One month of spam
As measured from 2006-11-14T12:33 to 2006-12-14T12:44. I now have the fun of deleting them all.
UPDATE 2006-12-15: As of the end of -12-14, it was 3,268.
And in case you’re wondering, not one spam made it to visibility, and not one legitimate comment was blocked. This is because I use the Comment Authorization plug-in for WordPress. Despite its disclaimers, it works just fine for me on WP 2.0.4. (And in case you’re wondering what happens if somebody doesn’t supply an email address: I get to approve it myself. It’s rare, though.)
UPDATE 2006-12-16: OK, not quite. I just got done scrolling through the moderation queue to double-check that there were no legitimate comments in it (in preparation to delete them all), and I did find exactly two real comments being held there. One had no real email address associated with it; I don’t yet know why the other one (the first comment on this post, in fact) wasn’t approved. It may simply be that Mike had not yet received the self-authorization email in the time that the 370 comment spams after it came in. I wasn’t looking at timestamps. ☺
Now I get to look into ways of stopping the spammers from even getting into the queue. I’m thinking of a JavaScript that dynamically changes the action of the form, or a reverse-CAPTCHA that makes you delete some text.
Any other suggestions before I start hacking?
December 14th, 2006 at 13:23:41
Have you tried http://akismet.com/?
You can a free key if you sign up for a WP account.
December 15th, 2006 at 13:01:49
yipes, have you tried and been displeased with Spam Karma 2 and Bad Behavior? I’d recommend immediately installing both. :)
http://unknowngenius.com/blog/wordpress/spam-karma/
http://www.homelandstupidity.us/software/bad-behavior/
I’m just starting to learn obj-c and cocoa, and I like your blog, so I’m subscribing.
December 15th, 2006 at 18:07:13
[quote comment=”3992″]yipes, have you tried and been displeased with Spam Karma 2 and Bad Behavior? I’d recommend immediately installing both. :)[/quote]
Spam Karma 2’s wiki page is amusing — it’s filled with spam, itself. ;) (Note to all MediaWiki administrators: You need to turn on login. Yes, even though it’s a wiki. Either that or write some WP-esque spam-prevention plug-ins.)
My problem with both plug-ins is that they do not disclose how they work, which makes me leery of installing them. I don’t want to install anything that will block a legitimate comment, and if I don’t know what the plug-in does, it’s hard for me to decide (1) whether it is likely to be effective and (2) whether it is likely to block any legitimate comments.
The introductory post for Spam Karma does provide plenty of information on how SK works, but that’s SK 1.4; I don’t know whether SK 2 does anything more, less, or differently, and I’m not interested enough to find out. Bad Behavior has no useful information at all — only that it does something or other involving HTTP headers.
[quote comment=”3992″]I’m just starting to learn obj-c and cocoa, and I like your blog, so I’m subscribing.[/quote]
Glad to hear it. :)
December 16th, 2006 at 00:40:55
[quote comment=”3571″]Have you tried http://akismet.com/?
You can a free key if you sign up for a WP account.[/quote]
First, you should get an email when you comment that allows you to approve your own comment. (That’s the Comment Authorization plug-in at work.) I found your comment in the moderation queue while I was cleaning out all the spam comments — apparently there were two legitimate comments among the 3360 comments in the queue, and I’ll update this post in a few minutes. This suggests to me that either you didn’t get the email or I got about 370 spams in between your comment and when I started going through the queue. (For that matter, I had 49 new spams waiting for me when I got done.)
And Akismet has an insanely high percentage of false positives. We found this out on the Adium Trac; we started to have lots of wiki and ticket spam, so we installed the Akismet plug-in for Trac. Soon after, we started getting lots of bug reports by email because Akismet would reject their ticket submissions as spam. I don’t know if there’s any difference between Akismet on a Trac and Akismet on a blog, but this experience combined with Akismet’s secrecy regarding the exact operation of the plug-in (sense a theme here?) makes me very averse to using Akismet.