I love testing out theories some which are my own and others which I had read; one of my biggest ‘playgrounds’ for testing was my abandoned humour site.
However some of my experiments had a negative effect …. in the fact that it resulted in LOADS of spammy comments!
24hr
spam attack
You will notice that askimet catches (99.999999%) of the spam I receive, though I rather they don’t even enter my blog!!! (all without me lifting a finger ofc)
The added benefit being that these spam bots then take up resources and prevents unwanted DB growth as Askimet logs all comments spam or not in the DB. -ED
So I thought hmm let us now make this a case study on spam prevention and utilise some of the aspects I use here and preach!
.htaccess defence
Your .htaccess file is VERY powerful it can make it rain in deserts and create unbearable heat at the polar ice caps.
Though i’m not going to teach that aspect today! what I want to focus on are htaccess tricks to prevent spam.
Instead of repeating what i’ve said elsewhere I urge you to read A few tricks up my sleeves - htaccess style and htaccess reviewed in which I have detailed a number of spam prevention techniques. (the later is more beneficial).
So what I did was about 1130 am I deleted all the spam present added the lines of code from the articles to my .htaccess and waited 24hrs to see the effect.
A small note others have ‘preached’ blocking IP addresses, however if the spammer is worth their salt they use proxies to accomplish their tasks and so blocking ip’s is ineffectual and just bloats your htaccess file.
Results
Post htaccess tweaks
So the next day (well 30hrs or so later…new years eve party was to long!) I went to the site to see the progress.
As you can see there is a considerable drop in the number of spammy comments (more than 50%!). However this is 129 comments way to much!
Plugins
Bad Behavior
Now I had heard a lot about this plugin and was well itching to test it out!
Installing it was a breeze a simple upload and activate no other intervention needed. (n.b. there is a small hack for it to work on cached pages).
Post Bad Behaviour
As you can see this decreased the total spam by a further 80%!
It seems to have been working very hard as well!
BB working hard
The critique though for this plugin is that while it seemed to work well I had no idea who it was blocking without dwelling into the sql tables themselves.
IP Table for blocked users
What further ‘worried’ me about this plugin were reports of it blocking ‘legitimate users’.
Now there is a way to unblock people but again it requires dwelling in to phpadmin.
One way to get around this I suppose is that it would be very useful if as well as number of people blocked as shown below, it also gave a list of IP addresses with a little bit more info, such as ip = proxy, or a known spammer, looked like a bot because. etc.
But rest assured; a bit more research on the subject and I found two plugins that do this almost to a T.
Though the only part lacking is a ‘whois’ of the IP addresses however i’m assuming all the IP Ranges are from the Famous HoneyPot project…so we can rest well!
EDIT Well I was wrong! under ‘tools’ you can see the IP add’s / reason they were blocked / comments they were about to leave all with a nice explanation. The Main 3 being ‘Project honey’ blacklist; Banned useragent (old beta’s etc.); or improper headers (using old http protocols etc.) Bottom line its brilliant!
Alternatives
I have tried to stop ’spam’ even accessing my site however as can be seen there are ways it can still enter and leave the odd comment. To battle this ‘better’ then the setup I have above (i.e. htaccess/askiment/BB) there are the following alternatives or extras you could add.
Authenticate, Identify, or DIE!
Maths Plugin: - This adds a small maths question at the end of the comment form that has to be filled in otherwise the comment gets spammed.
Simple Spam Filer: -This plugin looks for a particular pattern to distinguish a spam from a real commenter. The best part for this plugin is, it can work along with Akismet and will display a captcha if Akismet flags a comment as spam. So if a comment is ‘Genuine’ it will display the optional captcha allowing it to ‘bypass’ Askimet and prove it is not spam. (less false positives yea!!!!)
Comment for cookies:- This plugin adds a small stylesheet to your blog which drops a cookie on to the commenter’s computer and then checks for it when they press submit. The key point being if it was a bot there would be no cookie!
WP-Spam Free:- This works in a similar way to the comment for cookie plugin except it uses JS in conjuncture with cookies.
WP Captcha Free:- This plugin eliminates spam by validating a hash based on time (and some other parameters) using AJAX when the form is posted. Comments posted via automated means will not have a hash or will have an expired hash and will be rejected.
Captcha Godfather:- This plugin offers four different methods of protectio. The first is a verification code which is always generated dynamically. The second is that each verification code is given a session id which is different from the PHPSESSID value. The third protection is that every session id and verification code gets their own time stamp. The time stamp works on the premise that humans need a few seconds or minutes to post a comment. The last protection involved IP addresses. The visitor’s IP is stored with the verification code and only when the comment contains the original IP it’s then saved and held for moderation.
How ever even when adding all these is still a trickle possible due to some really good and clever spam bots (hey it is a multi-million industry) and ofc Human spammers! So Adminment will always be required.
Honourable mentions
In the world of spam Spam Karma 2 or SK2 is synonymous with its draconian grip on spam and along with its ’sister’ plugin Referral Karma it truly is a potent force.
The reason I did not include them in the test was that they require slightly more setup and needs a bit of tech knowhow if you it trouble (documention for SK2).
However both together are a spam stopping team almost unmatched. (the exception being my setup above :p)
Now in my research on this article I also came across Comment Guard Pro and was intrigued by it especially it claim of blocking 1million spam comments in a year with ZERO yes ZERO false positives!
However it costs $40 and with no review of it that I could find this ‘3rd generation’ plugin will stay an enigma until we see a review (hint hint contact form is on top :p).
Now there are a number of plugins I have not mentioned; mainly because 1) I don’t know about them or b) I feel a plugin here betters it.
Though it is likely that the plugin you use is in category ‘a’. So feel free to tell me about the plugin you use, your experience with the plugins here and how you combat comment spam.
