Nothing like having 350+ comments in the moderation queue to start off the new year. This is by far the biggest comment spam attack I’ve ever had here. I’ve noticed a couple of things as a result of this attack. One, this was done from a wide range of IP addresses in a fairly short period of time, so most likely a bot. Two, I will have to got with more aggressive anti-spam methods here. Even though it looks like all of the spam was tagged for moderation, it is a paid having to go through that many, even in WordPress. Which leads me to number three, the comment moderation on my WordPress install is completely useless after more than 297 comments are in the queue. Why you ask? Because even though there are still more than 300 comments in the queue, it only displayed up to the start of 298 and then finished the page. This means that the ‘moderate’ button at the bottom of the page is never displayed. I’m not sure if this is a bug in WordPress, or a specific limitation of my install (system not beefy enough, strange MySQL problem, strange PHP problem, etc).
If I get a chance I’ll try to setup a test system to throw 300+ comments into and see what happens. In the mean time I’m definitely going to go after this problem with something more than just renaming the script that posts comments.
UPDATE 1 Jan 2005 @ 7:40pm: Ick, another 50+ spam comments. These actually got through though, because they only had 1 link in each one. I was hoping to get additional spam protection done this week, I’ll have to bump that up to the next day or two.
3 replies on “Comment Spam, WordPress Comment Moderation”
You should try spaminator. It has a tar pit feature (which slows down spammers) as well as auto spam detection and elimination. I had a giant spam attack yesterday as well with severl hundred attempts and 0 got through. They don’t even go to the moderation queue they are just eleminated. As far as I’ve seen there have been no false positives and I’m super happy with it, see here.
I do have it set to send an email when it kills a spam so I got several hundred yesterday, but I’m pretty sure this can be disabled once you trust it.
Hi Joseph,
I know you posted this a while. Since then Akismet has came into existence which helps a lot. For me it wasn’t enough. Things still slip by. So I created a numbered captcha. That combined with Akismet got rid of spam completely. I made a tutorial on how I implemented it here:
http://robmalon.com/howto-eliminate-wordpress-trackback-comment-and-pingback-spam/
If you need help with it feel free to give me a shout. Spam can really be a time suck.
Hey,
Well people who utilize comment spamming on blogs are getting smarter at what they do… and to be honest there alot of people who really do not care if the spam is closley related to the topic.. why you might ask, is because most bloggers want the free content, so it looks like they have a popular blogs and so that the search engines actually come back more often, and then they come up for a whole bunch more keywords and so on…
So it works both ways… it all depends on what the comments are… but content is content at the end of the day… Might as well let the spammers help your site, as long as you have no follow links on your out going links your sweet as…