Fighting comment spam in a Wordpress blog

We all are used to email spam. I get around 100 spam mails daily in my Gmail account. Thankfully most of these are identified as spam by Gmail and gets moved to spam folder automatically.

When I started this blog, I never thought that spam would be a major issue. Initially I haven’t added any comment moderation. Within a week, I started seeing spam comments mostly related to pharmacy and drugs. I started manually deleting spam and soon I realized it is not going to work.

In Wordpress, under options->discussion, there are a couple of spam fighting measures available. I enabled comment moderation which automatically puts a comment in moderation queue if it contains 2 or more links. I have also enabled common spam word protection. This means that any comment which contains words in this list will be automatically put into moderation queue.

The solved the problem for a few more days. Then I noticed that I have over 100 comments to moderate. Now sorting through 100 comments to find a genuine comment is not something you would cherish!

Wordpress provides something called comment blacklist. If any of the words in this list is part of the comment, the comment will be nuked. It will not appear in moderation queue. So I analyzed few spam comments and added the common words into the comment black list.

I had hoped that these measures would solve the spam problem. Soon I realized that I was too optimistic. I started getting a lot of comments and it contained black listed words with spelling mistakes! For example, the word viagra will appear as viegra or something similar.

Looking at the spam comments I noticed that all of them are coming from a set of specific IP addresses. So what I needed was a way to blacklist IP addresses.

In Wordpress, under manage->files you can see the .htaccess file. This can be used to block a specific set of IP addresses. So I added the following entries in this file (Substitute the actual IP address instead of 127.0.0.1)

order allow,deny
deny from 127.0.0.1
allow from all

So today, I have no comments to moderate. Thank god! :)

Notes

1. There are sophisticated spam fighting tools such as the Akismet which is distributed. I am yet to use it.
2. It is better to disable trackbacks. Tools such as trackback submitter is widely used by spammers.

This entry was posted on Wednesday, February 14th, 2007 at 10:23 am and is filed under Spam, Tips, Wordpress. Both comments and pings are currently closed.

4 Responses to “Fighting comment spam in a Wordpress blog

  • 1
    Lorelle
    February 15th, 2007 05:34

    This is an old method of dealing with comment spam and works for about 10 minutes. It is NOT better to disable trackbacks. That’s letting the comment spammers win.

    Why don’t you get Akismet, Spam Karma, or Bad Behavior?

    I’m so tired of people turning off comments and trackbacks, turning on comment moderation, adding captchas and human torture tests to do math, and other things that get in the way of comments. Blogs are all about the conversation and anything you do to get in the way is killing the idea of a blog.

    I get over 1000 comment spam every day on just one blog. The majority of them are caught by Akismet, about 98%. I’ll live with that any day over getting in the way of my reader’s comments.

    Just think about it.

  • 2
    jaysonjc
    February 15th, 2007 07:57

    Lorelle, I have enabled trackbacks. IP block seems to be successful so far.

    Yeah, when I post a comment to a blog and I get a response saying that comment is held for moderation, it feels bad.

    Let me check out the tools you mentioned.

  • 3
    Binny V A
    February 22nd, 2007 21:16

    I totally agree with Lorelle - I use Akisment and rarely encounter spam. Plugins are a better way of handling spam than manually blacklisting each spammer.

  • 4
    theUg
    April 3rd, 2007 07:41

    I’ve used Akismet, but wasn’t too much happy with checking the spammed comments (although I only was getting about 10 a day or so), and also didn’t like the fact, that comment counter was going up senslessly. I’ve used Bad Behaviour, but I noted, that it blocked some search engine bots, specifically blog-indexing bots from local engines.

    Then I’ve found Raven’s antispam, which I thought was genious. The principle upon which it is based — plug-in checks if user-agent have JavaScript turned on. If so, or if it is logged-in user, it lets comment through. If not, it shows simple captcha. So far works like a charm. I’ve heard some reports of minor infiltration, but nothing more than Akismet false-positives, if anything — much-much less.