Tag Archives: Comment Spam

Akismet 2.0 is a life (and comment) saver

Akismet is the default anti-spam plugin which comes with WordPress and it has saved me from literally hundreds of thousnads of comment spam messages (124,200 last time I looked).

A new version (Akismet 2.0) was released the same time as WordPress 2.1′s release so it’s release was kind of drowned out in the hoopla.

To my mind, the most significant change in Akismet 2.0 is the ability to tell Akismet to automatically delete any comments on posts over a month old.

Akismet configuration

As Matt himself said:

When I was doing some research into false positives I found an interesting statistic: the overwhelming majority (more that 99.99%) of false positives (which is when Akismet marks someone as spam wrongly) occur on new posts. Which makes sense because most real comments happen on new entries.

Typically I used to get >500 comments per day flagged by Akismet. There was no way i could go through those looking for genuine comments accidentally flagged as spam by Akismet.

Today though, having configured Akismet to dump all suspected spam comments on posts over a month old, I now only have to check 20-30 comments per day.

And just this morning, I rescued two comments which had accidentally been marked as spam by Akismet.

Well done to the guys in Automattic again. I love Akismet.

Slow comments in WordPress

In the last couple of weeks commenting on this site was taking longer and longer – sometimes timing out and not letting people comment at all. I was puzzled as to the cause of this and tried turning off various of the plugins I had installed on this blog.

Today though I think I have found what the problem was! I looked into the Akismet anti-spam plugin and found that there were nearly 10,000 spam comments there! I deleted the nuisance comments and now commenting seems to be working much better.

Anyone still having problems commenting here?

Bad Behaviour blocks TechMeme

I noticed recently that none of my posts were appearing on TechMeme so I emailed Gabe Rivera, TechMeme’s founder to ask what the problem was. He responded:

Your Bad Behavior plugin is blocking me, even though my crawler behavior is rather benign.

If you can whitelist my crawler (does BB let you?), it looks like this:
Mozilla/5.0 (compatible; Wazzup1.0.XXXX; http://70.86.131.10/Wazzup) …with XXXX varying (long story…).

Or just uninstall it! (What are some alternatives? I’d like to do a post on this…)

Bad Behaviour is an anti-spam plugin that I have written about previously.

As I don’t see a way to whitelist, I have disabled Bad Behaviour and I advise anyone else to do so until this can be sorted.

Thanks for the speedy response Gabe.

UPDATE: – Michael Hampton, Bad Behavior’s developer has contacted me to say it is possible to Whitelist TechMeme by adding its ip address (70.86.131.10) to the Whitelist-inc.php file – this fix didn’t work for me but may be worth a try if you do want to use Bad Behavior.

How to block comment spam

Like all bloggers, I find comment spam to be a constant annoyance. There are many ways to mitigate the problems it causes however and using the following techniques means that this site is subject to almost no comment spam.

Use WordPress’ built in comment spam tools -

  • In WordPress Options -> Discussion, fill in the list of common spam words – words in this list automatically cause a comment to go into the moderation queue. I use the following list.
  • Also use the Comment Blacklist field. Populate this very carefully. Any comment containing words in this list are nuked automatically. No notification. No way to get them back. Gone. This is the list of words I have in my blacklist.
  • I have checked the “Comment author must have a previously approved comment” field as well. This is a very simple but very effective tool – regular commenter’s are able to leave comments and see them appear instantly; new commenter’s comments are held for approval and if they are not spam, their comment appears in short order and subsequent comments appear immediately.
  • And I use WordPress’ built in anti-spam plugin – Akismet.

I also have a custom .htaccess file which stops a lot of spamers cold before they reach the site at all. Excercise extreme caution with .htaccess files as they can take your entire site down. If you are not sure what you are doing, I have written a few explanatory articles on .htaccess files previously. If you are still not sure what you are doing, put the .htaccess file down and walk away very slowly!!!

Finally, I use plugins called Referrer Karma and Bad Behaviour which help significantly by stopping bots from accessing your site to leave comment spam.

Having implemented these techniques ensures that my site stays free of comment spam without having to moderate all comments and without having to implement CAPTCHAs. CAPTCHAs are those horrible badly drawn images of combinations of letters and numbers which some people put on their sites to stop spam. CAPTCHA’s are evil*. Stop using them. Now.

* The American Foundation for the blind has written many times about how difficult Captchas make browsing for blind or partially sighted people and the W3C in a report on Captcha’s said:

A common method of limiting access to services made available over the Web is visual verification of a bitmapped image. This presents a major problem to users who are blind, have low vision, or have a learning disability such as dyslexia.

A solution for Robert Scoble?

In a recent comment on Shelley Powers’ site Robert Scoble explained one of his reasons for turning comment moderation on his blog, it has nothing to do with comment spam – he said:

I am seeing more and more anonymous comments and I have been tracking their IPs and see that one person is showing up under a variety of different names

Robert, if someone is posting troll comments under multiple names coming from the same ip address – enter that ip address into your WordPress Options -> Discussion -> Comment Moderation field and then comments from that ip will be moderated – all others will get through.

Be transparent about it – say in a post on your blog that you are moderating posts from that ip because of abuse. People will row in behind you on that.

Moderating all comments seems like taking the lazy way out.

Comment spam run last night

Apologies to anyone who subscribed to comments on this site and was emailed the spam comments which hit this site last night.

The site was hit by over 80 spams overnight – the first spam run to make it through my anti spam defences in over a year.

Curiously, all the spams came from a single ip address (71.57.133.162) and that ip is now blocked by my .htaccess file.

Hopefully it will be another year before this happens again!

UPDATE:
I see this spammer also visited the Spamhuntress – what a twit! Go get him Ann!