[wp-hackers] Simple comment spam experiment

Alexander Beutl xel at netgra.de
Wed Apr 16 16:15:10 GMT 2008

@code prole
you may try "spam karma 2" which uses a multilayered approach but it has
problems when your site gets havy load. (As I was told by Robert Basic from
basicthinking.de who lives from being a blogger afaik).

The thing is: No spams slip through it at my blog today. None. Basicly none
since about half a year or so. It even checks how long since page load and
stops them who where too fast. But then there are times where plenty get
into moderation and get closer and closer near the point they would have
been published instantly and you start optimising the configuration. I am at
a point today where I get only about 1-2 spams per day into moderation queue
but I don't think this will last a long time, in a month or two it will be
10 or 20 if i belive the trend.
And there is not much room left to get the spam prevention more tight via

I am nearly sure Matt is right saying only custom and umknown techniques
will help in the long term - at least until some genious has any idea which
will be uncrackable by spiders and not annoying visitors.

2008/4/16, code prole <code.prole at gmail.com>:
> On Apr 16, 2008, at 10:25 AM, Matt Mullenweg wrote:
> >
> > From 2002:
> >
> > http://diveintomark.org/archives/2002/10/29/club_vs_lojack_solutions
> >
> > "The really interesting thing about these approaches, from a game theory
> > perspective, is that they are all Club solutions, not Lojack solutions.
> > There are two basic approaches to protecting your car from theft: The Club
> > (or The Shield, or a car alarm, or something similiar), and Lojack. The Club
> > isn't much protection against a thief who is determined to steal your car
> > (it's easy enough to drill the lock, or just cut the steering wheel and
> > slide The Club off). But it is effective protection against a thief who
> > wants to steal a car (not necessarily your car), because thieves are
> > generally in a hurry and will go for the easiest target, the low-hanging
> > fruit. The Club works as long as not everyone has it, since if everyone had
> > it, thieves would have an equally difficult time stealing any car, their
> > choice will be based on other factors, and your car is back to being as
> > vulnerable as anyone else's. The Club doesn't deter theft, it only deflects
> > it.
> >
> > "Similarly, installing a secret form field on your comment form will
> > stop spammers from spamming your comments, until enough people do that that
> > it's worth the spammer's time to upgrade their scripts. Ditto referer hacks
> > (just set the referer); ditto registration schemes (just auto-register);
> > ditto time limits (just hit each weblog sequentially). Ditto ditto ditto."
> >
> > --
> >
> What I notice about the majority of my comment spam is that it typically
> includes dozens of links and line breaks (carriage returns).  Being new to
> PHP I don't (yet) know how to write a simple routine to examine each comment
> (using regular expressions, perhaps?) to simply not accept any that have
> more than a configurable number of links and or carriage returns.
> I realize that Askimet is already trapping those with more than a set
> number of links, but I want to trash those with, say more than 5 links
> total; not even pass them to Askimet.
> Beyond that I think a layered approach is best.  Renaming the comment form
> (perhaps having a configuration option to due that in WP?), using a nonce,
> examining comment contents for number of links and/or carriage returns,
> requiring previews and IP matching the post with the preview, et cetera.
> My tiny little site gets only a handful of comment spam daily, so far, but
> I am eager to find a solution that will grow with my site's ever increasing
> spam counts.
> --
> code prole
> coding for the proletariat since 1976
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list