September 16, 2004

The blogger’s bane …

Comment spam is increasingly becoming a major problem :-( There used to be a time when I’d get maybe one or two spam entries a month but of late, there are days when I literally get flooded by spam entries. I had written/modified the WPBlacklist plugin soon after I shifted to WordPress just because of this problem. I had been using a blacklist plugin while using Movable Type and I knew that I’d probably get hit by comment spam if I wasn’t protected on WP too. The blacklist plugin seemed to work and I was content for a while but a couple of weeks back, the latest problems started.

I’d been offline for a couple of days and came back to discover that I’d been hit by around a hundred spam comments on various posts scattered over my blog. Fortunately, WP makes it fairly easy to remove comments en masse and an SQL command was even simpler in this particular instance because the spammer used the same URL for all of his comment spam. Once I removed the spam however, I went back and took a look at the spam itself and discovered a few things:

  1. The spam was from many different URLs
  2. The particular site s/he was spamming for was not in my blacklist
  3. I had set the WP option which marks a comment as spam depending on the number of links in the comment to look for five links.

So, I went ahead and added the URL for the site to my blacklist and lowered the link threshold for spam to two. I thought I was safe but that wasn’t the case as I discovered a couple of days later.

I again got hit by spam but this time, I was online when the attack started. I discovered that the new spam comments had only two links and they were getting through WP’s spam protection. I went back and checked the wording on the threshold setting and it seemed to indicate that if I wanted two links to trigger spam blocking, that I should actually set the count to 1. Or so it seemed at that point though I’m not really sure about that since I’ve messed about with that setting a bit since then and it seems to work either way now. Or something. Anyway, I was able to stem the flood of comments to about 75 on this round and nothing got really published except for a couple in between me changing settings since all the comments got held for moderation that time.

I was kind of wondering about my blacklist plugin by this time though since I did have the URL in the blacklist and the blacklist didn’t seem to catch the spam – it was just the built-in moderation in WP based on the number of links in the comments which was putting the stuff in to a queue to be moderated. I decided to add a few more variants on the URL in case the one I had originally added didn’t work and wait for further developments.

A few days ago, I got attacked again. This time, all the comments went into moderation since I had the link count set correctly but when I went in in the middle of the attack and removed the link count check, I started getting comments which were published. So, my blacklist plugin for some strange reason wasn’t working properly! Or maybe the spammer was using a method which bypassed the blacklist checking? I don’t know … I’ll have to take a look at the blacklist plugin again and see what transpires – guess I’ll have to do that soon though since based on the regularity of the attacks, I probably should have one occurring in a day or two …

Be Sociable, Share!
Tags: Coding, Site, Technology, WordPress
Posted by Fahim at 12:08 pm   Comments (1)