Few creatures are more repugnant than spammers. Spammers of all manner, really: email spam, fax spam, comment spam, referrer spam. I get them all — well, I would if I had a fax machine, I’m sure — and I loathe them all. I’m pretty lucky with most of it, though, as I haven’t apparently risen high enough on the radars to hit the high-volume marks that others seem to get. I get a couple of spam emails a week. I’ll get a dozen or so spam comments a month and a flurry of referrer spams every once in a while. I have my methods of dealing with them as well, of course. For email spam I simply roundfile the address that’s being spammed. This has zero repercussions so far since I create new email addresses for everything and if one gets hammered I don’t much care whether people can’t reach me on it any more. For referrer spam I change my .htaccess rules to forbid them from loading my page any more. For comment spam I’ve been doing what everyone does and simply deleting the offenders from the database even though my existing anti-spam measures keep them from being displayed.
That changed this morning when I discovered something I assume other people already knew about: Spam Karma comment spam killing machine extraordinaire. This sweet little WordPress plugin takes comment spam killing to a whole new level. I’d go so far as to say it takes spam personally. How does this differ from other methods? From the author’s own website:
Spam Karma works by running every new comment through a battery of filters and checks. Each of which increase or decrease the comment’s ‘Karma’ value. Depending on the final score, the comment is either: * Approved * Discarded silently as spam (no email is sent to you, unless you specifically require it, but a digest is sent to you every X spams deleted). * Placed in Moderation mode. With the possibility for the commenter to auto-moderate his own comment by proving he’s not a spammer (by filling a Captcha or checking a confirmation email).
And that battery of tests is extensive, everything from IP and URL regex matches to whether they’re logged in to the blog to the frequency of previous successful posts. Oh, I like. Fantastic work. Those of you running WordPress blogs and looking for effective spam handling measures — I’m looking squarely at you, Dan — should definitely take a look.
Just a note for others looking at this plugin. Make sure you have version 1.12 or later if you are running WP 1.2. There’s a bug, which they note on their site as fixed in 1.12 that SK will keep setting the ’save_moderation_notify’ and ’save_comments_notify’ options in wp_options table. I just fixed one guys blog that had over 37,000 rows of those options set which was killing his blog and the server.
I have ELIMINATED all SPAM from wordpress by following advice here:
http://www.imporium.org/wordpresshack.xml
It’s BRILLIANT! Check it out!
Hope that helps
Just in time…
Here’s an interesting tidbit - some hosting companies (including Pair, Total Choice, and TextDrive) are turning off their users’ Moveable Type weblogs because the combination of Moveable Type + MT-Blacklist + comment spam is effectively causing a den…
Re:new Gravatar - yes… it’s culled from the new Batman Begins teaser poster. I guess it just took 5 days to update…?
I think I see your new gravatar, Dan. Another take on the Dark Knight, yes?
I figured you were pretty set with that option, Mike. I do wish I had it. This new thing seems like a good option for those of us that don’t have mod_security on their hosts.
I’ll definitely have to check that out too. So far my mod_security is blocking 100% of the 100’s of comment spams I was getting, but I know they will get smarter eventually.
Oh I will definitely check it out… but first I have to fix the layout of the site such that it’s not what I would have referred to in the 6th grade as “butt ugly”. In my haste to convert to Wordpress to avoid the aforementioned spam, I slapped a GPL’ed style on there as a placeholder and it’s quite clearly gotta go. (Current status: rewriting the entire stylesheet and index.php from scratch.)
On a semi-related note, I have submitted a new Gravitar 3 times, and every time it says my new one is approved, it deletes the one I’ve submitted and keeps this old one. I submitted a bug report with no response… so beware - apparently changing your Gravitar is not a supported feature.