• WordPress 301 – how to unredirect spammers?

    WordPress 301 – how to unredirect spammers?

    Loads of spurious requests to my content are using up valuable server time. So how am I supposed to deal with them?

    Problem statement

    On a couple of my sites I have content which WordPress has decided to match to certain URLs that are popular with spammers. e.g. A request to /groups/create is 301 redirected /oik_todo/create_date_history_shortcode/.

    It now appears that these 301 redirected URLs are being used instead of the original requests. I can tell that because these are the only requests coming from particular IP addresses. And that’s not normal behaviour.

    Analysis

    After wp-login.php, robots.txt, feed, wp-cron.php, and some other expected back end requests, the most popular request to one of my websites has become /oik_todo/create_date_history_shortcode/.

    Why is this the most popular page?

    Well, when I investigated this problem on another server a long while ago ( in March 2015 ) I discovered that this page was being displayed in response to /groups/create, which is a BuddyPress thing.

    My site doesn’t have BuddyPress, but it does have a page to which the requester was being 301 redirected by WordPress. So I assume that the spammer is now using the URL after the 301.

    Problem solution

    There are two parts to the solution.

    1. Real users: Since there may actually be real users trying to view this content I updated it to use a different permalink. Assuming the real user is using a link on the same site then the required content will be shown. Note: This relies on the fact that my site’s links are built from the current permalink.
    2. Spammers: I don’t want these requests using server resources so my solution is to 301 redirect them again. This time to the license.txt file, a small file served without WordPress getting involved.

    Table of 301 redirects

    Each RewriteRule looks for a particular URL (badurl) and redirects it to the WordPress license.txt file.

    RewriteCond %{HTTP_HOST} ^.*$
    RewriteRule ^badurl$ "http\:\/\/example.com\/license\.txt" [R=301,L]
    
    badurl Normally used for
    groups BuddyPress
    groups/* BuddyPress
    members/* BuddyPress
    tag/register/ ?
    tag/login/ ?
    etc URLs that have become bad unintentionally

    I don’t know if this is the right way to deal with the problem. Perhaps there’s a different HTTP code I should be using.


    , ,

    Published:

    Last updated:

    January 9, 2016

Today’s word is this:

Tuesday

Food-le.com

crust

Foodlewordle.io

seeds

Categories

Tide times from tidetimes.org.uk

Tide Times & Heights for Langstone Harbour on
5th March 2024
06:06 High Tide ( 3.81m )
11:40 Low Tide ( 1.97m )
18:51 High Tide ( 3.71m )

Tide times from tidetimes.org.uk

Tide Times & Heights for Northney on
5th March 2024
06:33 High Tide ( 3.43m )
12:16 Low Tide ( 1.78m )
19:26 High Tide ( 3.41m )