Stupid Spammers
Posted on May 31, 2006 in Blogging
(last edited on April 29, 2014 at 1:27 am)
(last edited on April 29, 2014 at 1:27 am)
Last night I got 2500 spam comments, which is a lot for me. Spam Karma 2 caught ALL of them, but I don’t like giant logfiles of spam comments, so I have just upgraded to Bad Behavior 2. UPDATE: As the author of the plugin notes, this is a pre-release version.
I sometimes wonder if Bad Behavior blocks legitimate comments or prevents use of the email form. If you’ve ever been blocked from leaving a comment, please let me know. Otherwise I’ll assume everything is cool. Thanks!
UPDATE: Apparently I need to also add a line to WP-CACHE to enable protection of cached pages with Bad Behavior 2. Oops…no. Very much no!
9 Comments
I used to be too scared of false positives to use any sort of automated spam filters. I had nearly a thousand hard-coded filters set up, and out of statistical curiosity I still downloaded the emails. At my peak I was getting about 2,800 spam messages a day through all of my email accounts. My filters were catching about 2,000 of them, but that still left a LOT of spam to go through.
Eventually I realized that I was causing more false positives than an automated filter would, just by being so completely overwhelmed by the numbers. It would have taken hours every day to go through the email patiently enough to ensure no false positives.
So I switched over the automated filters and never looked back. When my host suspended one of my email accounts for a “possible DDOS attack” and it just turned out to be caused by SpamAssassin redirecting my midnight spam delivery to my collection address, I started :blackhole:ing all of the spam. So, I can’t say exactly how much spam is sent to my addresses now, but I don’t have to fool with it any more.
Since then I only have to combat a few dozen spams a day.
So, getting 2500 comment spams a night puts you in the same boat. Just keep in mind that the number of false positives caused by your filters is probably a lot lower than you would err manually.
——-
Thanks Dave! I’m noticing that Bad Behavior 2 doesn’t seem to be stopping many comments. Someone also just reported the captcha failing with Spam Karma 2 (I’ve never seen it, didn’t even know SK2 even had them!)
I might install a manual captcha if that’s the case, and modify it a bit so the installtion is unique to my blog to defeat automated scripts…but it’s time I don’t really want to spend.
Combine SpamKarma2 and Bad Behavior, the occasional spam that might slip through SK2 will (probably) get caught by BadBehavior.
As for the captcha, you can deactivate it in the SpamKarma settings (if I remember well, otherwise the comment lands in your moderation queue)
Franky:
I got a report from someone that they saw an actual PHP error generated my Spam Karma 2 when trying to enter the captcha, which is disturbing…haven’t had time to track it down, unfortunately.
I’m hoping that BadBehavior’s update will prevent spambots from even seeing the blog…it used to be quite effective, but the spammers have upgraded their toolset over the past few months. So BB is the first line of defense, and then SK2 handles anything that slips through the cracks.
That’s the general idea.
Keep in mind Bad Behavior 2 is still in pre-release, and there are a few things that I’ve intentionally disabled during testing. Not because they don’t work, but because I’m looking to refine them to weed out any remaining (still extremely rare) false positives.
You may be getting a few additional comment spams that would have been caught by previous versions, but on the other hand, you should have virtually no trackback spam whatsoever. On balance, I’ve found the new version is stopping much more spam than the previous one.
And my false positive policy is to let it through if I’m not sure. I’d rather you have to read through 29 comments, 25 of which are spam, than 2,500 comments, almost all of which are spam.
P.S. I’m aware of the SK2/BB2 PHP error. I think it’s SK2’s fault, but since SK2 is no longer being maintained, I guess I get to deal with it. Blah.
Thanks Michael…it’s very good of you to drop by and clarify what’s going on behind-the-scenes…thank you very much!
I also have noticed a significant drop in spam today, as reported by SK2. I eventually did read that comment back on your blog about giving it some time to gather some data. The whole process is rather fascinating…there’s an entire war being fought behind the scenes.
oops, I can’t edit my comment. Count to 10, try again!
Well, I got slashdotted yesterday on a site running BB2, so I’m going to delay things a bit in order to incorporate a couple of lessons learned.
The best better idea I’ve come up with so far is to skip certain checks when someone with a level of administrative access is logged in. But that brings up two questions: How much access? and How to code it?
I have my own ideas on how to solve this, but I need to hear more from WP users who have multiple authors, as well as MediaWiki users.