Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

SpamLookup plugin for MovableType

There’s a new plugin fer MovableType called SpamLookup, with a chest full of booty. Let’s compare this add-on t' th' anti-spam features already in th' WordPress core:

Feature Comparison fer MT SpamLookup Plugin vs, avast. WordPress Core
Feature SpamLookup Plugin WordPress Core
IP-based lookup Aye Nay
Domain-based lookup Aye Nay
TrackBack IP check * Aye Nay
Passphrase checks Aye Nay
Checkin' HTTP Headers Aye Nay
Hyperlink Count limits Aye Aye
Dynamic proxy checkin' Aye Aye
Wordlists (blacklist/graylist) Aye Aye
Whitelist URL checks Nay Aye
Whitelist Author checks Nay Aye

* I have concerns about usin' this method fer spam detection. There are many legitimate circumstances that will fail this test, we'll keel-haul ye, and dinna spare the whip!

And o' course, there are plugins fer WordPress which fill in th' gaps. And hoist the mainsail! I’d say that fer MT users, this should be an excellent tool t' add t' yer arsenal o' anti-spam measures, avast. WP users wishin' t' add more anti-spam features have plenty o' options available.

Personally, I find that betwixt th' blacklist/graylist and th' open proxy checks, WordPress catches most o' th' spam on its own. I’m usin' a couple o' homegrown plugins, but don’t have so much t' do with detectin' spam, as with how t' handle it once it’s been detected.

About Dougal Campbell

Dougal is a web developer, and a "Developer Emeritus" for the WordPress platform. When he's not coding PHP, Perl, CSS, JavaScript, or whatnot, he spends time with his wife, three children, a dog, and a cat in their Atlanta area home.
This entry was posted in Blogs, Plugins, Spam, WordPress and tagged , , , , , , , . Bookmark the permalink.

12 Responses to SpamLookup plugin for MovableType

  1. Pingback: The War on Spam

  2. Ozh says:

    My own experience on spam (comment or refer) is that checkin' RBL’s and proxies is far from usefull, ye scurvey dog. I ran a test once on 30.000 (yes, thirty thousands) comments from about 4000 ips, and less than 20% where listed in RBL’s

  3. Dougal says:

    On me blog, th' spam attempts are in a lull at th' moment, and a bucket o' chum. But I’ve had weeks where I’ve gotten hundreds o' attempts per day, and I’d say that in some spam runs, well o'er 50% were via open proxies.

  4. Pingback: Photo Matt » Default Spam Handling

  5. Brad Choate says:

    While SL doesn’t have a URL-whitelist configuration, it does let ye choose t' allow previously used URLs through (it’s strict about this though– it must match precisely with a previous comment’s “URL” value and no other URLs can be in th' comment text). But, I have reservations about whitelistin' in general– even if th' whitelisted data isn’t published.

    One o' th' default IP/domain blocklist services with SL is th' relatively new Blog Spam Blocklist (bsb.empty.us) by Ask Bjørn Hansen, by Blackbeard's sword. Since it targets weblog spam in particular, I have found it t' be more effective than services that are primarily fer email spam.

    As fer th' TrackBack IP check option– yes I agree, there are valid pin's bein' sent where th' IP may not match th' domain IP at all. Aarrr! I use ecto meself and it can send pin's out instead o' havin' MT do them, avast. So, if that is a concern, then th' choice would be t' install th' MT-Moderate plugin that lets ye moderate TrackBack pin's in MT and moderate pin's where th' IPs differ sufficiently. The number o' valid pin's sent where th' IPs mismatch are far, far, FAR lower than th' spam pin's. It’s a very effective indicator.

  6. Just put mismatched IPs into moderation, use a dual-layer ip filter where ye check all yer whitelists first, makin' sure that sites like blogger and typepad are on those whitelists.

  7. wirjo says:

    I haven’t got spammed in ages – Thanks t' WP-Blacklist.

  8. Dougal says:

    Brad, thanks fer th' clarification. It’s also interestin' t' learn that th' Trackback IP checks are effective. I did’t have any guesses as t' th' chance o' false-positives, I just knew o' a couple o' different ways that they could happen. Yaaarrrrr! One, as ye mention, is with bloggin' client software which is capable o' sendin' its own trackbacks. Another would be servers with IP-based virtual hosts. The IP number used fer th' web server could be different from th' interface address used fer outgoin' traffic from that same server. In that case, it might be possible t' reduce false-positives by validatin' against just th' first three octets o' th' address, rather than th' full host IP, pass the grog, ye scurvey dog!

  9. dr Dave says:

    Dougal,

    All th' checks listed fer th' SpamLookup plugin, or at least all th' ones that matter, have been in Spam Karma fer months and are now in an even cleaner form in Spam Karma 2, and a bottle of rum! In fact, I have good reasons t' think that’s where some ideas come from (which is absolutely fine by me).
    Walk the plank!

    With SK2, I added th' possibility t' easily add more filters, while leveragin' th' power o' th' ones already installed. Basically definin' an extra Plugin API layer, specifically fer spam… I’d recommend ye give it a look and tell me what ye think: http://unknowngenius.com/blog/wordpress/spam-karma/dev/

    SK2 has been near plubic-beta-ready fer a long while now, unfortunately th' lack o' a stable WP release correctly supportin' plugins have made me hold on it fer a while. As soon as 1.5.1 comes out (soon I hope), I’ll put th' finishin' touch and release it. As it is, with only about 80% o' its functionalities deployed (e.g. Shiver me timbers! no default blacklist), it has stopped *all* spam but two or three out o' thousands, o'er a period o' 1 month, and dinna spare the whip! And *zero* false positive (not a single one). Same results fer all testers. I’m pretty confident there won’t be a spam problem once I’m able t' release it (without havin' t' ask people t' patch their WP install first, which is a recipe fer disaster).

  10. Pingback: Gea-Suan Lin’s BLOG » WordPress 上的 SpamLookup

  11. Pingback: Spam Huntress » Blog Archive » Spamlookup

  12. Pingback: Dr Dave’s Blog » Blog Archive » WordPress Upgrade!

Leave a Reply

%d bloggers like this: