More Comment Spam Ranting

By Deane Barker on November 27, 2004

I don’t mean to go on another rant about comment spam, but I’m suffering under another deluge on my personal site. While the Texas Holdem spammer was a blitzkreig, another spammer has under slow siege.

Someone out there is posting a spam comment to my site twice per hour, 24 hours a day. He’s coming in from different IP addresses, and he hawks something different every single time: from debt consolidation, to cheap drugs, to online casinos, etc.

WordPress can filter on keywords, but I’d have to cast the net really, really wide to catch all the possibilities. WordPress can’t filter by IP, so I thought about doing something at the Apache level, but he’s using a huge pool of addresses. I have yet to see a duplicate.

I finally just set all comments to require approval, which is a drag, but there doesn’t seem to be much else to do right now. WordPress isn’t quite as advanced as Movable Type, so there isn’t the same level of anti-spam plug-in support or a central authentication system like TypeKey.

Needless to say, I’m irritated. When Gadgetopia gets spammed, that’s different because this site makes some money and it’s therefore a cost of doing business. But my personal blog is just for fun, and it’s a huge pain to go in and get rid of all these spam comments every day. It takes the fun out of it, and fun is all there was to it in the first place.

If anyone out there has solid experience with WordPress (I’m a rookie) and can propose a solution, I’d love to hear it.



  1. I was thinking about switching to WordPress from MT because I thought the spam support was better… I guess not. I have been depending on MT-Blacklist to handle the blog spam filtering needs. When I was getting hit once or twice a day, it wasn’t a big deal. But then “Bob” showed up and was leaving 6-7 a day. I put up with it for a month, and then I remembered someone who develops their own blog started turning the comments off on entries that were over a week old. So, I turned off all of the comments except for the latest ones. This has been a huge success.

    If I wanted to get fancy, I could create a cron job to run everynight that would go in and update the database, but it hasn’t gotten that painful yet so I just do it manually.

  2. I’ve been using the Spam Karma plugin for WordPress for a few weeks now. It’s based on some code that I wrote a while earlier that intercepts comment spam based on various criteria. The new plugin – compiled by someone else – has a centralized spam regex wordlist, a backup captcha system for when it’s not absolutely sure a comment is spam, and very nice integration into the WP admin layer. You can opt to receive an email digest of deleted spam comments, or nothing at all. A possibility for the future is to employ the existing wordlist export capabilities of the plugin to build a distributed comment spam prevention network.

    Most importantly, ZERO of the recent holdem, debt-consolidation, viagra spams have seen the light of day on my site, and I haven’t had to moderate much of anything for the current count of 2516 spams received.

    Check it out: 11/19/spam-karma-merciless-spam-killing-machine/

  3. My Drupal based site is currently getting hammered by an idiotic tosser pushing Texas Hold’Em Poker sites and Viagra substitutes. My spam filter has eaten almost every single one, so I don’t really care about that – but my referral and visitor stats are becoming absolutely unusable – regularly shooting up by a couple of hundred visits and fake links to everything from ‘valeofglamorganconservatives’ to straight ‘click-here-for-shitty-poker-site’ stuff and AdminShop’s ‘Hey, were you seriously pissed about this fake link? Click here to buy some software that’ll let you do it to other folks!’ Luckily, nobody else ever sees it.

    It’s seriously driving me up the wall, but I refuse to switch off comments just because of one or two tossers.

  4. I wrote a quick IP blacklist plugin for my WordPress site in response to the problem of comment spam coming from anonymous http proxies. It sounds like you’re seeing the same spam campaigns I am, so you’re welcome to my plugin if you want it:

    It’s worked well for me so far. As a side benefit, I’ve compiled a list of 254 open http proxies, should I ever need one.

Comments are closed. If you have something you really want to say, tweet @gadgetopia.