I love testing out theories some which are my own and others which I had read; one of my biggest ‘playgrounds’ for testing was my abandoned humour site.
However some of my experiments had a negative effect …. in the fact that it resulted in LOADS of spammy comments!
24hr spam attack
You will notice that askimet catches (99.999999%) of the spam I receive, though I rather they don’t even enter my blog!!! (all without me lifting a finger ofc)
The added benefit being that these spam bots then take up resources and prevents unwanted DB growth as Askimet logs all comments spam or not in the DB. -ED
So I thought hmm let us now make this a case study on spam prevention and utilise some of the aspects I use here and preach!
.htaccess defence
Your .htaccess file is VERY powerful it can make it rain in deserts and create unbearable heat at the polar ice caps.
Though i’m not going to teach that aspect today! what I want to focus on are htaccess tricks to prevent spam.
Instead of repeating what i’ve said elsewhere I urge you to read A few tricks up my sleeves – htaccess style and htaccess reviewed in which I have detailed a number of spam prevention techniques. (the later is more beneficial).
So what I did was about 1130 am I deleted all the spam present added the lines of code from the articles to my .htaccess and waited 24hrs to see the effect.
A small note others have ‘preached’ blocking IP addresses, however if the spammer is worth their salt they use proxies to accomplish their tasks and so blocking ip’s is ineffectual and just bloats your htaccess file. Also have a look at Jeffs 4g Blacklist which was added at a later date.
Results
Post htaccess tweaks
So the next day (well 30hrs or so later…new years eve party was to long!) I went to the site to see the progress.
As you can see there is a considerable drop in the number of spammy comments (more than 50%!). However this is 129 comments way to much!
Plugins
Now I had heard a lot about this plugin and was well itching to test it out!
Installing it was a breeze a simple upload and activate no other intervention needed. (n.b. there is a small hack for it to work on cached pages).
Post Bad Behaviour
As you can see this decreased the total spam by a further 80%!
It seems to have been working very hard as well!
BB working hard
The critique though for this plugin is that while it seemed to work well I had no idea who it was blocking without dwelling into the sql tables themselves.
IP Table for blocked users
What further ‘worried’ me about this plugin were reports of it blocking ‘legitimate users’.
Now there is a way to unblock people but again it requires dwelling in to phpadmin.
One way to get around this I suppose is that it would be very useful if as well as number of people blocked as shown below, it also gave a list of IP addresses with a little bit more info, such as ip = proxy, or a known spammer, looked like a bot because. etc.
But rest assured; a bit more research on the subject and I found two plugins that do this almost to a T.
Though the only part lacking is a ‘whois’ of the IP addresses however i’m assuming all the IP Ranges are from the Famous HoneyPot project…so we can rest well!
EDIT Well I was wrong! under ‘tools’ you can see the IP add’s / reason they were blocked / comments they were about to leave all with a nice explanation. The Main 3 being ‘Project honey’ blacklist; Banned useragent (old beta’s etc.); or improper headers (using old http protocols etc.) Bottom line its brilliant!
Alternatives
I have tried to stop ’spam’ even accessing my site however as can be seen there are ways it can still enter and leave the odd comment. To battle this ‘better’ then the setup I have above (i.e. htaccess/askiment/BB) there are the following alternatives or extras you could add.
Authenticate, Identify, or DIE!
Maths Plugin: – This adds a small maths question at the end of the comment form that has to be filled in otherwise the comment gets spammed.
Simple Spam Filer: -This plugin looks for a particular pattern to distinguish a spam from a real commenter. The best part for this plugin is, it can work along with Akismet and will display a captcha if Akismet flags a comment as spam. So if a comment is ‘Genuine’ it will display the optional captcha allowing it to ‘bypass’ Askimet and prove it is not spam. (less false positives yea!!!!)
Comment for cookies:- This plugin adds a small stylesheet to your blog which drops a cookie on to the commenter’s computer and then checks for it when they press submit. The key point being if it was a bot there would be no cookie!
WP-Spam Free:- This works in a similar way to the comment for cookie plugin except it uses JS in conjuncture with cookies.
WP Captcha Free:- This plugin eliminates spam by validating a hash based on time (and some other parameters) using AJAX when the form is posted. Comments posted via automated means will not have a hash or will have an expired hash and will be rejected.
Captcha Godfather:- This plugin offers four different methods of protectio. The first is a verification code which is always generated dynamically. The second is that each verification code is given a session id which is different from the PHPSESSID value. The third protection is that every session id and verification code gets their own time stamp. The time stamp works on the premise that humans need a few seconds or minutes to post a comment. The last protection involved IP addresses. The visitor’s IP is stored with the verification code and only when the comment contains the original IP it’s then saved and held for moderation.
How ever even when adding all these is still a trickle possible due to some really good and clever spam bots (hey it is a multi-million industry) and ofc Human spammers! So Adminment will always be required.
Honourable mentions
In the world of spam Spam Karma 2 or SK2 is synonymous with its draconian grip on spam and along with its ’sister’ plugin Referral Karma it truly is a potent force.
The reason I did not include them in the test was that they require slightly more setup and needs a bit of tech knowhow if you it trouble (documention for SK2).
However both together are a spam stopping team almost unmatched. (the exception being my setup above :p)
Now in my research on this article I also came across Comment Guard Pro and was intrigued by it especially it claim of blocking 1million spam comments in a year with ZERO yes ZERO false positives!
However it costs $40 and with no review of it that I could find this ‘3rd generation’ plugin will stay an enigma until we see a review (hint hint contact form is on top :p).
Now there are a number of plugins I have not mentioned; mainly because 1) I don’t know about them or b) I feel a plugin here betters it.
Though it is likely that the plugin you use is in category ‘a’. So feel free to tell me about the plugin you use, your experience with the plugins here and how you combat comment spam.
Edit: also check out Beware the smiling man for a new technique
Popularity: 24% [?]
Related posts:
- Feedburner steals your Comment luv Teaches how to tweak a few settings here and there to maximise the potential of garnering links form comment luv plugin....
- Beware the smiling man A few weeks ago I stumbled across some interesting spam; it was generic enough to make me think hmm is this spam or a...
- Blog Comment Demon Review Blog Comment Demon, spawn of Satan or Pee Wee Herman? The Sales Pitch We all know that links have to be diverse for your...
- Parasite hosting What is Parasite Hosting? Parasite hosting is a black hat technique that relies on utilizing a domain’s inherent authority to create a free blog/wiki...
I use Wp-Ban – basically, I just add the spammer’s IP to it and it blocks them. It’s been working excellently till now. As for blocking legit users, I can’t bother using any of the other plugins or methods to prevent spam, as long as the plugin works, I’m not complaining
That may be effective in the ’shortrun’ but you can only block so many IP’s. I haven’t come across wp-ban, and would wonder how it would handle 254 different IP’s and if it would slow down the site.
The benefit though of using the method I have described is that it would prevent them from even gaining access to the site helping you save on those oh precious resources.
Wow, this is one of the most comprehensive writeup on the subject. I’m using the good ol’ Akismet to combat any spammy comments and so far, I’m pretty satisfied with its performance. I wasn’t aware of the htaccess method though.
Yan
Comprehensive eh? you can tell when I have an hour free when posts like these show up!
I’m not bashing good old Askimet; or that fact that a commercial product (Askimet) is distributed with a GPL product (Wordpress).
As I mentioned To Rajaie; the aim of the alternatives was to stop spammers even trying to enter site; nor bog down your database due to askimet having to work.
On my test site that i’ve mentioned I added the wp-spam free plugin and in 48 hours Askimet had….0 spam which is brilliant in anyone’s book and it took only 5minuites to implement all the changes.
I might implement the same on my blog and thanks for the tip, Donace. I think it’s worth the 5-min work.
Yan
Blogging Tips’s lastest masterpiece..Interview with Jim Regan – The Net Fool
I read the explanation of Wp-SpamFree again and now understand why it’s a much better choice than blocking IPs – downloading and installing it right now…
Rajaie AlKorani’s lastest masterpiece..The Top 100 Youngest Bloggers of the Blogosphere
cool; feel free to feedback on it; but remember to tell your readers that need to have both cookies and JS enabled
I just came back to say that Wp-SpamFree has worked liked a charm since I installed it – not a single
spam comment to deal with!
Thats great news man! keep an eye out for my next case study in which I hope to put this setup through
though its paces to see how good it really is
This looks to be a reasonable description of how to handle a second tier of spam removal, when Akismet is not able to reduce the amount to a manageable number. The plug-ins that add a captcha, or provide a math problem to do, appear to have been very successful, as most spam bots are not able to penetrate them. One might wonder if Akismet absorbs the added spam-prevention techniques from newer plug-ins, in order to stay on top.
Armen Shirvanian’s lastest masterpiece..Wisely Playing the Ultimatum Game
Thanks for dropping by Armen. The problem with captcha and the maths questions is that they require extra input by the user; and some (myself included) find that extra bit a little annoying. :p
I have tried a lot of anti spam plug-ins and methods (although I’ve never heard of the htaccess method)
Loves WP-SpamFree but sometimes it prevents my readers from commenting (error saying is not installed, etc).
Found that using the captcha system is annoying to my readers, but if you can make it as simple as possible (mine is 1+1=? ), it’s one of the best solution out there unfortunately
Michael Aulia’s lastest masterpiece..A nice update on PuTTy Connection Manager
I just dubbed a few htaccess tricks as the ‘htaccesss method’ :p it just involves a few checks etc htaccess reviewed gives a small explanation of what the different bits of code do;
WP-spam is pretty good as long as both cookies and JS is enabled. However I would recommend trying out ‘Bad Behaviour’ or using the ‘karma’ group of plugins if you already haven’t done so; also under ’settings’ in ‘discussion’ you can also filter spam by ‘keywords’ email etc. also worth a look.
I just reviewed an amazing plugin which worked like charm for me. A near zero spam
http://www.wpflash.com/2009/01/10/a-plugin-better-than-akismet-may-bee/
looks sweet man, by your explanation I take it it changes the form headings etc? (ie name /email etc).
Great experimental info and an awesome list of plugins! There’s a few in there that I’ve never heard of and will have to check out. Thanks!
Thanks for dropping by
Keep an eye out next week when I put it through its paces
I agree with Yan. This is probably the one post I’ve read which has thrown out all sorts of ways of dealing with spam, thereby reducing the load on your site, and of course, also blocking the spam. Didn’t have any idea there were so many choices. :O
This is but the tip of the iceberg :p thanks for dropping by!
I agree with yan and Jessie. This is the first comprehensive post i have read ever on spam topic (along with your two htaccess posts)
I had used bad behaviour before. I noticed one thing. have you noticed it? Wordpress admin pages load slowly. doest that happen to you?
second question is? Are you using bad bahaviour, if yes how are you coping with checking the ips and marking them as good if you or your friend gets blocked?
Can you clarify as to how to mark an ip as ok after logging to phpmy admin.
My ip was blocked by bad bahaviour. When i came to know this, i stopped using it.
Are you right now using .htaccess techniques provided by in other post + BB?
Hey man, thanks for dropping by; Actually BB has a menu in the ‘tools’ section that identifies IP, reason for blocking and any messages/comments they tried to send. Though if the person is genuine there is a way for them to ‘unblock’ themselves by following on screen prompts.
I am using BB here; so doesn’t look like your blocked to me :p
No the admin pages load fine for me; and lastly yes I am using the htaccess tricks I mentioned as well as BB.
Yeah for me also akismet is working very fine but sometime I do feel that popular blogs got maximum number of spam compare to less popular.
What do you think guys ?
I use the Bad Behaviour mambot on my joomla sites, it is great, stops almost all of the spam.
My only fear from it is that is will stop search engine crawlers.
I’ve had a peak at log files etc; It seems to work well with all legitimate search engines;
I think highly of Akismet,its effectiveness is praiseworthy and feel quite satisfied in the decision of the problem.I think htaccess and other mentioned devices is not still popular among the bloggers. Not so many of them use them in their work.
That is true but as I have mentioned a lot of times the .htaccess file is a brilliant and powerful tool.