Stupid Spammers

Stupid Spammers

Last night I got 2500 spam comments, which is a lot for me. Spam Karma 2 caught ALL of them, but I don’t like giant logfiles of spam comments, so I have just upgraded to Bad Behavior 2. UPDATE: As the author of the plugin notes, this is a pre-release version.

I sometimes wonder if Bad Behavior blocks legitimate comments or prevents use of the email form. If you’ve ever been blocked from leaving a comment, please let me know. Otherwise I’ll assume everything is cool. Thanks!

UPDATE: Apparently I need to also add a line to WP-CACHE to enable protection of cached pages with Bad Behavior 2. Oops…no. Very much no!


  1. David W. 18 years ago

    I used to be too scared of false positives to use any sort of automated spam filters. I had nearly a thousand hard-coded filters set up, and out of statistical curiosity I still downloaded the emails. At my peak I was getting about 2,800 spam messages a day through all of my email accounts. My filters were catching about 2,000 of them, but that still left a LOT of spam to go through.

    Eventually I realized that I was causing more false positives than an automated filter would, just by being so completely overwhelmed by the numbers. It would have taken hours every day to go through the email patiently enough to ensure no false positives.

    So I switched over the automated filters and never looked back. When my host suspended one of my email accounts for a “possible DDOS attack” and it just turned out to be caused by SpamAssassin redirecting my midnight spam delivery to my collection address, I started :blackhole:ing all of the spam. So, I can’t say exactly how much spam is sent to my addresses now, but I don’t have to fool with it any more.

    Since then I only have to combat a few dozen spams a day.

    So, getting 2500 comment spams a night puts you in the same boat. Just keep in mind that the number of false positives caused by your filters is probably a lot lower than you would err manually.


  2. Dave Seah 18 years ago

    Thanks Dave! I’m noticing that Bad Behavior 2 doesn’t seem to be stopping many comments. Someone also just reported the captcha failing with Spam Karma 2 (I’ve never seen it, didn’t even know SK2 even had them!)

    I might install a manual captcha if that’s the case, and modify it a bit so the installtion is unique to my blog to defeat automated scripts…but it’s time I don’t really want to spend.

  3. franky 18 years ago

    Combine SpamKarma2 and Bad Behavior, the occasional spam that might slip through SK2 will (probably) get caught by BadBehavior.

    As for the captcha, you can deactivate it in the SpamKarma settings (if I remember well, otherwise the comment lands in your moderation queue)

  4. Dave Seah 18 years ago


    I got a report from someone that they saw an actual PHP error generated my Spam Karma 2 when trying to enter the captcha, which is disturbing…haven’t had time to track it down, unfortunately.

    I’m hoping that BadBehavior’s update will prevent spambots from even seeing the blog…it used to be quite effective, but the spammers have upgraded their toolset over the past few months. So BB is the first line of defense, and then SK2 handles anything that slips through the cracks.

  5. Michael Hampton 18 years ago

    That’s the general idea.

    Keep in mind Bad Behavior 2 is still in pre-release, and there are a few things that I’ve intentionally disabled during testing. Not because they don’t work, but because I’m looking to refine them to weed out any remaining (still extremely rare) false positives.

    You may be getting a few additional comment spams that would have been caught by previous versions, but on the other hand, you should have virtually no trackback spam whatsoever. On balance, I’ve found the new version is stopping much more spam than the previous one.

    And my false positive policy is to let it through if I’m not sure. I’d rather you have to read through 29 comments, 25 of which are spam, than 2,500 comments, almost all of which are spam.

  6. Michael Hampton 18 years ago

    P.S. I’m aware of the SK2/BB2 PHP error. I think it’s SK2’s fault, but since SK2 is no longer being maintained, I guess I get to deal with it. Blah.

  7. Dave Seah 18 years ago

    Thanks Michael…it’s very good of you to drop by and clarify what’s going on behind-the-scenes…thank you very much!

    I also have noticed a significant drop in spam today, as reported by SK2. I eventually did read that comment back on your blog about giving it some time to gather some data. The whole process is rather fascinating…there’s an entire war being fought behind the scenes.

    oops, I can’t edit my comment. Count to 10, try again!

  8. Michael Hampton 18 years ago

    Well, I got slashdotted yesterday on a site running BB2, so I’m going to delay things a bit in order to incorporate a couple of lessons learned.

  9. Stupid 15 years ago

    The best better idea I’ve come up with so far is to skip certain checks when someone with a level of administrative access is logged in. But that brings up two questions: How much access? and How to code it?

    I have my own ideas on how to solve this, but I need to hear more from WP users who have multiple authors, as well as MediaWiki users.