Mass comment deletion

Jacob Redding — Mon, 13 Aug 2007 00:04:55 +0000

I recently upgraded to Drupal 5.2 from 4.7 and during the upgrade I made rather unfortunate mistake. I switched from using the captcha module on drupal.org to using the mycaptcha module on Heine's website. This wasn't the mistake though. My mistake was that although I had successfully switched over the modules I had misconfigured (i.e didn't turn on) the mycaptcha module. This left my website vulnerable to spambots although not entirely vulnerable because I do use the wonderful spam module in conjunction with mycaptcha.

In less than a week my site had over 1,000 spam messages that made it through the spam module (several thousand caught). Most of these comments didn't contain URLs and had some "comment" that consisted of gibberish; which is why they passed through the spam module. Fortunately for me the spambots hit my site a few time with high spam injections(300+) at each visit. Almost all of them came from a similar IP address. Since the comment module grabs the IP address or Hostname of the person leaving the comment I only had to write a few simple SQL queries to isolate all of the spam comments.

I then used the code below to wipe out hundreds of spam comments with each run.

$sql = "SELECT cid, subject, comment from comments WHERE subject LIKE '%s' AND hostname LIKE '%s' AND name LIKE '%s'"; 
$subject = "";
$hostname = "81.177%";
$name = 'Anonymous';
$results = db_query($sql, $subject, $hostname, $name);
print "Deleting ". db_num_rows($results) . " Comments 
";
while($result = db_fetch_array($results)){
$comment = _comment_load($result['cid']);
_comment_delete_thread($comment);
unset($comment);
}

When writing this little snippet I found it interesting that there is no public API call for deleting comments similar to node_delete(). The function comment_delete() exists but it only returns the form 'comment_confirm_delete'. Although I could have used drupal_execute() to properly fill in and execute the comment_confirm_delete form I found it a bit silly, especially since I knew the cid (comment ID) and I simply wanted to delete it. Heck I could've just did a "DELETE FROM comments WHERE cid = %d" and been done with it but that's not "clean".

So instead of grabbing the form, researching its elements and writing some quick FAPI code I opened up comment.module found the "private" function _comment_delete_thread(). It required a comment object so I also found the, again private, function _comment_load. They work similiar to node_load and node_delete so with these two functions I was on my way to being spam free again!

Now the question is why are _comment_delete_thread() and _comment_load() private?

f@wk!Ng Spammers!!!

Jacob Redding — Thu, 29 Jan 2004 07:31:00 +0000

Ok here's the deal. When I buy a domain name I buy the domain name so that I and I alone (with the exception of a few of my friends) can you use the domain name. BUT NOOO it can't be that way can it. Freakin Spammers have to spoof my domain when sending THEIR spam. Leave my domain alone!!!!
In short here's the deal spammers are sending out emails with the FROM email of "Jimmy@wiredgeek.com" or "Sam@wiredgeek.com". These accounts do NOT exist, never have and never will. It's just a ploy to get past mail servers and it is probably working from time to time..

Unfortunately, my only recourse, short of hunting them down and shooting them, is to stop the wildcard email matching at wiredgeek.com. I.E no more sending mail to me at "crazyguy@wiredgeek.com" or "whatupdog@wiredgeek.com". No more; those days are gone.(I know, sad isn't it) The only emails I will get from now on are "Jacob[~at~]WiredGeek.com" along with jredding, jacobredding, redding and dextor.

I hope that's understandable. Oh and if you participate in SPAM, do everyone a favor and pop everyone of those viagra pills you just bought and go f@wK yourself!! (I'm a little angry).