You don’t know this, of course, but the spam is rolling in — every time I delete new spam, another 25 comments pop up. And the reason you don’t know is because I’ve been sitting her spending all of this time deleting the spam in the comment queue.
So I’m going to log out for the day. I can deal with the spam tomorrow morning.
Entries (RSS)
Here’s a few handy tips to deal with blog spam:
(Sorry for the length of the comment.)
1. “Yet Another WordPress Anti-Spam Plugin” - Long name, but extremely effective. It changes the comment form fields to random names (instead of “author”, “email”, and “url”, it’s stuff like “alskdjflaksjd”), and changes these field names every 24 hours. It adds an extra field which must be kept empty (spam bots seem to fill it in for some reason).
You just need to change a couple lines of the comments.php file.
Another perk: it looks and functions exactly the same for web users — they needn’t do anything different. No solving puzzles or anything, all the text fields look and are named the same as before…but spam bots can’t figure it out.
I enabled it on several blogs, and it’s blocked 100% of comment spam in the few weeks I’ve run it, with 0% false positives (as users aren’t affected). Blocked spam doesn’t even show up in your moderation queue, as spammers aren’t able to successfully submit it.
It doesn’t work on trackback spam, so you’ll need to keep using Akismet for that.
2. reCAPTCHA. Create a free account, download and install the plugin, and enter the keys given in your account. It provides an easy-to-solve CAPTCHA (”anti-spam word”), but has an additional benefit: solving the CAPTCHA helps read books.
Specifically, the project is an offshoot of an effort to digitize books. However, the text-scanning software frequently isn’t able to recognize a word. Thus, two words are presented to users: a known word and an unknown word. Users enter both to proceed. If the known word is correct, the system assumes the unknown word was also entered correctly. It presents the unknown word to lots of people to confirm that everyone recognizes as the same word, then puts it in the “known” category and allows the text-reading software to recognize it in the future.
You can also use reCAPTCHA to mask email addresses on your site, helping to prevent spammers from harvesting your email.
3. Project Honey Pot — put “decoy” pages on your server and put hidden links to them in invisible parts of your site. Email harvester and comment spamming bots are attracted to them, and thus get logged in the project’s database. For each visit, unique email addresses are generated, so the project can link the servers sending email spam to the harvesters that collected that specific address, allowing them to better analyze spammers and how they operate.
There’s a WordPress plugin that can query their database of comment spammers, thus blocking them from your site and re-directing them to a honeypot so they can slurp up more decoy addresses.
The project is mostly geared towards identifying email harvesters and spammers, and a bunch of comment spam still gets through, even when querying their database.
Even so, you might consider running a honeypot or two on your site, or donating an MX record. If you’d prefer not to run your own, but instead put links to existing “honeypots”, you can do so. I maintain several that you could link to, if you wish — email me for details.