Comment Spam
If you're new here, you may want to subscribe to our RSS newsfeed so you don't miss out on all the information, news, tips and tricks.
Thanks for visiting!
Gary Short has just been mumbling about comment spam over on his blog. He probably doesn’t recall the days when the spambots would be using a vulnerability or new attack method to send hundreds of spam comments per hour! We’ve got one suggestion for him and it is shown in the Blaugh cartoon below - only kidding Gary as we’d still like to “comment” on your blog :-).
His post reminds us of the time when a spambot attacked our blog one Saturday evening, leaving a trail of thousands of spam comments to clear-up. Needless to say, security was hardened a great deal after that attack and comment spam has never been an issue since; although staying ahead of the spammers does take a little research and effort.
There have been occasions when the spammers would make blog comment system unusable, but those clever blogging engine and plug-in writers fought back with many measures to mitigate comment spam. For those lucky folk using Wordpress, a crack selection of security plug-ins will practically eliminate these parasites - well until they figure out another attack method.
Our current set-up for Wordpress blogs is as follows:
- Spam Karma 2 (SK2) with the SK2 Akismet plug-in
- You’ll need to register a blog at Wordpress.com to get an Akismet API key so you can fully use the Akismet anti-spam service.
- You’ll need to go in and tweak some configuration settings to provide the desired effect for your set-up. - CJD Nuker
- Although this has now been integrated into the Akismet plug-in, we’re still using it as a separate plug-in. The bundled Akismet plug-in has been disabled to allow the use of the Akismet service through the SK2 Akismet plug-in. Hope that makes some sense. - Bad Behaviour
- This is really effective at blocking the spambots in the first place.
- Cannot be used if you’re using a blog writing tool e.g. Live Writer.
More information on the Akismet service can be found HERE.
This set-up ensures that no comment spam ever gets to the public side of the blog, with the rest going into the proverbial trash bin of the Internet. Even those Wordpress bloggers only using the bundled Akismet plug-in should find comment spam a trivial issue.
It will be interesting to see how long it takes for the comment scum to find another way to spam us - hopefully never! Let’s try to stay ahead of them.
UPDATE:
There is a fix for Bad Behaviour’s blocking of Windows Live Writer:
Fortunately, it is not too difficult to fix this, though you do need to tweak the code base of Bad Behavior. Open the file msie.php in the bad-behavior subdirectory of your Bad Behavior plugin and find the lines which say:
if (!array_key_exists('Accept', $package['headers_mixed'])) { return "17566707"; }Change this to read as follows:
if (strpos($package['headers_mixed']['User-Agent'], "Windows Live Writer") === FALSE && !array_key_exists('Accept', $package['headers_mixed'])) { return "17566707"; }
More information on the nature of the problem and fix can be found on this James McKay blog post.
Technorati Tags: Bad Behaviour, CJD Nuker, comment spam, security, SK2, spam, Spam Karma 2, Wordpress
Leave a Reply