Sorry if this seems like a basic question, but when a blog as small as mine has a problem with comment spam, it's getting bad. I'm sure people have some great solutions in place, and I'm hoping we can all brainstorm here.

For example, a lot of people use some type of capcha. Others use a hidden form to trick spambots. How effective are these, and how much do they put your visitors off? My gut feeling is this doesn't make sense, but I haven't given it a try.

How much comment spam is directly human-generated, and how much by bots? Does anybody know, of the bot spam, how much is run from a server versus on someone's home machine? Comcast gives me a 72-hour lease on an IP address ... if I did something naughty and you banned my address, you could be missing out on traffic from other Comcast users down the line - which doesn't help them or you. Is there a way to tell whether an address is static or dynamic?

I don't know WordPress that well; can I blacklist certain keywords in urls that show up in the comments? Any other ideas?

Banning one particular address, or a list of them, is pretty straightforward if you can get at your .htaccess file:

Code:

RewriteEngine On
RewriteBase /

RewriteRule .* - [F,L]

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 64.131.64.202

But with four posts so far, I have a feeling it's going to be a looooong list. Keywords seems like it might be less to manage down the line? Unless, hopefully, someone has a better suggestion?

Banning IP addresses is pretty useless in todays climate.I would say that Akismet works pretty well catching most spam, although the occasional ones do creep through and as spam sophistication increases Akismet will have to grow and change as well.

Another useful tactic is setting a link threshold on your comments, so that they have to be moderated if they contain over 2-3 links (this has some minor inconvenience as it ads to manual checking).

The honeypot technique is another useful tool in fighting spam as you briefly commented upon but it does have its limits and issues.

Spam checking is not really a one check kind of job, spam evolves as the filters evolve and so we need to be one step ahead. At the moment on by blog I have akismet running which weeds out the majority of spam, so far I have had one piece slip through but that was easy enough to pick up.

A list of things that need to be checked:

• Links - An excess number all together might bea spam piece. although it could also be a helpful commenter
• Comment structure - are there lots of words together that don't make sense, lots of emphasised text
• Just a link - generally = spam
• Do any of the links point to known spam domains - in my opinion this will become less and less important/practical as spam basis grow so new methods will have to be found.
• Does the comment relate to the post? - This could be a useful approach, run a small query on the comment to check for consistency to the post - might be slightly process intensive though(but hey a challenge is a challenge)

Thats all I can come up with for now. Hope that helps.

Jamie

Quote:

Originally Posted by JamieLewis

Another useful tactic is setting a link threshold on your comments, so that they have to be moderated if they contain over 2-3 links (this has some minor inconvenience as it ads to manual checking).

This is the only one I'm implementing at this point, but thanks for some great ideas. Some of the linguistic tests you suggested would probably work best, but be hardest to achieve. But not impossible ... there are grammar checkers; if one is open source, it could be a good madlib spam detector.

At the end of the day there's no silver bullet, and you need to moderate your comments responsibly. But it would be nice to kill the really obvious spam so we can all deal with less - what's left.

"if I did something naughty and you banned my address, you could be missing out on traffic from other Comcast users down the line - which doesn't help them or you. Is there a way to tell whether an address is static or dynamic?"

There is a database list floating around somewhere with static vs dynamic IPs but it's fairly inaccurate. I would not bother with IP bans, they just come back with a different IP.

I don't know if you've seen this list of spam plug-ins yet. Definitely use the akismet one.

http://codex.wordpress.org/Plugins/Spam_Tools

Jamie's bang on (as usual) about Akismet. I've been running it for about 3 months, and it catches 99.9% of spam (although once in a blue moon, one gets through). With a blog that's already seen almost 2500 spam requests in a four-month period, that's pretty good.

So, what is Askimet? Talk to me like I'm a 6 year old, like in the movie, because I'm new to this whole blogging thing. Although the traffic is picking up: about 75 unique humans a day, which is a lot considering how sparse my content is. And 1,400 or so from someone who liked one of my articles and social media'ed it.

Any thoughts on whether these spam bots run from someone's desktop, at a company with a T1 and a static IP, or from servers?

I use akismet and moderate all the comments. Nothing passed till now