• WordPress 301 – how to unredirect spammers?

    Loads of spurious requests to my content are using up valuable server time. So how am I supposed to deal with them?

    Problem statement

    On a couple of my sites I have content which WordPress has decided to match to certain URLs that are popular with spammers. e.g. A request to /groups/create is 301 redirected /oik_todo/create_date_history_shortcode/.

    It now appears that these 301 redirected URLs are being used instead of the original requests. I can tell that because these are the only requests coming from particular IP addresses. And that’s not normal behaviour.

    Analysis

    After wp-login.php, robots.txt, feed, wp-cron.php, and some other expected back end requests, the most popular request to one of my websites has become /oik_todo/create_date_history_shortcode/.

    Why is this the most popular page?

    Well, when I investigated this problem on another server a long while ago ( in March 2015 ) I discovered that this page was being displayed in response to /groups/create, which is a BuddyPress thing.

    My site doesn’t have BuddyPress, but it does have a page to which the requester was being 301 redirected by WordPress. So I assume that the spammer is now using the URL after the 301.

    Problem solution

    There are two parts to the solution.

    1. Real users: Since there may actually be real users trying to view this content I updated it to use a different permalink. Assuming the real user is using a link on the same site then the required content will be shown. Note: This relies on the fact that my site’s links are built from the current permalink.
    2. Spammers: I don’t want these requests using server resources so my solution is to 301 redirect them again. This time to the license.txt file, a small file served without WordPress getting involved.

    Table of 301 redirects

    Each RewriteRule looks for a particular URL (badurl) and redirects it to the WordPress license.txt file.

    RewriteCond %{HTTP_HOST} ^.*$
    RewriteRule ^badurl$ "http\:\/\/example.com\/license\.txt" [R=301,L]
    badurl Normally used for
    groups BuddyPress
    groups/* BuddyPress
    members/* BuddyPress
    tag/register/ ?
    tag/login/ ?
    etc URLs that have become bad unintentionally

    I don’t know if this is the right way to deal with the problem. Perhaps there’s a different HTTP code I should be using.


    , ,

    Published:

    Last updated:

    January 9, 2016

Categories

Tide times from tidetimes.co.uk

Tide Times & Heights for Northney on
Saturday, 16 October 2021

Tide times from tidetimes.org.uk

Tide Times & Heights for Northney on
16th October 2021
01:57 Low Tide ( 1.42m )
09:49 High Tide ( 3.97m )
14:29 Low Tide ( 1.48m )
22:17 High Tide ( 3.92m )