I’ve been having a bit of an issue with blog spammers hitting my blog. While they fail some of the protection I have on the backend, including getting caught by Akismet, it’s still piling up in my administrative interface and generally annoying me.
Over the next week or two, I’ll be testing a few different anti-spam measures. I’m looking for stuff that presents the absolutely lowest burden on readers while still being effective against spammers. Any suggestions?
I’ve been using YAWASP, which has been moderately successful, but some spammers seem to be adapting, resulting in some spam getting through to Akismet (my last line of defense). I’m a big fan of reCAPTCHA, as it helps a university convert books into digital format, and it has an audio option for those who cannot see. It also is quite effective against stopping spammers, while not being a terrible burden (it uses actual words, rather than the random characters that other CAPTCHA options use). Does this sound reasonable to people?
Update: I’ve installed Bad Behavior as a spam filter. If anyone is accidentally blocked from reading or posting comments, please contact me.
4 thoughts on “Spam Fighting”
Comments are closed.
Two words, Bad Behavior. Been using it on my WordPress install for over a year now and it stops spam before it even gets submitted. 99% of spam is coming from bots and the plugin can identify those bogus submissions since they don’t actually come from the comment form.
Give it a try before you resort to a CAPTCHA, it would deter me from posting comments. I had to refresh the reCAPTCHA 4 times to get one I could read.
I publish a few WordPress plugins (My Link Order, My Page Order and My Category Order) and have been using it for 3 years now so hit me up if you have any questions.
Interesting. I wish Bad Behavior went into more detail as to how, precisely, it works. I see that it can query the http:BL, which is cool, but otherwise the details on their website are a bit fuzzy.
Do you have any more details on how Bad Behavior works? Perhaps I’m missing something on their site and am just being tardful.
I’ll give BB a shot, so to speak.
I’ve had really good luck in the past with YAWASP, which replaces the normal form field names (“author”, “url”, etc.) with randomized text every 24 hours. Since these fields change all the time, the theory is that spammers can’t adapt. It also has a hidden field that shouldn’t be filled, but which spammers often fill. There’s no visual or functional difference to humans. Recently, however, I’ve been getting a few more spams that are able to make it past the randomized fields, but still fail in some other way that results in their messages getting dropped to the spam queue.
Ideally, any method of blocking spammers that I employ would allow for the spammer (and their spam) to be submitted to Akismet, so that others can benefit from my detection of spammers.
I understand that CAPTCHAs are a little annoying and time consuming, but I’ve found that reCAPTCHA is considerably less so than things like the CAPTCHAs on Blogger. The fact that one can easily refresh the CAPTCHA if the words are illegible is a plus as well.
I’ll disable reCAPTCHA for the time being and let BB run for a week or so. Hopefully it can catch some bad guys.
I end up with only 2-3 spams in Akismet per week now. Before Akismet was catching 200-300 spam comments a week and maybe 10 would actually get through. Post a follow up on how it goes.
As far as I know BB looks at the actual HTTP request and runs it against common spam profiles like bogus user agents and IP addresses.
Just a quick followup: BB has stopped two spammers already, one even being as blunt as submitting his spam directly as POST operation to the comments script. Interesting.
This seems promising so far, though I wish they’d have an option for displaying spam details in a web-based log, rather than requiring I look at the SQL database.