More comment spam techniques
The latest comment spam technique here seems to be a script which looks at previous comments, grabs a paragraph from one of them, and posts *that* as a comment, with the URL being a spam URL. Anyone got any good ideas for how I can fix that? Since the earlier comments are legitimate, it’s quoting legitimate text and therefore no spamtrap in the world will catch it. I could hack WP to check previous comments for the text they’re posting, but that’s easily get-around-able by changing the comment spammer script to replace “o” with “0″ and all the other tricks we’ve seen in spam emails (”C1Al15″, anyone?)
Suggestions?
Are you using any spam plugins? I’ve heard the new (built-in as of WP2.0) Akismet plugin is good, although I don’t like having to register to use it. I’m using Bad Behaviour, but I guess I get less comments than you….
97 minutes later
I use Spam Karma like Ade. It does look ups on links for known spam URLs and spamming IPs. It also does a whole heap of other things, like send a bit of javascript to the user agent as most spam bots can’t understand javascript and most browsers can. There are about 10 or 15 checks, which can be turned off if you don’t like them.
I’ve never had any spam get through, or anything legitimate get blocked, I have to approve one every 2 months or so. It’s not GPL mind, but free for download, use and non-commercial redistribution. I get about 1,000 spam comments a week and don’t have to press a button, though I’m sure you get more spam than me and I’m not sure I’ve faced this kind of spam phenomenon yet.
2 hours later
Spam Karma (2) is very, very good. I guess it shouldnt be the only thing you use tho, hence the suggestion of mod_security etc but yes - install SK2 right now, and then look into mod security
13 hours later
SK2 does look good. I shall install.
25 hours later
I’m not 100% happy with its non Free nature, though.
25 hours later
I’ve had pretty good luck with the built in moderation. If a person is a first-time poster (like me, right now), then they have to be “allowed” by me to comment. It seems to work. I haven’t had anything worse than a certain spammer in South Africa (working with their ISP, we’ll see…) trying with various email addresses to get in, but I moderate every new commenter.
43 hours later
Looks like my comment wasn’t moderated, so you have that turned off. I left that part on. Under Options->discussion, I kept the check marks in the part where it required commenter to fill out a name and email [b]as well as[/b] “Comment author must have a previously approved comment”. Maybe this will help.
43 hours later
Corey: I don’t want comments moderated. There should be no impediment to commenting, and moderation of new commenters is an impediment.
2 days later
Maybe an idea..
When a user/spambot is posting a comment, show the comment page with the just submitted comment, but add a red kind-of-alert box with some text and a link for submitting it fo’ real?
I’m not in the spambot nor blog blogging market, so I’m unsure as of how extensive these spambots are.. But might be an idea..
2 days later
OK, I’m biased because I know Matt, but his Akismet plugin works wonderfully. All the comments are left in your database, but marked as spam so you don’t have to worry about losing anything valuable.
3 days later
I use Spam Karma… And i’m satisfied with it. But really it’s very funny to read spam-comments sometimes :).
3 days later
Hi,
we are testing a new free form-protection service (http://www.cerospam.com.ar), for blogs and for any kind of web site. It is easy to setup each form with this system, and it is very useful for protecting comment forms from spammers.
It is based on captcha method. Until now it seems to work fine. No matter what kind of blog software you are using, this is not a plugin.
Please, test it and do not hesitate to send us your comments!
Thank you.
9 weeks later