Out of Control
The spam on my site is absolutely getting out of control! Arg!!! As I’ve mentioned in my often spam-filled shoutbox, I’m lucky enough that the spam comments doesn’t make it visibly to the site, but trust me, it’s there - as you can see in the shoutbox. I clean out 50-100 comments from the comment moderation queue a day and it’s getting worse. That’s not a big deal for the casual reader, but when a bunch of spam bots hit the site at the same time, comments go down and occassionally the site is slow. Also, each of these comments initially ends up in the database only to be deleted later when I clean them out. This leads to framentation and overhead and eventually performance issues.
I say all this to let you know about some changes I’ve made to help keep my sanity and make visiting my blog a better experience.
First off, I’ve changed the default theme. Previously, it was a theme called “Green Track.” No, I’ve made it the Wordpress default, also know as Kubrick. This is a minimal theme, with hardly anything in the sidebar. This is just the default; you can easily change the theme back to GreenTrack or another of your choosing by selecting it from the Themes dropdown. You’ll need cookies enabled for the site for your choice to be remember.
Why this change? A theory… When a bot visits the site, it should see the page with the default theme. Previously, it was the GreenTrack theme, with the shoutbox and a hacked up (popup) comments page. Changing the default theme to Kubrick removes the shoutbox from the default index page, thus not giving bots looking for scripts to spam any information. Additionally, by using a different theme with a non-hacked up comments page, I can do the following…
My second major change was adding a Captcha type comment authorization system. If you’ve used Blogger.com or a number of other websites, you’ve see this method it use. Basically, there’s an image that contains some numbers and letters. These must be entered before your comment will be submitted. I don’t like this, as it intrudes on my readers, but I have to do something to get this situation under control. I’ve tried to make it easy by only using 3-5 digits rather than a longer string of numbers and letters. For whatever reason, this Captcha that I’m using only works in IE, so Firefox users (you’re all using it, right?) won’t have to deal with it.
Now, most of this is a theory, so there’s no telling if it’ll work. I really hope it does, so bear with me as I try to get this under control. In the meantime, pick a theme you like and if it’s one with a shoutbox, relax and read Paul and Jeremy’s spam dialogue and jokes. 
And if all this spam wasn’t enough, my mp3 player bit the dust…again. I don’t think I’m going to replace the hard drive again, so time to go shopping for a new one. Not something I was expecting to do quite yet. :-/
Loading ...
Apr 27th, 2006 at 23:41:59
Get your v1agra here!
H0t pics!
Apr 27th, 2006 at 23:51:09
Umm, I see the security code with firefox. Do I just not have to enter it? Let me know if this works, cause I’m dealing with a lot of spam with GreenTrack as well.
Apr 28th, 2006 at 06:13:36
Ah, the security just doesn’t show for me, since I’m logged into to wordpress. So far it’s working great. No spam at all over night, other than Nick’s, which ended up in my moderation queue.
Apr 28th, 2006 at 06:16:38
Well, it didn’t help the shoutbox, so I think I’m going to have to change the name of the script for that problem to get better.
Apr 28th, 2006 at 09:42:15
I am using Wordpress and it asked for a security code.
Let me know how your spam war goes. I am getting hit too and now they are only using common words that I cannot put in my spam list, so not sure what to do.
Apr 28th, 2006 at 13:17:37
galojay…set it up so that if they put a link in the comments section it will go to your moderator queue. That’s what I do to stop it, and if I’m not mistaken I think that is the way Chris has his set up as well.
Apr 28th, 2006 at 15:37:36
Have you tried Akismet?
I clean out the messages Akismet catches at least once every 15 days to catch anything that may be legit, but it hasn’t let any spam through yet and it’s only “caught” one or two legit comments.
It definitely makes it so no spam ever reaches your readers. I don’t use the comment moderation list or blacklist, nor do I blacklist from open proxies, nor do I set a link limit in comments either (all of Wordpress’ built in tools).
Apr 28th, 2006 at 16:40:46
Yep, I’m using Akismet, and that’s preventing the spam from reaching the site itself. However, with 100 comments in Akismet’s queue a day, I want to prevent spam from even touching the site. So far, the Captcha is workin beautifully. Almost a day now and haven’t had any spam comments. The shoutbox is another issue, though.
Jeremy, you are correct, I have the options set so that if there are links in the comment post it’ll hold it in moderation. However, almost all the spam I get it just text. The link is in the website field. I believe this is the case for Jeff too. The spammers have modified their attacks so that if the link in the comment doesn’t go through, they’re just use the build in website field.
Apr 29th, 2006 at 00:25:27
My apologies, Chris, but I did forget to mention also that in addition to Akismet, I am using the Bad Behavior plugin:
http://www.ioerror.us/software/bad-behavior/
It blocks bots dynamically based upon the type of request, checking of the user-agent, and so on. It does this completely transparently to your users and may be the reason why there are very few spams for Akismet to catch on my blogs–the bots just can’t get in.
I’m also using Referrer Karma, but only to keep referrer spam out of my site stats–doesn’t have much to do with comment spam, I suppose.
Apr 29th, 2006 at 08:23:02
Thanks for the tips, Rick. I’ll be sure to check them out. Anything to keep out spam without affecting the user. Referrer spam is a big problem for me too, so Referrer Karma definitely looks like something I should take a look at, too.
Apr 29th, 2006 at 08:32:39
Only problem with Referrer Karma that I see is, if it gets a false positive and actually blocks a legit user, that’s not just someone who wasn’t able to comment, it’s someone who wasn’t able to visit your site at all. I’ve a handful of these–not a lot, but I can’t help but wonder how much the blocked person would have used my site.
Also, it takes a bit of maintence, at least every couple of days, to go through the recent referrers and blacklist that which didn’t get blacklisted and whitelist those which it mistakenly blocked. It’s admin interface could definitely be improved to make that job easier.
Good luck with things!
Apr 30th, 2006 at 13:05:36
Ok, I’ve implemented Bad Behavior and turned off Captcha. Let’s see if that does the trick. A of today, Akismet has caught and blocked 1205, so we’ll see if that number changes in the next few days. I’m gonna hold off on Referrer Kharma for now, considering the negative aspects of it, but hope to use it in the near future.
I’ve also made some changes to the shoutbox, so in combination with Bad Behavior, I hope the spam issue is solved there to.
Thanks again for recommending Bad Behavior, Rick.
May 2nd, 2006 at 20:22:49
OK, Bad Behavior isn’t working so well anymore. The spam is getting through again. At least Akismet is preventing it from hitting the comments, but it’s still making it to the database… Will nothing stop it? Back to Captcha…