Wordpress comment spam
But… in the url link for the comment, they all give links to new blogs- all of the blogs are basically blank, all give a whois of a domain privacy company, and doing a search via
Anyone else seeing this? Right now I'm just editing out the urls and approving the comments (I'm sure there is a plugin to do that).
8 Replies
I can usually spot the fakes and the real ones (so far, none have been false positives, though), and the spammy ones always has some obscure (and apparent commercial) website as the URL.
It takes a huge load off my mind when it comes to spam prevention.
In addition to Akismet, I also have the "Comment author must have a previously approved comment" option enabled.
Akismet usually comes pre-installed with new WordPress installations, but is deactivated by default. In any case, it can be found in the WordPress plugin directory (in the admin interface, Plugins -> Add New).
These are SPAMMERS, they deserve a baseball bat up the side of the head, not personalized message editing.
@NeonNero:
In addition to Akismet, I also have the "Comment author must have a previously approved comment" option enabled.
I run a bunch of WP blogs here on Linode and do the same as NeonNero above. Askimet + the 'previously approved' setting stops all of this type of spam (so far anyway).
R.
What puzzled me is that the comments were valid, so I was tempted to let them through.
This morning though, I saw that several were from the same IP address with different email addresses and names, so the heck with them.
I may install Spam Karma 2 again- I didn't install it when I moved to Linode.
Thanks again!
Akismet works in the same way that Gmail does – because there are so many users, it can very quickly detect when spammers are at work, even if the comments themselves are fairly realistic, because they are being sent to dozens of blogs at once, which is a dead giveaway.
I think because some of the spam comments are nice ("Cool, my sister sent me the link to your blog, and it's just what I was looking for -- thanks!!") it is tempting to let them through -- which is why they do it, of course.
I have a blog for a WordPress plugin, and I do get genuine comments like that, but because they are one-off comments and not a batch, Akismet can tell the difference and lets them through.
Even with Akismet doing all the work, it is still aggravating to see all these comments sailing in, but aside from banning one very persistent IP address, I've decided there really is little you can do about it. I've reported a couple of sites (from those links) to Google for violating Google Adsense rules, but it's really not worth the effortl. (Actually, that might be a good idea for another Wordpress plugin --- follow the spam links and if they are using an ad service like Adsense, automatically report their site for spamming!! That would soon stop them from posting to your site )
@tacitus:
Even with Akismet doing all the work, it is still aggravating to see all these comments sailing in, but aside from banning one very persistent IP address, I've decided there really is little you can do about it. I've reported a couple of sites (from those links) to Google for violating Google Adsense rules, but it's really not worth the effortl. (Actually, that might be a good idea for another Wordpress plugin –- follow the spam links and if they are using an ad service like Adsense, automatically report their site for spamming!! That would soon stop them from posting to your site )
:D
If you just want to auto ban frequent spammers, check out:
More useful if you're already using fail2ban, but it's not like fail2ban is that hard to setup. With sufficiently long ban times, you can really cut down on the amount of spam. I'm only getting a handful of spams a day now, which is nice because I can briefly check for false positives too.
Even the valid comments, maybe they have some content I find really offensive, bordering on offensive or questionable for some reason.
Or I have to ask myself: Am I linking to a bad neighborhood here? Bad link juice!
Yes, search engines have a "bad neighborhood" penalty. You are who you link to. Making decisions like this every day is too much like work, sorry!
And don't get me started on "nofollow" that tag does nothing. In my opinion.
So just remove the field from your comment form, problem solved! Right?
Well, it's not really that easy. Spammers don't actually use your comment form! They submit spam comments directly, bypassing your form. LOL. So you might need to hack your theme further to not display the URL.
If people really want to share their link, they can share it in the message-comment body. Of course spammers do this too, but it's not a big deal.
Because WP has an option: "Send all comments with 1 or more links" into moderation. Then when I have time I check to see if anyone posted a link that needs approval.
Now I have over 25,000 comments with valid emails and no URL field. Works for me!