Comment Spam Achieving Epic Proportions

December 15, 2006 – 2:48 pm

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

For the first time I actually suffered from server load problems under the weight of the relentless army of comment spam bots. I now realize there’s one flaw in the Wordpress system that comes into play, and that is the spam comments are inserted into the MySQL database and processed by PHP, so when the numbers start hitting 10,000 per day, you end up with real performance issues.

Off the top of my head, I’m figuring on implementing a few different solutions.

1) Add some mod_security rules to examine the payloads
2) Check to make sure the form was submitted from the local domain
3) Look for plugins to augment Akismet

Number 2 is easy enough:

RewriteCond %{HTTP_REFERER} "!^http://directory.sootle.com/.*$" [NC]
RewriteCond %{REQUEST_URI} “.*wp-comments-post.php$”

That should cut back on a bit of the troubles and is the easiest to implement. I can also think about renaming the comments page, etc, but that seems like more hassle than it’s worth.

This situation promises to get worse, as more and more dummies discover the joys of automating spam, so any solution you implement will need to be flexible.

If you enjoyed this post, subscribe to the Sootle RSS feed!.

  1. 4 Responses to “Comment Spam Achieving Epic Proportions”

  2. Thanks for this tip about SPAM. I have a website with a form people fill in with their normal contact details to obtain information by post.

    Now receiving hundreds of spam forms back each day and wish to delete these. Can I use the coding in 2 to stop these.

    Also where will I get the coding to generate random characters that they have to key in to stop all these automated form responses coming back.

    Thank you.

    Trevor

    By Trevor Mitchell on Dec 18, 2006

  3. Yes, you can give that code a try. Make sure to change the name “wp-comments-post.php” to the correct name of the form.

    Is your server PHP? If so, you can use a Captcha library to generate Captcha images.

    By Darren McLaughlin on Dec 18, 2006

  4. Hi…

    I have been having the same problem in my forums as well as in contact forms.

    I use HiQFM 2.0 for the contact forms, rename the directory which I keep the form in, rename the default config and specify a new one. This seems to keep spammers in check for the contact form.

    I had to shut down the webmaster forums. If the only kind of posts I am going to get are crap posts from spambots run by people who think they are SEO Pros, there is no reason to try to run a respectable community.

    Anyway, my question is…

    RewriteCond %{HTTP_REFERER} “!^http://directory.sootle.com/.*$” [NC]
    RewriteCond %{REQUEST_URI} “.*wp-comments-post.php$”

    …those lines go in the .htaccess file? Or are these lines meant to be appended directly into Wordpress?

    -Thanks… Doug

    By Doug Peters on Dec 28, 2006

  5. Doug, those go in .htaccess, but don’t use those exact lines.

    What is the filename of the form?

    If you’re using Wordpress, check out Bad Behavior. This one will stop spam before it gets injected into your MySQL, which is a big key.

    By Darren McLaughlin on Dec 28, 2006

Post a Comment

Sootle Weblog is proudly powered by WordPress Entries (RSS) and Comments (RSS). Theme by Bob

Copyright 2008, All Rights Reserved. Thanks for visiting a Performance Marketing Group Network Website. Advertise Here. Get A Free Link. Please visit one of our other quality websites.:
Thanks for visiting. News updated daily at Times Of The Internet Please visit the PerformanceCorporate Directory. Member of the Blog Republic.

Copyright 2003-2008, Sootle. Browse All Pages