Wordpress comment spam

I've been having a new type of comment spam on one of my wordpress blogs. All of the comments seem to be from real people, the comments all come from different ip addresses, and the comments are all valid and good comments, which add value to the discussion.

But… in the url link for the comment, they all give links to new blogs- all of the blogs are basically blank, all give a whois of a domain privacy company, and doing a search via http://www.my-ip-neighbors.com/ they are all on the same server (if you go to that link and put in imperialrage.com you will see the domains, and see that they are all the same thing).

Anyone else seeing this? Right now I'm just editing out the urls and approving the comments (I'm sure there is a plugin to do that).

8 Replies

I've had similar comments on my very-low-traffic personal blog ever since I moved it to the WordPress platform (and from a shared webhost to my recently setup Linode in London), but I've always found that the Akismet plugin has caught every single one of these (according to the stats shown in my Dashboard, it has stopped 531 spam comments since I moved my website to the WP platform in early January). I've found that the requirement of signing up for an API key has absolutely been worth the hassle (I have to register with my e-mail address only, but I haven't received any e-mails from them other than my API key), and I just check in with the Dashboard about twice a week to empty the comment spam folder (and check for false positives).

I can usually spot the fakes and the real ones (so far, none have been false positives, though), and the spammy ones always has some obscure (and apparent commercial) website as the URL.

It takes a huge load off my mind when it comes to spam prevention.

In addition to Akismet, I also have the "Comment author must have a previously approved comment" option enabled.

Akismet usually comes pre-installed with new WordPress installations, but is deactivated by default. In any case, it can be found in the WordPress plugin directory (in the admin interface, Plugins -> Add New).

Can't imagine why anyone wouldn't delete the ENTIRE comment and blacklist their IP.

These are SPAMMERS, they deserve a baseball bat up the side of the head, not personalized message editing.

the best WP spam plugin used to be spam karma. It is no longer being developed but is worth a try.

@NeonNero:

In addition to Akismet, I also have the "Comment author must have a previously approved comment" option enabled.

I run a bunch of WP blogs here on Linode and do the same as NeonNero above. Askimet + the 'previously approved' setting stops all of this type of spam (so far anyway).

R.

Thanks- after thinking about it I will let Akismet do its job (it's up to 12,095 caught).

What puzzled me is that the comments were valid, so I was tempted to let them through.

This morning though, I saw that several were from the same IP address with different email addresses and names, so the heck with them.

I may install Spam Karma 2 again- I didn't install it when I moved to Linode.

Thanks again!

I can also vouch for Akismet. A few months ago it was letting that type of comment through, but since the start of the year it's caught every one of them so far.

Akismet works in the same way that Gmail does – because there are so many users, it can very quickly detect when spammers are at work, even if the comments themselves are fairly realistic, because they are being sent to dozens of blogs at once, which is a dead giveaway.

I think because some of the spam comments are nice ("Cool, my sister sent me the link to your blog, and it's just what I was looking for -- thanks!!") it is tempting to let them through -- which is why they do it, of course.

I have a blog for a WordPress plugin, and I do get genuine comments like that, but because they are one-off comments and not a batch, Akismet can tell the difference and lets them through.

Even with Akismet doing all the work, it is still aggravating to see all these comments sailing in, but aside from banning one very persistent IP address, I've decided there really is little you can do about it. I've reported a couple of sites (from those links) to Google for violating Google Adsense rules, but it's really not worth the effortl. (Actually, that might be a good idea for another Wordpress plugin --- follow the spam links and if they are using an ad service like Adsense, automatically report their site for spamming!! That would soon stop them from posting to your site ) :D

@tacitus:

Even with Akismet doing all the work, it is still aggravating to see all these comments sailing in, but aside from banning one very persistent IP address, I've decided there really is little you can do about it. I've reported a couple of sites (from those links) to Google for violating Google Adsense rules, but it's really not worth the effortl. (Actually, that might be a good idea for another Wordpress plugin –- follow the spam links and if they are using an ad service like Adsense, automatically report their site for spamming!! That would soon stop them from posting to your site ) :D

If you just want to auto ban frequent spammers, check out:

http://blog.shadypixel.com/spam-log-plugin/

More useful if you're already using fail2ban, but it's not like fail2ban is that hard to setup. With sufficiently long ban times, you can really cut down on the amount of spam. I'm only getting a handful of spams a day now, which is nice because I can briefly check for false positives too.

First of all, I removed the "URL" option from my theme.

Even the valid comments, maybe they have some content I find really offensive, bordering on offensive or questionable for some reason.

Or I have to ask myself: Am I linking to a bad neighborhood here? Bad link juice!

Yes, search engines have a "bad neighborhood" penalty. You are who you link to. Making decisions like this every day is too much like work, sorry!

And don't get me started on "nofollow" that tag does nothing. In my opinion.

So just remove the field from your comment form, problem solved! Right?

Well, it's not really that easy. Spammers don't actually use your comment form! They submit spam comments directly, bypassing your form. LOL. So you might need to hack your theme further to not display the URL.

If people really want to share their link, they can share it in the message-comment body. Of course spammers do this too, but it's not a big deal.

Because WP has an option: "Send all comments with 1 or more links" into moderation. Then when I have time I check to see if anyone posted a link that needs approval.

Now I have over 25,000 comments with valid emails and no URL field. Works for me!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct