 pm
For someone new, do we just basically let it do its magic all by itself? (I’m not using SK at the moment.) Thanks man!
2005-02-28 at 12.40 am
If your not worried about referral lists, then yes, you can simply sit back and let it do it’s thing. However, if you are running it, then you must be concerned about referral lists.
I take a look at it about once a day. Make sure there are no false-positives. If there are, I usually switch the entries to the whitelist. I also make sure it didn’t let something go through that shouldn’t have and move them to the blacklist. I’ve only had to move 1 entry to the blacklist, but I have moved about 5 entries to the whitelist. Mostly obscure search engine referrals.
2005-02-28 at 1.00 am
I had setup the PHP call incorrectly, but now it’s going. I’ll do the same and check it once a day – I should be okay. Thanks for the clarification, Dave!
2005-02-28 at 2.38 am
Hey Dr. Dave, any chance you could work on the colors a little? I’ve had to make some minor modifications to the main file to get the black links on black backgrounds to show up better. Maybe the background colors could be a little more saturated (is that the correct term?) so it would be more like black links on grey for blacklisted items.
I changed the link color to yellow and changed the main page paragraph with the links for “Show Logs” and “Show white/blacklist” adding ‘class=”status_msg”‘ to the paragraph tag.
Just a thought…
Also, any idea why the links only show up on one of the systems I look at that page with? The rest of the systems just see the text as if the link was stripped. No huge biggie, I just copy the text and paste it into a new tab. Just curious…
2005-03-01 at 4.21 am
Using a visually-modified version of WP v1.5’s Default Theme, would it be logical to include the call at the top of header.php rather than index.php?
2005-03-01 at 4.25 am
You really want to put the code described above in stop 5 in the index.php file located in the “install directory” of WordPress. Not the theme’s version of index.php.
You want to catch the reference just as soon as possible.
2005-03-01 at 5.18 am
Thanks! I never thought of that index.php file.
2005-03-01 at 12.20 pm
I have the latest version installed (1.4) and since March has come on my server I can already see the effects of using RK. However, Some of these spam requests have gotten through in some cases whereas in another case, RK works as defined and gives a 403 error to the client.
An example is 3 recent requests I found in my access log for Apache all within the same minute. The person is trying to spam the same URL in each case, but while the first 2 are blocked an given a 403 (as reported in the log) the last one is allowed and shows up in my stats generated for the month.
So far out of only 3 hours of the month of March, I have had 5 403 errors sent to clients for referral spamming and 3 spam URLs made it into my logs.
The only explination I can offer is the domain that is spamming me is using IP addresses that I have already blacklisted in SK (as you recommended in a comment on my blog) and are being picked up by RK and showing the 403 only some of the time. The domain name that is attempting to show up in my logs does not appear on the white or black list of RK. This may be a possible bug? Feel free to contact me if you want more information.
2005-03-01 at 1.12 pm
Eric, if the domain and IP are not on the whitelist or blacklist, then RK reads the referring page and looks for a link to your blog, to see if the refferal is genuine. If for some reason it can’t download the page, it allows it.
I realised that this was causing some spam referrals to show up in my stats. However, in this case the function returns FALSE, so you can use that to get your stats package to not log the hit.
2005-03-01 at 5.37 pm
I love when users reply to each other’s questions… That should happen more often!
I have little to add, except to say that all of the above is correct:
- you want to insert the code as early as possible, so as to avoid any unnecessary processing…
- there is indeed a case where spammers can make it through: if the URL is unreachable, RK doesn’t block it, but returns ‘false’. This is because I’d rather take the safe road by default (I deal with enough pissed-off users because of SK’s “tough” approach to borderline cases). It’s basically up to you, the user, to see how you wanna handle these cases. Retrospectively, especially now that I have added an automated meta-refresh (most people don’t even know that they have been “blacklisted”, since it shows the page immediately), it might be a good idea to block this case too.
Upon seeing a value of ‘false’ returned by the call, you could either call
die()(but that would still be counted as a hit and appear in your stats, I think), or better yet, use RK’s function:kick_some_ass()that will give the usual “click here to be redirected msg”, log their attempt (but not blacklist them) and put a 403. The resulting code would be something like:if (! check_referrer())kick_some_ass();
Dave, regarding colors: I’m totally open to enhancements. That’s why I made an effort to separate them nicely in the CSS. If you have made change you think would improve the look, just send them to me and I’ll add them to the release (same goes for any code improvement anybody might want to submit).
2005-03-01 at 5.40 pm
BTW, is anybody using RK with SK (and possibly with the htaccess trick listed in the doc)?
I would be curious to hear if you have noticed any significant decrease in spam attempts (the count caught by SK) after that?
It might be a coincidence, but my counter suddenly stopped climbing around the time I added RK-SK “collaboration”… and my logs sure do show a lot of SK IP-based denials… Might also be spammers tired to hit SK’s wall… Either way I’m sure my host’s CPU appreciate the load difference…
2005-03-01 at 5.46 pm
Yes definately. My comment spam slowed to a trickle after installing RK (I was already using SK).
2005-03-02 at 2.37 am
The problem of not being able to request the URL and allowing the hit is true. So far (for the 1st of March) 32 hits have gotten through to my stats for sites that simply don’t work. Of course, why would you advertise a site that just doesn’t work is beyond my understanding (along with spamming webmasters with poker). I will be making the changes in order to block these accesses also. I think it will not cause too many problems because how many people can come to your site while the site doesn’t work? This could only realisticly happen (as far as I can tell) if someone is browsing their browser’s cache.
On the plus side, 40 hits have been blocked by RK already. All of which using IP addresses that I added to SK’s blacklist from the logs of RK. The statement about spammers using common IP addresses is probably true and seems to be true. Just like most spam emails only come from an actual handful of people, the comment and referral spam probably follow the same rules.
2005-03-05 at 1.13 am
I’m getting a lot of referrer spam (203 requests yesterday) from highprofitclub.com and ref-karma isn’t even touching them. I don’t even see the original requests in the RK logs. I’ve added an index.php with the RK include into every directory two days ago, and since the include is in my WP index.php, it should be included with my custom 404 as well. Anyone else getting this? Any thoughts on how they’re getting through?
2005-03-05 at 1.38 am
MacManX: they are going through for the very reason discussed above: URL is unreachable and RK is taking the safe route. I had actually simply manually blacklisted them, but that’s a bit hairy since it requires handling mySQL to do so…
So I finally changed my mind of what should be RK’s behaviour and from now on it will ban by default any unreachable URLs.
To activate this new behaviour, please update to the new version (1.5) and, if you were running an older version, make sure you insert the following line anywhere in your rk-settings.php file:
$ban_unreachable_urls = true;
(if you are using the sample settings file provided with v. 1.5, it will already be there).
You guessed it, setting this var to ‘false’ will reverse it to the old behaviour (unreachable URLs are left alone and RK returns false).
2005-03-05 at 3.00 am
Thanks dr Dave for the update.
2005-03-05 at 3.12 am
thank god i thought to check back here! i have had 2198 hits from highprofitclub.com over the last couple of days. the HOW and the WHY was driving me mad! thanks again drDave.
2005-03-05 at 3.43 am
scrap that, it’s back again. any other suggestions?
2005-03-05 at 3.57 am
I’ve implemented it. Hopefully I’ll have better luck than the busty pants of joy. BTW, after Spam Karma and Referrer Karma, you really should change your domain do wellknowngenius.com.
2005-03-05 at 9.50 am
great fantastic
you re genius
)
after spamkarma referer karma
i ll going ask j chirac to give you the “legion d honneur”
2005-03-05 at 9.54 am
Unlike bursty pants of joy, I only got hit from that site 15 times. I think everything else is legit. It’s been good to me so far, and I hope this 1.5 release makes it that much more efficient.
I’m somewhat confused from the above wording in the main post. Does resetting the tables reset the blacklist, too?
2005-03-05 at 11.02 am
Well, the new version is working, but it’s blocking everything. Here’s a snippet:
http://www.idowens.com/2005/02/24/firefox-update/ – Added as Blacklist entry (id: 39, looked for string: macmanx.com). – IP: 4.62.146.158 – Timestamp: 2005-03-04 17:59:49
http://www.idowens.com/2005/02/24/firefox-update/ – Blocked attempt (403). – IP: 4.62.146.158 – Timestamp: 2005-03-04 17:59:49
http://blogged.btvillarin.com/2005/03/02/received-ez-lap-part-1/ – Added as Blacklist entry (id: 38, looked for string: macmanx.com). – IP: 4.62.146.158 – Timestamp: 2005-03-04 17:59:04
http://blogged.btvillarin.com/2005/03/02/received-ez-lap-part-1/ – Blocked attempt (403). – IP: 4.62.146.158 – Timestamp: 2005-03-04 17:59:04
As you can see from the two sites, string: macmanx.com does exist. So far, every referrer today has been blocked for that reason.
2005-03-05 at 11.24 am
And highprofitclub.com is still all over my logs. 1091 requests and counting.
2005-03-05 at 11.28 am
Reverting back to v1.4 stopped the “everybody is blacklisted” problem. I’ll have to to add highprofitclub.com to the often-intimidating .htaccess file.
2005-03-05 at 11.34 am
i dont how he can but highprofitclub.com came over the htaccess its strange …:((
2005-03-05 at 11.58 am
Indeed, the last release had a bug in it (never modify your code at 4am). Fixed it and it seems ok now (at least not blocking everybody indiscriminately). Please anybody let me know if you notice a change in the way it handles unreachable URLs (as it should).
Anybody who’s downloaded 1.5r1, please upgrade to 1.5r2 now!
2005-03-05 at 1.32 pm
OK. My bad… there was a stupid error in the code. Please download this update (1.6) and everything should work (including block on ignored URLs). While I was at it, I also added a few extra logs (for example, if you choose to ignore unreachable URLs, it will now log a message).
Sorry for the mess…
PS: For some reason, it seems wannabrowser.com stopped working (no longer spoof referrers correctly), so if you wanna test your install, I recommend using the Firefox extension: Refspoof (thanks Firas for pointing this one out).
2005-03-05 at 1.54 pm
Not a problem at all. I’m just happy to have this available.
2005-03-05 at 2.01 pm
I agree, it wasn’t a problem at all. And thanks for being an excellent and responsive developer! I can’t wait to my first clean stats (they’re generated daily, so I’ll have to wait until Sunday at 3AM).
2005-03-05 at 2.04 pm
Wow, you’re up so late working on the plugin. That’s so awesome. Thanks for being so dedicated, man.
I didn’t get any good sites banned, thank goodness. I had highprofitclub in my .htaccess file, but I’ll remove it and see if RK 1.6 does the trick. w00t!
2005-03-05 at 2.17 pm
Actually, can’t take any credit for late hour coding this time… Seeing how it’s 2pm here…
On the other hand, yesterday’s spur-of-the-moment feature implementation happened way too late, and we all saw the result
But that made me realize I needed to fix time formatting in WP. Thanks!
2005-03-05 at 4.12 pm
thanks again for a kickass product Dr Dave. Quick question – how does this interact with the Spam-karma “try to filter trackback spam (experimental)” option? is this option needed? Will enabling it create any unwanted side effects?
thanks in advance!
2005-03-05 at 10.56 pm
i upgraded earlier today, and so far, so good. thanks again.
2005-03-06 at 1.31 am
It’s working great so far. It must have blocked doobu.com over 80 times last night.
2005-03-06 at 4.46 am
I’m still confused about resetting tables, if anyone can clarify for me. Thanks.
2005-03-06 at 10.09 am
Resetting the tables resets the log and the blacklist/whitelist.
2005-03-06 at 10.51 am
Oh. Any pros and cons?
2005-03-06 at 11.54 am
Well, you’ll loose all your whitelist and blacklist data. But the blacklist is repopulated quickly, and I start my whitelist off by searching Technorati and going through each site that already links to me. Not too big of a hassle.
2005-03-06 at 8.29 pm
I follow steps 1 and 2 of the install just fine, but on step 3 I get the following error on my 1.5 blog…
“check_referrer() error.”
It doesn’t give me anything else to go on, so I’m not sure what I’m doing wrong :\
2005-03-07 at 2.08 am
Cool, thanks for the ideas!
2005-03-07 at 2.21 am
Ray, it sounds like you skipped step 4. “If the setup is successful: edit the rk_settings.php file again and switch off setup mode by setting $can_configure to ‘false’. This step is essential and any attempt to use RK will fail if the variable is not set to false.”
Bryan, glad I could help.
2005-03-07 at 2.24 am
Well, it’s been 24 hours since I have v1.6 running. RK blacklisted doobu.com and blocked it 243 time, but doobu.com still made it through 73 times. I can live with that, it’s just interesting how it made it through.
2005-03-07 at 2.27 am
Forgot to mention that the really good news is that my comment spam have significantly dropped since installing RK. I’ve gone from 80+ per day to 3. It’s stopping the bad bots before they even get to my site.
2005-03-07 at 2.30 am
curious that doobu.com is getting through for you, macmanx. rk has caught 403 instances of it for me. no spam whatsoever has gotten through since i upgraded to 1.6. yay!
2005-03-07 at 2.44 am
It could be that my stats are just slow. I won’t make any final judgments until tomorrow. But, RK has really cut down on both my referrer and comment spam, so I’m keeping it. ^_-
2005-03-07 at 4.37 am
Ray, it sounds like you skipped step 4.
I haven’t got to step 4 yet. It throws the error on step 3 when I’m doing the checks.
2005-03-08 at 3.12 am
Hey Ray,
I just skimmed through the source of RK trying to find your problem. It seems that error will appear in these situations:
1. Could not connect to the DB, check your username and password in the settings.
2. Could not select the RK Database
Basically it is a DB error. Make sure you have the correct username, password and host in the rk_settings.php file for your database.
2005-03-08 at 6.14 pm
Well, RK worked GREAT for me the first couple of days–then it just “stopped” for some reason. Installed on 3/3/05, it “caught” a bunch of stuff from the usual suspects for the next two days, and I saw NO RefSpam coming through at all during that period. Then over the next two days it shows a handful of “whitelist” actions, that’s all.
And I’ve noticed that I’m being inundated with RefSpam once again, since that time (two days ago or so). It’s almost like the RefSpammers quickly figured out a way around it, and I’m getting nothing but RefSpam currently.
Any ideas would be appreciated (currently using the 1.6 version).
2005-03-08 at 7.30 pm
Could not connect to the DB, check your username and password in the settings.
Don’t I feel stupid. That was the problem. Thanks!
2005-03-09 at 8.17 am
PLEASE HELP! I mean, I am getting SWAMPED by all the usual suspects! All of a sudden from what I can see RK is doing NOTHING for me. I even deleted and reinstalled.
Why would it work for a couple of days then stop?
Any insights would be MOST appreciated!
2005-03-09 at 10.20 am
Hey B.P.
What do you mean you have seen some whitelisting actions? Did you do these? If not, are the whitelisting for the spam sites that have been spamming you? If so, go ahead and blacklist them again. The only time there should be whitelisting is if you did it. So far I have no clue as to what a user-removed ban looks like in logs because I have yet had to deal with one yet, but it may be that the spammers are removing themselves from your ban list? If so, you should go ahead and reverse those bans.
2005-03-09 at 11.30 pm
Nice plugin. Is there a way to show the logs without enabling the password?
2005-03-10 at 2.46 am
Just installed RK but can’t seem to find any menu options for it. Did I miss something?
2005-03-10 at 7.44 am
No, not “whitelisting” of the bad guys. I mean it just shows that some legitimate referrers were whitelisted. No “bouncing” of bad referrers, or blacklisting of bad referrers or anything. Then nothing at all. The bad guys are pummeling me.
2005-03-12 at 6.25 am
I am a little confused.
If a legit site shows on my logs as blacklisted, I just whitelist it?
And what are the ramifications if it does show up as blacklisted? Does that mean they get the forbidden page and think I have banned them?
2005-03-12 at 6.37 am
If a legit site is blacklisted, an innocent user will see a screen telling them that it has been, but he will be presented with a link to click to go to your site. This way, the referrer won’t appear in your logs, bad bots will be turned away (the screen is essentially a 403), and legitimate visitors will still be allowed to view your site. If the site in question is white-listed, then the visitor will never see the screen in question. So, the impact on legitimate visitors is nill-to-none, but check your logs at least once a day and make whitelist/blacklist corrections when appropriate.
2005-03-13 at 4.43 pm
Stopping Spammers
Spammers have become the bane of free speech and civil discourse on the Internet. They destroyed Usenet (not that the WWW wasn't going to anyway), have nearly brought email to its knees and are now out to demolish blogs (which are the natural repl…
2005-03-14 at 9.26 pm
Hi!
I installed 1.6 about a week ago, and it worked for a few days, but now it seems to not work at all! Accesses to the blog are not shown in the logs, and none of the poker sites seem to get blacklisted. I’ve tried resetting the tables, etc, but that hasn’t worked.
Does anyone have any ideas?
I’m using the Spam Karma integration, if that makes any difference.
Thanks!
2005-03-14 at 9.45 pm
how strange, my installation still works brilliantly.
2005-03-15 at 12.35 am
bursty pants of joy:
“how strange, my installation still works brilliantly.”
Well, bursty, that’s real fine for you. But ours doesn’t. Telling us that yours DOES, does not do one thing to solve the problem.
2005-03-15 at 3.00 am
perhaps rk dislikes your atrtitude. it’s not alone.
2005-03-17 at 8.07 pm
Hi guys,
I’ve dropped the ref_karma and ref_karma_logs tables (using PHPMyAdmin), recreated them by accessing the referrer-karma.php file (and it says they were created), but it’s still not working. After accessing the site a couple of times, I looked in PHPMA, and there were no entries in either of the tables. So obviously, something has gone wrong with the insertion into the tables.
I’m not seeing any errors, either.
Any suggestions?
Thanks!
2005-03-17 at 8.09 pm
How very weird… I refreshed the logs while posting the comment, and there were entries in the logs! It shows a whole lot of blocked attempts now. Yay!
My attempts to access the site (which go through successfully) don’t show up, though. Is that the expected result?
2005-03-18 at 11.03 am
Yes, if a connection is not blocked there will be no log record. Well, there will be a record saying that the site was allowed, but you will not see it on each and every link from the site, just the first time.
2005-03-18 at 12.42 pm
Any chance you could share the code you use to generate http://unknowngenius.com/blog/rklog/
2005-03-18 at 2.10 pm
Jason, that’s the log that Referrer Karma generates. Dr Dave has just altered it to display five days instead of three.
2005-03-18 at 2.34 pm
How do you get access to the log like that though? The only way I’ve found is to use the password encoded in the URL, which hardly seems like a secure way to do things
2005-03-18 at 2.55 pm
To those who are not getting any results: I highly suspect you missed something in the install… But definitely don’t have the time to guide anybody through that right now, sorry.
For the rest:
– RK doesn’t log anything for connections that are allowed through (except for the first whitelisting) as it would seriously put a overhead on your server. Writing logs to the DB is somewhat costly, better do it as little as possible.
– The number of days an entry is kept, can be changed in rk_settings… it’s at 5 right now, I think, but anything you like is ok (don’t be afraid to put a small number: as I said many times, it is not very costly for RK to build back that table and it insures that false positives do not stay too long, even if you do not remove them manually).
– To access your stats and whitelist, the password-in-url trick is indeed the recommended way. It is in no way secure, because there’s no real reason to make it secure. Basically, the only reason this section is not public is the ability to black/whitelist or reset the lists that could be used by spammers if it was fully open. As it is, I doubt it’d be worth anybody’s time to try to get hold of your password just to screw around with your lists (they do not actually *block* anybody from seeing your site, remember?). Just keep it discreet enough.
To publish my list without revealing my password, I used a trick Mark Jaquith came up with. Simply insert a similar line in your .htaccess file:
RewriteRule ^rklog/?$ /blog/wp-content/referrer-karma.php?ref-karma-setup=true&pwd=[your password]&show_logs=1 [QSA,L]Feel free to use it if you know what you are doing…
BTW, for those who are alpha-testing SK2, RK won’t talk to SK2, but disabling SK1 (while keeping the tables it built) should still keep it fairly efficient. I’ll upgrade RK to talk to SK2 sometimes next week…
2005-03-18 at 10.38 pm
How do I access the fancy log that Referrer Karma generates? I must be missing something.
2005-03-18 at 10.53 pm
JASON:
This seems to be an “undocumented feature.” All you have to do is go to the “RK Setup” URL the instruction to which are found in the rk_settings.php file where it states:
“If you set this value, you can access the setup screen at all time, using the URI: http://yourdomain.com/path_to_your_file/referrer-karma.php?ref-karma-setup=true&pwd=***your password***”
Then, you add the additional command: “&show_logs=1″ to the end of the URI.
Thus for my ‘blog, which is at http://www.polhemus.cc/blog, I enter the following URI:
http://www.polhemus.cc/blog/wp-content/ref-karma/referrer-karma.php?ref-karma-setup=true&pwd=mahler914&show_logs=1and I get the log that looks like what Dr. Dave has.
2005-03-18 at 11.02 pm
FWIW, according to the RK Log (and according to my DElyMyth statistics summary page as well), now RK seems to be working again.
Dr. Dave, I know you said “something must be wrong with the installation,” but I swear I have touched nothing! It seems to have worked for two or three days after the initial install, then “quit” working (i.e. I did not get any “refusal” log entries, only whitelisting–and some of the “bad guys” were able to get through).
Then a few days later it starts working again spontaneously. Since then I don’t think I’ve gotten ANY bad stuff.
However, I should point out that I explicitly excluded access to my site to four or five of the “known bad” URLs such as “adultactioncam.com” and “sexsearch.com.” These were the ones that consistently got through.
My RK Log file (accessed as shown in the previous comment) shows “good” stuff being whitelisted and “bad” stuff being refused. So all seems to be well.
2005-03-19 at 12.23 am
For those of you that want to test RK to see what happens when a bad referral comes to the site. There is a Firefox extension that I use to test things like RK. It’s called RefSpoof. It works great and is a great way to see if RK is working and doing it’s job.
If you have RK adjusting your .htaccess file, you may want to be careful. RK will ban your IP when you test it and you might get locked out of your site. If you have access to the .htaccess file, you can just remove the ban from the file, but be careful.
2005-03-19 at 2.08 am
Jason and B.P., you guys like doing things the hard way doing you? Whenever I want to view my logs, I got to http://yourdomain.com/path_to_your_file/referrer-karma.php?ref-karma-setup=true&pwd=***your password*** and click the fancy link that says “Show Logs”. It is undocumented, but it’s also right under your nose.
2005-03-19 at 11.40 am
“…you guys like doing things the hard way…”
Um, how is it the “hard way” just to include the “show logs” command in the URI?
2005-03-19 at 11.40 am
This talk of “logs” reminds me: Is there a similar logging facility for Spam Karma?
2005-03-19 at 11.46 am
“Um, how is it the “hard way” just to include the “show logs” command in the URI?”
No, just the fact that you mentioned that as the only way to do it. Most people would be delighted to know that there is an admin interface with a handy-dandy “Show Logs” link.
“Is there a similar logging facility for Spam Karma?”
Yes. Log in to your WP admin interface and go to Options/Spam Karma.
2005-03-21 at 12.15 pm
Wow, this is great. I just installed about 20 minutes ago, and it’s caught several already. I didn’t even know about this referrer spam until today when I checked out a new stat program my host put up and saw all of them.
Question, I put the code on at least 3 different files, in the logs is there any way to tell which file they were trying to access? Also, I am getting tons of hits for pages that don’t exist anymore, is there any way to deal with that?
Thanks so much!
2005-03-22 at 12.36 pm
All of a sudden, I have had nothing in my referrer logs for about three days.
Mer?
2005-03-22 at 2.15 pm
Dr Dave, cool programs. I am a newbie to php so WordPress has been a wonderful adventure. php.net and I have become good friends.
The one and only problem I have with RK is when I go to manage>referrer karma, it sends me to the wrong URL. It adds /wp-admin/. it should be /blog/wp-content/referrer-karma.php but instead it has it as /wp-admin/wp-content/…
Any idea how to fix that? I have the correct URL bookmarked so I use it instead but it would be nice to get all of it correct.
2005-03-22 at 2.47 pm
Rori, what do your RK logs say? Is RK blocking every referrer?
2005-03-22 at 5.24 pm
PaulaO, this is not Referral Karma, this is a separate WP plugin that you are using. I just go directly to the URL like you do. Read the other plugin’s info on fixing it. it should tell you.
Rori, Nohting in the logs doesn’t mean it’s not working. SPammers sometimes take a break (shock!) and I get no new records either. Unless you can prove otherwise that spammers are getting through, I wouldn’t assume it is not working.
2005-03-23 at 12.03 am
Thank you Dr Dave! I am sure it is plugins like yours that make them take a break!
2005-03-23 at 12.28 am
dr Dave, I don’t understand. What other plugin? It is Referer Karma that has the URL issue. screenshot is at http://paulaoffutt.com/blog/wp-images/rk_clip.jpg
Clicking on the Referer Karma tab sends me here:
http://paulaoffutt.com/blog/wp-admin/wp-content/referrer-karma.php?ref-karma-setup=true&pwd=****. The ‘problem’ is the /wp-admin/ shouldn’t be there.
I also have Spam Karma running and use the Gila theme. I have no other spam/referer plugin or program running.
2005-03-23 at 2.38 am
PaulaO, I am not Dr Dave, I am Eric. And that is a separate plugin for WordPress that is NOT referral Karma. it allows you to put Referral Karma stats on your page. It provides a link to setu pyour Referral Karma but it does not operate properly. I have it installed myself. Referral Karma is not a WordPress Plugin. you installed Referral Karma Stats by this dude: http://mattread.com/archives/2005/03/rk-stats/
As I said in my previous comment, you need to read the instructions on that page i just entered above in order to fix or understand why that link is not working.
2005-03-23 at 5.12 am
Oh, okay, now I get it. But why does it try to send me to the RK setup page? Never mind, don’t answer that. I have the feeling it is over my blond head. Obviously quite blond since I didn’t get your name right.
Thanks for the answer!
2005-03-23 at 10.38 am
Hi again, I think something might be wrong with mine? I have been getting tons of spam hits listed, which is great, but I also seem to get too many (I think) false positives. I noticed a big string of them right in a row from a legit site, so I decided to try to get the page myself, but clicking through on a site that wasn’t whitelisted yet, but should be. So I went to a forum I use, and clicked my homepage link. I got the click through page, but it kept refreshing like every second, I didn’t even have time to read it, I finally just clicked the link just to get it to stop. Then when I checked my logs immediately after, it is blacklisting the referrer and the ip, and showing up each time in the log for each time it refreshed. How do I fix this? How can people whitelist themselves if they can’t even read the page?
2005-03-23 at 10.43 am
And also, when I try it again, from the same link, which now shows blacklisted, it still does the same thing, and finally if I just let it keep refreshing it does eventually redirect to the site. Shouldn’t it not allow into the site, if the referrer is now on the blacklist, or am I misunderstanding?
2005-03-23 at 10.57 am
Hey Mindy, like MacManX indicated above, it’s probably best if you whitelist all the sites you know are good that link to you. Everytime I need to whitelist something in the logs, I also add it in the whitelist file so it doesn’t get blacklisted again by mistake.
I think the way it works is that it’ll give a 404, but redirect to your site anyways. By doing this, it doesn’t touch your referrer logs. Someone will correct me if I’m wrong.
2005-03-27 at 9.19 pm
Spam protection
Since i was getting a lot of comment spam recently, i had been running drDave’s excellent Spam Karma plug-in recently. Since a couple of days i have upgraded this to the upcoming version 2 (still under development), which does an even better job…
2005-03-28 at 1.09 am
simply blocking the referrer spam isn’t actually helping much – how about for every request that is blacklisted, return a 301 code redirecting them back to the site they are spamming?
And how about a perl script which will read the blacklisted referers and remove relevant lines from an Apache log?
2005-03-28 at 3.02 am
The problem comes in for REAL incomming links that the script has problems identifying. For example, you leave a comment on someone’s blog and they read it in their WordPress dashboard. RK can not connect to this URL because it needs to login to the WP admin, which it obviously can not do on random sites. The user would then be returned back to their WP admin panel for no reason. I also have some oddball search engines comming to my site and they get blocked. Many things can happen that a real person comes to your site with and accidently get blocked. Thats why the refresh to the site to remove the referrer happens.
Maybe we can add a “known” list that will redirect them, but most of them do not follow redirect rules. They use special agents whos sole purpose is to request a URL with a certain referrer and thats it. Following 301 is not a requirement or maybe even useful for them. Of course, I can be wrong, I do not use these programs, but following 301 would be kinda dumb for them to do.
As for removing the entries from the log file, my stats program does not count 403 hits as a real hit from a user and so this doesn’t bother me. But you could easily use a perl script and a regex to accomplish this. Heck, even cat and grep on the command line should do it.
2005-03-28 at 3.25 am
Eric, that’s what whitelist.txt is for. Just add /wp-admin/ to it.
2005-03-28 at 8.44 am
It was an example. I have already added it to my whitelist. But you can’t think of every possible situation that something like this can happen. Also, you will never know unless you check your logs very often. You can pretty easily alter what RK does and enact this feature on your own.
2005-03-28 at 11.20 pm
How do I block sites that referrer karma doesn’t? So far a site has referred traffic to my site and it’s all spam, however RK didn’t notice. It says “Can’t reach referrer URL: Ignoring.” Can I make a blacklist.txt? Or ban IPs? Or maybe I just need to wait a few days and see if it work’s itself out?
2005-04-02 at 5.13 am
Goto the Show White/Blacklist page and click on “Switch to blacklist.” Also, What Referral Karma does when it can not request the referring page can be customized in its settings. I believe you have it set to not ban them. Change it to ban and the problem should go away.
2005-04-02 at 6.01 am
Karma Dashboard Plugin
Last week, I installed Referer Karma because I was sick of stupid referer spam. On thing that I wasn’t the biggest fan of was the lack of real integration into Wordpress. I understand why; it was meant to be usable to more than us Wordpress-ers. …
2005-04-02 at 6.20 am
Eric…. they don’t show in the whitelist/black list because they were ignored. I then go into my database and physically add them. However, your comment on ban/no bad will be looked into. Thanks
2005-04-03 at 7.10 am
I have $ban_unreachable_urls = true; and they are not getting banned.
Help please. I just installed RK the other day so I’ve got the newest release.
2005-04-11 at 12.30 am
fixed. don’t use it with referrer bouncer.
2005-04-14 at 1.41 pm
Well, I was on vacation…
For the past couple of weeks I’ve been spending much time away from news sources, computers, and the usual suspects, and actually trying to get out of the house once in a while and see actual human beings in person. So I haven’t written to…
2005-04-14 at 1.43 pm
this design is beautiful dave. keep up the good work.
2005-04-16 at 12.26 am
Is there any way to get RK to check to referrer page for strings other than my host before banning the referrer? My site’s address is http://www.randall100.f2s.com, but http://www.underblog.co.uk also points there, and pages with an underblog.co.uk link are banned at the moment. Also, I’m finding random blogs on a webring I’m on get banned too. I’m assuming that it’s something to do with this code:
if (strpos($content, $this_server) !== FALSE){
mysql_query("INSERT INTO `ref_karma` SET `key` = 'white', `value` = '" . mysql_escape_string($ref_server_short) . "', `last_mod` = NOW()") or error_msg("Cannot insert whitelist entry.", false, true);
mysql_query("INSERT INTO `ref_karma_logs` SET `ip` = '". mysql_escape_string($_SERVER['REMOTE_ADDR']) . "', `ref` = '". mysql_escape_string($_SERVER['HTTP_REFERER']) . "', `msg` = 'Added as Whitelist entry (id: ". mysql_insert_id() . ", URL contained: $this_server).', `msg_type` = 'white', `ts` = NOW()");
return true;
}
But I’m a bit rubbish at this sort of thing and whenever I try to tweak it I end up causing errors or making my sight unreachable. Can anyone help?
2005-04-21 at 1.47 am
In order to get it to check for multiple domains it would have to look something like this:
if ((strpos($content, $this_server) !== FALSE)) || (strpos($content, "other domain") !== FALSE))
Note: I am not a PHP Programmer. The above is a guess.
It shouldn’t be too hard to add this ability in the future though.
As for the webring, I am assuming it is because they dont actually have a link on your page, just the webring code. Getting around that would be extremely hard I believe. Maybe dr Dave can add a “whitelist” for words on the page. you could enter in some text that should appear on the site (like a portion of the webring code) if not your domain name.
2005-05-17 at 12.19 am
Hi
I am having a problem with a certain legitimate URL which hangs my ref-karma. I will take a look at the code myself but using Curl on your site I also get an error:-
$ curl -e “http://www.skipressworld.com/us/en/daily_news/2004/07/pistehorscom_r
eleases_200304_backcountry_fatality_report.html?cat=Adventure” http://unknownge
nius.com/blog/wordpress/ref-karma/
curl: (52) Empty reply from server
any ideas?
2005-05-17 at 12.58 am
It seems your Referrer Karma isn’t compatible with Spam Karma v2.0 beta.
I was getting errors about not being able to find the .blacklist table (because it’s .sk2_blacklist in v2.0). I changed those but it seems the table layouts have changed a bit v2.0 of Spam Karma.
Just thought you’d like to know.
2005-05-17 at 1.21 am
Ok I think I’ve understood the issue in comment 125. The problem lies with ref-karma’s handling of IFramces and Scripts. It has to parse these itself as they put together at the client end and they may contain the referring URL.
The URL I gave sends ref-karma into a loop, it is basically a “spider trap”, processing megabytes of data. I think the recusion level probably wants to be lower. Interested in comments.
2005-05-17 at 9.46 am
Rodney: Yes, sorry if I didn’t make that clear enough. At the moment RK’s “SK features” are only compatible with SK1. Note that it will work perfectly fine without, if you do not enable the extra feature. It will also work fine for all previous users of SK, even after they uninstall SK.
I will work on a new version with SK2 compatibility, as soon as I have a sec, next month.
David: Indeed, that sounds like a possible issue. There was a major bug in the code there. Are you running the latest version of RK?
If so, I’ll look into fixing the code, it is currently checking for infinite loops, but I guess I could lower the limit (it’s at 8 levels right now).
2005-05-17 at 7.15 pm
Hi Dr Dave,
I’m using the version I updated yesterday. I’ve made a few changes which you can find in this file:
http://www.abcseo.com/papers/referrer-karma.zip
I copied the get_content function and changed it to check_content. This exits true the second it finds a referrer document with the site url otherwise it exits false. Perhaps more controversially I also reduced the referrer document size to check. This seems to work for me but let me know if I missed something. I’m currently testing on one of my sites.
I really appreciate your efforts in the fight against spam.
2005-05-24 at 1.11 am
Dave: Got a minor issue in using one install to cover multiple WP installs on the same domain: Using the include_once() at the top of the file makes WP think that the RK database is the WP database, which isn’t true in this case. Any idea how to get RK to release its db connection so that WP can then subsequently connect to a different db?
2005-06-14 at 9.54 am
WordPress Plugin Request: referrer to trackback
I am not sure if this is possible at all – but would it not be nice to have a (spam safe) way of converting incoming referrer-URLs to trackbacks/pingbacks? So you know when a blog post has been linked to on del.icio.us or so.
Make it talk to SpamKarma…
2005-06-16 at 5.49 pm
I’ve just set up RK, and while I don’t expect immediate logs, the “show white/black list” link doesn’t work; I get a blank page with just the grey RK header. Ideas?
I’m using WP and placed the files in http://www.site.com/wordpress/wp-content/ as recommended.
2005-06-16 at 6.10 pm
AH nevermind, I didn’t realize the white list was dynamic..its kicking in now. This is SWEET.
2005-06-16 at 7.13 pm
Could you please let us know on an update so SK2 will work with RK? I would really like this compatibility, but using SK1 doesn’t seem to be the smart thing to do.
2005-06-19 at 11.10 am
Ok, I have installed SK2, works very well. Great plugin. Now I have just completed installing the RK plugin but I get the following error
Can’t select from Spam Karma blacklist
SQL Error: Table ‘xxxx_wordpress.blacklist’ doesn’t exist
what went wrong?
2005-06-20 at 3.08 am
Tash: your error has to do with the comment just above yours.
Everyone else who asked: an SK2-compatible (and possibly slightly improved) version of RK will be out shortly (say, a week).
Cheers
2005-06-20 at 11.56 pm
Thanks for the info Dave, I look forward to the RK2 update.
RK has been running for nearly a week, and is doing a pretty good job..but what I notice is, when a new domain refers, lots of entries will make it to my logs before RK “kicks in”. For example, my logs show 194 hits today from “brisbeck.com”, and RK’s w/b list shows 164 attempts. Is this normal?
2005-06-21 at 3.03 pm
I suggest having a confirm on the ‘reset tables’ button. I clicked it by mistake today.
2005-06-29 at 9.51 pm
[...] [...]
2005-06-30 at 4.48 pm
there seems to be a problem with SK and phpBB forum script. when trying to login to phpBB’s admin panel, the redirection doesn’t seem to work right. phpBB requires 2 authentication validation to get into the Admin panel. first, the user needs to login to his account and if he/she is an admin, a link to “administration panel” would be available. with SK enabled, the link doesn’t work. :/
please advise,
2005-06-30 at 4.56 pm
Apologies for that empty trackback above (pre-posting about Referrer Karma as I’m about to go on holiday).
I do have a question, and it might be that I don’t quite understand how this works.
I’m still seeing referrer spam in my stats (Extreme tracking). Now for the referrer spam to show up there my index.php will have had to be loaded. That suggests to me that Referrer Karma is missing those referrer spam and allowing them through to my site. Correct? If it was working they’d get a 403 and never get through to my site to load my stats script (and generate the refer).
Without the referrer in question showing up in the referrer karma logs how can I ensure it’s blacklisted?? Or does this mean that that particular spammer has figured a way around your code???
2005-07-10 at 9.44 pm
[...] Dr Dave’s Referrer Karma is about the most useful anti-referrer spam tool I have seen so far. No more fiddling with .htaccess, no more redirecting spammers to their own pages. This simple php script keeps blacklists and whitelists, bans spammers when they are hitting your page too often, it also checks the reffererring URL for some indication of your site’s URL or even if it exists. For me it has reduced the referrer Spam I am getting to almost nothing at all – down from up to hundreds per day. [...]
2005-07-13 at 1.07 am
[...] Referer Karma. [...]
2005-07-14 at 8.37 pm
[...] After a commenter alerted me to an infinte loop created by Referrer Karma I have now disabled it. As 90% of the bad referring links lead to pages that don’t exist anyway and my spam comments seem to be handled fine (in fact I’ve had hardly any on this domain since it’s launch), it just isn’t necessary to have running at this time. [...]
2005-07-18 at 2.21 am
[...] I am now whooping and dancing around with glee everytime i see another bad referrer hit the Referrer Kama log, it’s really made my day. Now we just have to sit and wait for the next line of blog spammer attacks, most probably trackback spam and RSS Spam (which is already starting to hit Technorati results) The following posts may be relevant to this one: | Referrers | [...]
2005-07-20 at 9.45 pm
Is it just me, or are there referrers who’ve figured out how to game the “false” return—essentially, creating a “can’t reach referrer URL: ignoring” condition—and getting their attempts through that way? I’m seeing this from webalias.com amongst others.
I guess I could always flip the bit and deny people who get through with a false response…
2005-07-23 at 11.44 pm
Referrer Karma seems to be working
Referrer Karma is a little “plugin” for blogs of many flavors. The design is simple, usage requires including a file at the top of your main index page or any other page designed to take comments and adding the check_referrer() function to…
2005-07-28 at 2.39 am
[...] Sorry. Bloody vikings. At any rate, I have two completely invaluable tools to thank for this happy state of affairs: Spam Karma 2.0 and , both created by Dr. Dave. If you use Wordpress, absolutely MUST install these two utilities at your earliest convenience – this means you, Tommy. When I first installed it, I used to get near daily e-mails telling me what spammers had attempted to post on my site. It caught them, and saved them for me to peruse at my leisure, so I could decide whether to keep them or dump them. [...]
2005-07-29 at 1.05 am
[...] And, if you’re running any PHP website (including WordPress), run – don’t walk – and install Spam Karma’s cousin: Referrer Karma. It works on any PHP-based website, and can share the blacklist with Spam Karma 2 for a nice integrated spamroach killing machine. [...]
2005-07-31 at 3.55 pm
Upon installation, I get this message:
–
Please edit the ‘referrer-karma.php’ file on your server and change the value of $can_configure to ‘false’ before you use the check_referrer() function.
–
This is not the file to edit. You have to edit the rk_settings.php file to change the value.
2005-08-08 at 1.00 am
Dr. Dave,
I would like to add a live rk log to my site. Is there an easy way to do this?
Thanks.
2005-08-11 at 5.11 pm
Geof: I don’t think these spammers intentionally have their site unreachable to foil RK. However, there is a setting in RK that allows you to tell it to consider unreachable site as spam (as there is little way an unreachable site would send you a referrer).
MadMan: indeed, this has been corrected in the newer release. Thanks.
MeeCiteeWurkor: please, read comment 89, above.
Cheers everybody.
2005-08-15 at 1.25 pm
Dave: Good deal.
I cringe at adding to your workload, but … there’s really no way to know, other than checking this page from time to time, that RK has been updated. Is there any hope, in a future version, of a check-back-to-home-base function that’ll alert the user that there’s a new version of RK to be rolled out?
2005-08-15 at 11.39 pm
Is anyone seeing this strange behaviour I’m seeing. I have SK2 and RefKarma both set up with RK using the SK2 blacklist. This is working great but for some reason in my logs it’s being reported wrongly.
I’m getting messages like “Already whitelisted by SK2 (blacklist id: 21).” for spam sites when that is actually blacklisted in SK2. I don’t actually think it makes a difference because it’s not letting comments from those sites through but it’s weird all the same.
2005-08-16 at 12.50 am
Geoff: indeed, this could be a useful feature… Though RK is meant to be as lightweight as possible, and this wouldn’t really help on that stand. But when I get a sec, I’ll try to take care of something. In the meantime, RK isn’t a very intensive project, so hopefully updates should be few and between. Check a few weeks after each major release (like 2.0) and you should be fine.
Dave: I noticed that bug too before and didn’t have time to fix it. Finally did. Just download the newer version (2.2) and it should be fine now… Thanks for reporting….
Cheers everybody
2005-08-16 at 4.34 am
Thanks dr. Dave! That was incredibly quick!
2005-08-19 at 9.20 am
A note about upgrading:
When you install a new version of WordPress, if you replace your index.php file, you’ll have to re-insert the lines to include ref-karma and call the check_referer function.
Suggesion:
This could be fixed by making ref-karma into an actual plugin. Add the WordPress plugin comments at the top of the file, and then put this somewhere:
add_action(‘plugins_loaded’, ‘check_referer’);
2005-08-23 at 3.01 pm
Just installed RK. Looks good! It seems to have already trapped two spamming sites within 2 minutes of installing it.
Great work!! Thanks Dr. Dave!!
2005-08-25 at 10.47 am
[...] Phew… fingers crossed a combination of bad behaviour and referrer karma has taken the meat out if the extra 10-15k page views incsub was getting every day and bandwidth looks like it’s back to normal. [...]
2005-08-27 at 3.49 am
I just checked my refer logs and your plugin works excellently. Can’t get the separate stats plugin running, but I’m not worried about that. Referrer Karma is pretty damn bad-ass, buddy. Thanks.
2005-08-27 at 3.08 pm
[...] Returning to my original plugin request above, while I found mostly negativity in the WP forum (excluding this comment), I also posted to the HostDime.com forum. There a terrifically helpful member, Dawzz, did some research on my behalf and replied: Hi Richard,I ran across Referrer Karma and it seems that it is what you need. You can look at refferers at anytime and decide if you want to block them or not take a look and if it isn’t what you need let me know or if you need any help, I am pretty decent with’hacking’ together php scripts. I sitll intend to do a test install and figure out what is going on with the code I had posted but I thought you might want to take a look at this. [...]
2005-08-29 at 10.38 am
[...] After several hours, I was able to access the server and I found a way to block trackback spam – Referrer-Karma. It wasn’t how I wanted to spend my evening but I refuse to let someone take over this space for their spam. At this point, I’m not sure it is working, but it is worth a try. [...]
2005-09-06 at 9.52 pm
I just installed Ref Karma, but I don’t think it’s working. I tried entering the site from several links, but nothing shows up in the logs. Then I tried accessing via Wanna Browser with random referrers, and nothing. I followed the instructions. The configure option in settings is set to false. The admin screen indicates that everything is there and in order. I also included the tag at the top of every page. I’ve double checked, etc. Could this be a permissions thing or related to the database?
2005-09-06 at 9.59 pm
This is a quick follow up. When I set the config value to “true” I can access the config screen (but the log and whitelists just show up blank).
When I use the password option, I arrive at a blank white screen.
I will try using Explorer. Currently, I’m using Firefox.
2005-09-07 at 3.09 pm
Here’s how I solved my installation problem. The most important thing is that I had to add the required line to the top of my index.php using Notepad NOT Wordpad. For some reason, Wordpad didn’t like the change I was making and kept automatically removing the line that I added. I tried several different ways of adding the line, thinking I’d get it right, but eventually I used Notepad instead and fixed the problem.
There are a couple other minor things:
- I realized I was editing my template files, not the index.php (that was a dumb mistake)
- For some reason, I was having trouble reaching the Admin screen with the provided link. When I removed the asteriks around the password, then I was able to get to my admin screen with no trouble. I’m not recommending this unless you have a similar problem though.
2005-09-19 at 9.28 pm
[...] Last week I installed Referrer Karma (2.3b). The design philosophy is: [...]
2005-09-27 at 1.48 am
I’m having a problem using referrer-karma.php?rk_redirect_to=&rk_ban_this_ip=1
It says that it could not select from the Spam Karma blacklist. I take it that this is because I do not use Spam Karma. Is Spam Karma required to use this feature?
2005-09-27 at 2.24 am
[...] Get Referrer Karma and Spam Karma. Install both of them in your /wp-content/plugins/ directory, and follow the instructions. [...]
2005-09-28 at 11.29 pm
I’m confused. I don’t see a blacklist file. If you don’t share the SK blacklist file, where *is* there a blacklist file?
Thanks?
2005-09-29 at 1.44 am
Lucia,
The whitelist and blacklist are all in the `ref_karma` table. The `key` column is either set to ‘white’ or ‘black’, depending on what kind of entry it is.
2005-09-29 at 2.16 am
Thanks, but where or how do I find or access that table?
I installed ref_karma in wp-contents as suggested. Would I be able to see this if I installed it in “wp-contents//plugins”?
2005-09-29 at 5.04 am
Lucia,
If you set a secret password in the referrer-karma.php file, you can view logs and reset the tables by firing up a url like this in your favorite web browser:
http://your-site.com/wp-content/ref-karma/referrer-karma.php?ref-karma-setup=true&pwd=your_secret_password
If you prefer, you can also run this query against your wordpress database in phpMyAdmin if you have access to it:
SELECT *
FROM `ref_karma`
2005-09-29 at 5.05 am
Whoops, the narrow column made that really hard to read. The URI is:
/path/to/referrer-karma.php?ref-karma-setup=true&pwd=your_secret_password
2005-09-30 at 11.24 pm
[...] Pour ceux qui suivent Le Blogueur, nous avons commencez sous Movable Type pendant près d’un an et demi, suite a des problèmes d’hébergement, nous avons transfèrer sous B2Evolution. Sous B2, nous avions une page de stats qui donnait les 10 derniers référants et les 10 top référants, ce qui a amener le referrer spams. Étant fatiguer de bannir les sites a tous les jours, j’ai décider de changé pour Wordpress et d’installé le plugins Referrer Karma. [...]
2005-10-02 at 2.39 pm
[...] This should be the first thing you do to prevent spam. I have found two very effective plugins which do the job very well. One is Bad Behavior and the other is Referrer Karma. I am currently using Bad Behavior on my blog. Optionally, you can add my Bad Behavior Stats Plugin to display the number of blocked attempts on your blog. [...]
2005-10-05 at 11.03 pm
How Did I Survive Before?
I’ve been using the Spam Karma 2 plugin for WordPress to battle comment and trackback spam. Before deploying Spam Karma 2, I’d awake every morning to roughly 100 comment and trackback spams.
Since I’ve been using Spam Karma 2, I ha…
2005-10-07 at 5.13 am
[...] And finally, I have installed Dr. Dave’s plugin Referrer Karma. I know, I know, I said I didn’t have any comment plugins, but I don’t. Referrer Karma is a referrer spam plugin which just happens to work like my .htaccess file (but much more elegantly) to block the bad guys at the gates. [...]
2005-10-20 at 7.50 am
[...] Got sick of referrer spam – I’m getting over 1000 referrer spam hits per day, which screws up stats pretty bad. So I’m trying Referrer Karma. Hopefully this thing will work well. I’m worried about false positives, too lazy to think of a good way to test. If you see strangeness, let me know. [...]
2005-10-25 at 10.29 am
[...] Posted on Monday 24 October 2005 so i’m checking out a new plugin for wordpress- Dr. Dave Referrer Karma. It may cause a little damage. so if you happen to hear (or see) that my URL is getting you redirected to a 403 error page, please let me know (my email is found in the “about page.” I realize this is semi-recursive request (let me know if you can’t get to my site from a site), but the amount of spam i’ve been getting is bizarre, given that I’m not exactly Instapundit, and I’m sick of deleting it. so, there ya have it. I’m working on the whitelist for referring sites I’m currently linked to. [...]
2005-10-30 at 7.39 am
In response to comment #140, I think I have found a working solution for getting Referrer Karma to play nice with phpBB. Check it out if you are using the phpBB add-on for viewing referrers, or inclose the Referrer Karma code in something like this:
if ($_SERVER['HTTP_REFERER'] && !eregi($_SERVER['HTTP_HOST'] . $board_config['script_path'], $_SERVER['HTTP_REFERER'])){
REFERRER KARMA HERE
}
That will prevent phpBB from calling referrer karma if a referrer is not set or if the referrer happens to be another page on the same domain, effectively allowing the login redirects to work.
2005-11-17 at 7.14 am
Okay, I keep getting “message_die() was called multiple times” errors from phpBB when certain pages refer hits to the board (I don’t know why only some pages do this and not others).
I have temporarily disabled Ref. Karma on my phpBB board until someone with my skill than I takes a look at this.
2005-11-17 at 6.13 pm
KillSpy is the only anti-spyware solution you need – it combines all important features in one program:
Spyware scan and removal – detects and removes spyware, Trojan horses and other malicious programs installed on your PC.Real-Time Shield – provides online protection from various harmful scripts and programs while you browse the Internet.Secure Disc – allows you to create highly secure virtual discs to store your most important and confidential data. http://Killspy.me.ly
2005-12-06 at 12.04 pm
[...] Sad to say, but it had to happen. Referrer spam picked back up and I had to re-install referrer karma. [...]
2005-12-07 at 12.46 am
Help! Referrer Karma is no longer blocking all spam.
I’ve had Referrer Karma installed for some time (since Oct 20th, from my comment above). It was working great initially, blocking just about everything.
Since a few weeks ago it’s become much less effective. It’s still working (today, for example, it’s already blocked many hundreds of referrers) but it’s also letting a good amount of stuff leak thru – about 600 since the beginning of the month. Here are three that consistently get in even tho they’re spam:
2) 170 http://buy-phentermine-online.freewebtools.com.removethis/
3) 163 http://h1.ripway.com/buy-phentermine–online.removethis/
4) 160 http://buy-phentermine–online.servik.com.removethis/
Get rid of the .removethis for the actual site name – I don’t want any chance of these bastards getting pagerank sent their way. The second number is the number of times this url made it through.
I’ve reset the database, same issue shows up. Are there Referrer Karma logs I can look at? Any ideas what might be going on?
Also, how do you feel about indicating the Referrer Karma version somewhere obvious on the install, say at the bottom of the admin and log web pages, as well as as part of the package name? I wanted to know if I have the latest version, but the zip file name doesn’t have a version number on it, and the referrer-karma.php page says “Referrer Karma 2.4b”, which is different from Current Version listed above…
2005-12-07 at 12.50 am
To followup on my own comment, here’s more strangeness: looking at the Referrer Karma log, I see the sites listed above as blocked, and I even see some blocked attempts, but somehow other attempts from the same site are getting thru.
2005-12-07 at 6.06 am
And to followup on my comment again, nevermind, I was mis-reading the log. These are actually logged as 403’s, I just have to setup my stats software to ignore 403s.
So to summarize, nothing wrong with Referrer Karma, my mistake.
2005-12-13 at 5.20 am
[...] Just a quick post to say a public thank you to the unknown genius who came up with the greatest WordPress plugins I have ever used. I am talking about Spam Karma and Refer Karma. [...]
2005-12-13 at 3.49 pm
[...] 2. Along with comment spammers, I have also noticed an increase in referrer spammers. It is not noticable on the site, but it does mess up my monthly stats, and we can’t have that now can we? Tonite I installed Referrer Karma in hopes that it will deter this in the future. This is the change that you cannot see, but I just wanted to brag a little bit. [...]
2005-12-16 at 4.58 pm
[...] So if anyone, besides Rachael, read the techincal part of my last post, you know that I am trying to reduce the amount of referrer traffic, etc. to my site. Well, it looks like Referrer Karma works! I was about to goto bed tonight, when I checked my wp-shortstat page. Low and behold, the number of unknown referrers was way down! [...]
2005-12-22 at 6.42 pm
[...] Referrer Karma. Referrer Karma catches referrer spam before it happens. See the site for all the rules and whatnot. This thing catches hundreds to thousands of referrer spams (mostly from porn, casino, and e-commerce sites) that try to hit ThinkBlog and slaps them in the face with a 403 (Forbidden) error message. This is useful for admins, even if you don’t have a referrer system on your site’s frontend, because the logs aren’t full of thousands of nonsense referrals. [...]
2005-12-26 at 2.23 am
I just had to stop by and say thank you! Referrer Karma is a webmaster’s dream, especially if it’s a popular website that attracts a lot of referrer spammers.
So far, in less than a month, it has already blocked nearly 20,000 spam attempts and I haven’t noticed any adverse affects on the speed/functionality of my website
.
Truly a work of art.
2005-12-27 at 1.34 am
[...] プラグインは Dr. Dave のReferrer Karma や Referrer Bouncer などが導入しやすいし,メンテナンスも楽だと思う。特に前者の Referrer Karma はリファラスパムが出してくるリファラの閾値を指定するだけで自動的に Black List に載せてリファラスパムを弾いてくれる。特定のリファラを持ったアクセスだけを例外として認める場合は White List に載せればOK。使い勝手がとてもいいと思う。WP 2.0 RC3 でも問題なく動くし。 [...]
2005-12-29 at 6.11 am
[...] Referrer Karma [...]
2005-12-29 at 8.19 pm
Sorry, code was filtered. Will use square brackets instead of angled:
On line 26 of referer-karma.php, is [http] supposed to be [html]?
2006-01-04 at 11.23 pm
[...] Dr Dave, the guy who gave us Spam Karma 2, has gone one step further and produced Referrer Karma, a PHP script which sends dubious referrers to a 403 error page. While SK2 blocks comments, you still get get spam referrers in your WordPress logs. RK takes care of them. I installed it a few hours ago and am already seeing cleaner reports of ShortStat, Mint, and StatTraq. Get it here. [...]
2006-01-13 at 10.26 pm
[...] So I was looking into versions and stuff for my blog upgrade and the guy who remade the rubric theme to work with WP1.5 has a little thingy at the bottom of his page that says how many referrer spams have been blocked by Referrer Karma. It turns out that it’s by the same guy as Spam Karma and integrates with it. Thats great. Spam Karma solved my spam problem, but I still get thousands of porn web sites claiming to link to me, when they actually don’t, they’re just referrer spamming, which ruins my stats because I like looking at who links to me and where most of my traffic comes from. I think maybe 2 or 3 of my top 20 referrers are legitimate, the rest seem to be Italian hosted porn sites and drug sites. So anyway, I’ll be adding this in too as soon as I get WP2, Spam Karma 2 and rubric installed. [...]
2006-01-22 at 4.01 am
[...] So, I settled on and installed Referrer Karma. After the painless installation (it’s not anywhere near one-click, you do have be careful and edit a file), I tested it by using one of the baddie referrers and tricking my Firefox browser to spoof the referrer, and … success! It blocked my access. Then I went to couple of my buddy-bloggers who link to me and tried to click-through and enjoyed more success. Checking the RK logfiles showed what happened: the bad referrers were added to a blacklist, and the good ones added to a whitelist. [...]
2006-01-26 at 7.47 am
Is RK not effective when used in conjunction with wp-cache? It seems that after clearing my cache, RK catches some new referrer spam, but once a page is cached I’m guessing RK doesn’t get called when the cached file is delivered. Is this true?
Because I’m seeing a bunch of previously blocked referrers getting through again, and this seems to be the only way they are logically bypassing RK–through my cache.
I may have to simply live with modifying htaccess files if this is the case. :: sigh :: Please let me know.
Regards,
Rich
BlogRodent
2006-01-30 at 9.30 pm
Tatum:
RK will only be effective if correctly called. I have no idea how exactly wp-cache works, but if, as one may suspect, it presents a static HTML file to visitors instead of the dynamic PHP page containing the call to RK, then obviously RK will never be triggered.
You should ensure the call to RK comes first before anything on whichever page is your main index page.
Cheers
2006-02-09 at 9.51 pm
[...] So. Enter Referrer Karma. Problem gone and I got to watch my log file fill up with all those little bastards. [...]
2006-02-18 at 10.29 pm
Hi,
I’m unable to complete step three:
Browse to referrer-karma.php?ref-karma-setup=true (after prefixing the correct path to the file on your server, of course). And make sure all the checks are successful.
I complete steps one and two, but if you to
http://www.atennisblog.com/wp-content/referrer-karma.php
you will see that nothing comes up on this page.
Any help?
Thanks!!!
2006-02-19 at 5.17 pm
About the previous message–I figured that out. But when I go to:
http://www.atennisblog.com/wp-content/referrer-karma.php?ref-karma-setup=true
I get this error:
Warning: mysql_connect(): Access denied for user ‘guchuj05_wrdp1′@’localhost’ (using password: YES) in /home/guchuj05/public_html/wp-content/referrer-karma.php on line 635
check_referrer() error.
I checked and my username is correct, as well as the database. Is there something wrong on line 635?
2006-04-29 at 8.15 pm
Referrer Karma is working perfectly on my site, but I don’t know how to see the statistics. Browsing referrer-karma.php only gives me a white page… am I doing something wrong?
2006-05-15 at 12.19 am
I’m really confused. You claim to be against referral spam but that’s precisely how I find this – through a link from http://www.dummies-guide-to-dmoz.org/wordpress/2006/05/14/tulip-chain/ which then points here.
Dodgy as anything.
2006-05-29 at 3.42 am
Keep getting the following error:
Please edit referrer-karma.php and change $can_configure to ‘false’
Everything else on the page is blank, and I only see this line.
BTW – I have changed the config file to false, so I’m not sure why I am getting this error.
2006-06-21 at 9.57 pm
Hi,
I saw this and immediately an orchestra of angels singing hallelujah flooded my head. This could be the answer to my prayers. But… I’m kind of an idiot.
I am not a programmer. I inherited responsibility of a website when the webmaster suddenly passed away. Two days later we were flooded with comment spam. I’ve been trying to find a solution ever since. The code is created from scratch (not MT or WP). It’s mostly PHP.
So, I installed RK and configured it correctly (it said). Switched the settings value to false. And it seems the only users I have blacklisted are me. I have the PHP code given to me on the top of the index.php file as well as comments.php. Somewhere, somehow I’ve done something wrong (see the part about me being an idiot). I have this lovely log in my SLQ database, but I suspect I have the code in the wrong place.
Any clues? Does the blacklist feed from the htaccess file or vice versa?
2006-06-28 at 10.45 pm
[...] Dr Dave Referrer Karma Referrer Karma is a rather simple script that prevents malicious bots from … Ensure that $can_configure is set to true (it sets Referrer Karma into … [...]
2006-07-03 at 10.29 am
Hello,
I am using phpBB forums which I want to protect with your great tool. I am not quite sure where or to what file I have to put the “require once …code” what file would be the best to insert and where. The index.php??
Thx in Advance
2006-07-06 at 1.39 am
Does RK provide a way to “alias” (for lack of a better term) domains?
I have a number of pages and images on my sites that were formerly on other sites. Old links are handled via 301 redirects on the original sites. The problem this is that hits from pages that still contain the old URLs will be caught by RK due to the current domain not being found on the referring page. I’d like to be able to tell RK that referring pages that don’t contain links to the current domain, but do have a link to these other domains, are ok and should be allowed. Basically “aliasing” other domains to the current one.
I’ve added all domains I control to my whitelist, but most of these problem links are on sites that I don’t control.
Thanks, and keep up the good work.
2006-07-10 at 1.54 pm
[...] I have been using Referrer Karma for this previously and it has proven quite useful. I’m going to try Bad Behaviour for a time now and see which of the two I prefer. One point in Bad Behaviour’s favour is that it has an admin page accessible from within WordPress. With Referrer Karma you need to do your administration seperately. [...]
2006-07-24 at 9.03 pm
[...] Finally, I use plugins called Referrer Karma and Bad Behaviour which help significantly by stopping bots from accessing your site to leave comment spam. [...]
2006-08-05 at 6.55 pm
[...] This should be the first thing you do to prevent spam. I have found two very effective plugins which do the job very well. One is Bad Behavior and the other is Referrer Karma. I am currently using Bad Behavior on my blog. Optionally, you can add my Bad Behavior Stats Plugin to display the number of blocked attempts on your blog. [...]
2006-08-05 at 7.05 pm
[...] This should be the first thing you do to prevent spam. I have found two very effective plugins which do the job very well. One is Bad Behavior and the other is Referrer Karma. I am currently using Bad Behavior on my blog. Optionally, you can add my Bad Behavior Stats Plugin to display the number of blocked attempts on your blog. [...]
2006-08-31 at 3.27 am
Followed instructions, didn’t work.
WordPress 2.0.3
2006-11-11 at 3.23 am
[...] filed under : computer | created around lunchtime – it was 1:29 pm to be exact | trackback | rss| [...]
2006-11-28 at 3.31 am
Well, I installed it and it successfully created a whitelist entry. However, I know for a fact that I have had at least 20 spambots visit me in the last week or so because they failed my registration process, but none of them have been added to the blacklist. Can I add an IP address to the blacklist manually? If so, how? Thanks.
2007-01-29 at 7.28 pm
[...] Referrer Karma (not exactly a plugin) [...]
2007-03-11 at 1.03 am
[...] Autres solutions à essayer : Referer Karma, Referrer Bouncer, AutoBanReferer ou encore SpamForceField [...]
2007-03-13 at 11.21 pm
[...] I’ve just installed Spam Karma 2 and Referrer Karma on canspice.org. You all shouldn’t notice anything different, but if you have problems leaving comments, let me know. previous entry next entry [...]
2007-03-17 at 3.18 pm
Is it safe to use the same database that wordpress uses?
2007-03-24 at 1.33 am
[...] 5、防Spam插件Bad Behavior:我发现在WordPress论坛上只要有类似你最不可缺少的WordPress插件这样的问题,基本上答案都是anti-spam类的插件,其中Spam Karma与Referrer Karma是最受欢迎的两个插件,不过我比较幸运,一直没有遇到horse那么多的垃圾留言,只是在最近才刚刚装上新出来的插件Bad Behavior,因为这个插件是通过识别spambot来阻止spam的,与一般常用的过滤的方式有所区别,所以安装来试试。 [...]
2007-05-07 at 10.58 pm
[...] 5、防Spam插件Bad Behavior:我发现在WordPress论坛上只要有类似你最不可缺少的WordPress插件这样的问题,基本上答案都是anti-spam类的插件,其中Spam Karma与Referrer Karma是最受欢迎的两个插件,不过我比较幸运,一直没有遇到horse那么多的垃圾留言,只是在最近才刚刚装上新出来的插件Bad Behavior,因为这个插件是通过识别spambot来阻止spam的,与一般常用的过滤的方式有所区别,所以安装来试试。 [...]
2007-05-27 at 5.56 pm
[...] 厳密にはWordPressのプラグインではないのですが、有用なWordPressプラグインを数多く世に送り出しているデイヴ氏が作成された「Referrer Karma」を、先ほどこのブログに導入してみました。 [...]
2007-07-21 at 3.05 pm
[...] Get it: Referrer Karma [...]
2007-09-19 at 10.35 pm
[...] Unknown Genius: Referrer Karma [...]
2007-10-08 at 10.03 pm
[...] before such incident happens. Nobody likes a downtime. Here’s what I did after much research. I installed Referrer Karma This is not a plugin, so you need to manually install it via coding. Edit couple of file, install [...]
2007-10-27 at 7.35 am
[...] Referrer Karma to my anti-spam arsenal as well as the stats plugin so everyone can see what’s getting [...]