Anti-Splog problem: IP mismatch?

Hello, guys

I wonder how your Anti-Splog plugin checks the actual IP address of the domain name?

I’m having weird things with it. I installed it on wayzata.com and issues began…

If you ping wayzata.com you’ll see IP 97.74.249.241

The plugin has the same opinion :slight_smile:

Here’s what is tells:

You must enter an API key and register the IP (97.74.249.241) and WPMU Site Domain (wayzata.com) of this server to enable live splog checking.

Cool, I added this domain name and this IP, then I copy-paste the key and click Check Key button…

A few days ago it told me:

Your server IP and WPMU Site Domain is not yet registered for this API

Key. You are attempting to connect from 97.74.24.101.

Weird, but OK, I added the same domain name again with this second IP.

Today it tells me:

Your server IP and WPMU Site Domain is not yet registered for this API

Key. You are attempting to connect from 97.74.24.102.

So, where those 2 IPs (97.74.24.101 and 97.74.24.102) are coming from?

I suspect that these are IPs of web-hoster’s routers or something, naturally they can change.

But the IP of the actual domain name doesn’t.

So, what do I do in this case?

Cheers,

Mike

  • Ken
    • Site Builder, Child of Zeus

    Hiya,

    You must be getting an error saying “You are attempting to connect from xxx.xxx.xx.xx”.

    You have to enter that IP, which you are seeing from the error message

    I had the same problem last time. Aaron helped me out. :slight_smile:

    Hope this works.

  • VentureMaker
    • Site Builder, Child of Zeus

    Hey, guys

    Thanks everyone for your replies.

    Of course, I added the IP it suggested in error message and it worked :slight_smile:

    But I noticed that this IP is likely to change, this is the main reason I have started this topic.

    My main question is – why so complicated? :wink: Isn’t it enough just to add domain name on record?

    Like Akismet and other APIs do. IPs aren’t so to say reliable, this is a thing that changes more or less often. Isn’t the check against domain name enough?

    Or are there any specific reasons you need to check against IP as well?

  • Kirk Ward
    • Syntax Hero

    I agree that the domain name would be more consistent.

    Seems like the reliance only on the IP address causes problems.

    Maybe the registration screen could be reworked to accept both and choose which one to verify according to the format provided.

  • drmike
    • DEV MAN’s Mascot

    +1 again for checking against the Class C although in this case it wouldn’t have helped.

    And you can fake the domain in the call fairly easily. At least I think you could. (edit: Of course you could probably fake the IP address as well….)

  • VentureMaker
    • Site Builder, Child of Zeus

    C’mon guys, members here have a limit of 5 domain names for Anti-Splog API usage.

    Also, members have reputation :wink:

    Why should someone fake either domain name or IP?

    I vote for checks against domain name, plus maybe some additional verification with META tag or uploaded file if necessary – like Google Analytics.

  • Ken
    • Site Builder, Child of Zeus

    Wouldn’t verification with META tag or uploaded file like Google Analytics make the things too complicated?

    But I really don’t see the need to verify the IP for the domain. Isn’t just the domain name enough? We are members who are currently paying for services here, not a free users and just like VentureMaker said, we all are reputed members.

  • Andrew
    • Champion of Loops

    But I really don’t see the need to verify the IP for the domain.

    The IP is used so we can deny any incoming requests that are not legit.

    Preventing abuse is quite important as it allows us to offer the service without increasing rates, etc.

    Thanks,

    Andrew

  • Qlof
    • The Crimson Coder

    My problem with the anti-splog plugin is that it doesn’t stop any blogs and I have around 100 splogs/day on my site. Many of them from the same 4-5 IP numbers. All with names like blah425435.

    I would like the option to be able to ban an IP locally.

    I think there’s some vulnerability in the new WPMU version because I didn’t get any splogs before upgrading. I was using signup code with the description “Fill in the word X in the window below”. It worked fine. I now use signup questions – which the spambots pass. The question is in Swedish and I very much doubt that they can answer it. Like I said, some vulnerability in WPMU.

  • Qlof
    • The Crimson Coder

    I’m gonna go ahead and do that, but after that there will be 4-5 new IPs.

    Not sure how the plugin works but when I mark them as spam, is something sent to your central server? That could be a good idea. If several sites mark blogs from the same IP as spam it might be considered to block the IP throughout the entire network of plugin-users.