Category: Comment Spam

AuthImage error – Call to undefined function: imagettftext()

I was using AuthImage – Keith McDuffee’s fantastic WordPress plugin to prevent comment spam. I wrote about the process which led me to install this plugin last year.

Recently however, I realised that there was a problem with the plugin – it wasn’t displaying the code for commenters to enter, so no-one was able to make comments on any of the posts in this blog.

To find the error, I accessed the authimage.php file directly asking for an image (i.e. authimage.php?type=image) I received the error “Call to undefined function: imagettftext()”.

A quick Google on this error led me to a page which explained that “Those errors indicate that your PHP installation does not have True Type Font support compiled”.

I contacted my hosting company explaining the problem, and they responded quickly with a mail saying “I’ve rebuilt php with the required modules. All should be fixed” and indeed, AuthImage is now functioning as expected again.

Interestingly, I disabled the AuthImage plugin when I spotted the problem, and in the few short hours that it was disabled, I received a load of comment spam. This was the first comment spam I had received since I had installed AuthImage. Just goes to show how effective this plugin has been in stopping this plague annoying me!

AuthImage not displaying image

The initial AuthImage install didn’t go according to plan. When the plug-in was installed, no image appeared – therefore no comments could be left, genuine or otherwise.

After scratching my head for some time, I remembered that this blog is in a separate folder from my WordPress installation. I checked back over the AuthImage code and sure enough, there was a line in my comments.php file:
“img src=”/wp-content/plugins/authimage.php”

When I changed it to:
“img src=”/wordpress/wp-content/plugins/authimage.php”

The image appeared, the code worked perfectly and comments can no longer be submitted without entering the randomly generated code.

Stopping WordPress blog comment spam – the conclusion!

Renaming the wp-comments-post.php file had a drastic effect on the comment spam – it appears very many blog comment spammers go directly to this file to submit their spam.

After changing the name of this file, not only did the amount of spam fall off significantly but the number of 404’s for this file ballooned – mostly from ip addresses in Brazil or Bulgaria.

Still one or two were getting through. On the offchance that this would increase again, I installed Gudfly’s Authimage. This is a WordPress plug-in which displays an image with some random text that the commenter has to enter in order for their comment to be submitted successfully.

I installed that plug-in this morning and with help on the design side from FrankP, I re-designed the comments page accordingly.

I am now looking forward to significantly reduced comment spam.

WordPress comment spam yet again

Unbelieveably, I am still getting comment spam through the various measures I have put in place.

Just this evening, I have re-named the wp-comments-post.php file – previously I had edited the contents of this file, changing comment variable names but this hasn’t deterred all the comment spammers!

Hopefully, renaming the file will further reduce the amount of comment spam this site is seeing.

Stopping WordPress comment spam continued

Well, the suggestion I tried in my last post has helped matters but not eliminated the spam completely.

I have found another suggestion on Weblog Tools – to increase the minimum time between posts. WordPress’ default settings allows a comment to be submitted every 10 seconds – I have increased this to every 300 seconds to stop receiving floods of comment spam.

Also, I re-tested Fahim Farook’s WPBlacklist plug-in and found where the error was occurring (the Blacklist.php file). I uploaded a new version of that file and now the plug-in appears to be functioning normally once more.

So, these steps, all together, the source file editing and re-naming, the increasing the time between allowed comments and the WPBlacklist plug-in are now in place and I am hoping that they will, if now stop completely, then significantly reduce my WordPress comment spam. For the moment.

This is, after all, a game of leap-frog.

How to stop WordPress Blog Comment Spam

I have recently been plagued with Blog Comment spam on this WordPress powered Blog. The Comment spam takes the form of comments on posts containing links to poker/pharmaceutical/whatever sites – the point being that if the comments are published, the sites will gain another external link and rise in search engine rankings.

I moderate all comments on this blog so nothing gets published without my approval. Hence, the spam comments are never published, but I have to wade through them to find genuine comments and then delete the spam – this process is, at best, tedious and at worst, a pain in the … neck.

I searched for ways around this and found a nice WordPress plug-in called WPBlacklist. This plug-in has a very comprehensive configuration and, at first, worked very well. However, more recently, it was causing errors on the site whenever someone tried to make a legitimate comment.

I was alerted to this by Michele and he pointed me towards another plug-in for helping with blog comment which he finds useful. This one works on the basis of checking for links in the blog to Spam identified sites – it sounded promising, so I tried it. Again I was disappointed because I was still receiving many emails notifying me of comments (most of which were spam) and then I had to delete these comments.

Finally, I came across a post by Fahim Farook – the developer of the WPBlacklist plug-in that I had the trouble with previously. In his post, though, he recommends re-naming the WordPress comments file – and references to it.

This sounds like a beautifully simple way to overcome this problem. It should stop most automated comment scripts. I am trying this solution now – I renamed the file and the reference I found to it in the index file. I’ve also re-named some of the variables in the comments file (specifically the $comment_author_url and $comments variables). I haven’t tested it extensively yet, but so far, so good – and no comment spam has come in since I did this! Here’s hoping!

Log file and Blog comment spam

I use AwStats to monitor traffic on the site. I monitor the traffic regularly and recently started to notice that my site was apparently being linked to by some very strange sounding sites – Online Poker sites and Online Pharmacies!

A quick bit of investigation (and a quick word of explanation from FrankP) told me that I was the victim of Log File Spam. The idea behind Log File Spam is that Log File analysers, like AwStats, often create html based reports including hyperlinks to referrers. Therefore, if someone appears to come to my site from, there is a link to that domain automatically created in my AwStats file report.

If the report is not password protected, then this is found by search-engines and it increases the page-ranking of the spammers’ site.

How do we combat this?
Luckily there are a few simple steps we can take to combat this. The first and most basic, is to password protect the Log File analyser folder.
As added protection, a line can be added to the robots.txt file instructing search engines not to look in the log file analyser folder. Add the following line:
User-agent: *
Disallow: /Insert Logfile Analyser folder path here/

After a little further digging I found an article on how to modify my .htaccess file to exclude the majority of offenders. I modified my .htaccess file follwing the tips on this site and using some of Joe Maller’s sample .htaccess file data .

This was my first time modifying an .htaccess file by hand so I am interested to see how it will work out for me. If you would like to check out a copy of the .htaccess file I created – click here

I am also plagued by Blog comment spam. I have always moderated comments on my blogs but it is still a pain to be receiving emails about spam comments daily – which then have to be deleted. Hopefully the .htacess modifications will eliminate a lot of this too.

UPDATE – The link to Joe Maller’s .htaccess file above appears to be re-directing to I have emailed Joe to ask if this is expected behavour. In the meantime, if you find yourself unable to access it, feel free to browse my own effort – a lightly edited version of Joe’s file.