Thread

I’ve noticed a marked decrease - as in to almost none - in search spam so far this month. Was there something in the latest build to help protect against that? I suppose it’s possible the spammers are just taking a vacation, but ...  😝

Hopefully they have all been removed by the authorities and are currently having their testicles squeezed in rather large, rusty, iron vices that tend to stick when tightened.

We did make some changes in 1.5.2 that made all search terms converted into safe output because there were users using the Query module to output the terms directly without any sanitizing or HTML conversion, which was being done automatically in the Control Panel when those terms were displayed.  That was many months ago, and typically spammers have not cared whenever we have added new security stuff and just keep on hammering away blindly.

We had been getting hit pretty heavily with them for months, so this month’s drastic decrease really stood out. We’ll just enjoy it while it lasts!

can someone help me here? What exactly is search spam? I’ve never looked at anything like this so I’m completely ignorant.

Hi, JT.

I’m probably not really up on all the tech end of it, but the “search spam” I’m talking about generally consists of spammy messages - URLs, etc. - submitted by bots to sites’ search forms so that they will appear in lists of most-searched-for phrases. Some sites show those lists publicly, I hear.

They’re generally pretty ugly, and I can’t see how they’d possibly be enticing to a reader. But I guess even a small percentage of clicks is profit for the spammers.

We don’t show the list publicly, but I use it privately to keep track of what folks look for and how they do it. It helps me determine how useful the navigation is or isn’t, and to make adjustments.

I’d show you a copy of some of it, but not a single one now appears in my search log.  😊 Hope that holds for a while.

Ahhh.. Nope I know exactly what you mean now. Thanks!

I get a ton of search spam as well..

1. Is there a way for EE to just ‘dismiss’ searches that have URLs in them?
2. The spamers are sending the search code directly, because the length is much longer than the text field in search box will allow.  Is there a way to just change whatever location is ‘receiving’ the search, which would mean their request will be filtered out?

You might like to have a look at spam proofing your installation.

1.  No, not by default, but one could write an extension to do so.

2.  You can Remove and Install the Search moduel and that will create new Action IDs for the search submission forms.  Honestly though, it would be a simple thing for the spammers to work around this.

The search spam is becomming a rather big deal, knocking my site offline.

I am getting attacks where different IP addresses all search for the same term in the same minute (seconds?).  If the search term was able to use a cached query or filter out the dups, it could really save my site.  Otherwise it is actually causing my site to fail…

Are you using the Blacklist with the .htaccess blocking?

I am using the blacklist, but the seach attacks are coming from different IPs…

Yes, and the same thing happens for Comments, Trackbacks, and Referrer Spam.  And one cannot exactly deny duplicate searches on a site.

Can the searches be cached?  (or are they?)