Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

SpamLookup plugin for MovableType

There’s a new plugin for MovableType called SpamLookup. Let’s compare this add-on to the anti-spam features already in the WordPress core:

Feature Comparison for MT SpamLookup Plugin vs. WordPress Core
Feature SpamLookup Plugin WordPress Core
IP-based lookup Yes No
Domain-based lookup Yes No
TrackBack IP check * Yes No
Passphrase checks Yes No
Checking HTTP Headers Yes No
Hyperlink Count limits Yes Yes
Dynamic proxy checking Yes Yes
Wordlists (blacklist/graylist) Yes Yes
Whitelist URL checks No Yes
Whitelist Author checks No Yes

* I have concerns about using this method for spam detection. There are many legitimate circumstances that will fail this test.

And of course, there are plugins for WordPress which fill in the gaps. I’d say that for MT users, this should be an excellent tool to add to your arsenal of anti-spam measures. WP users wishing to add more anti-spam features have plenty of options available.

Personally, I find that between the blacklist/graylist and the open proxy checks, WordPress catches most of the spam on its own. I’m using a couple of homegrown plugins, but don’t have so much to do with detecting spam, as with how to handle it once it’s been detected.

About Dougal Campbell

Dougal is a web developer, and a "Developer Emeritus" for the WordPress platform. When he's not coding PHP, Perl, CSS, JavaScript, or whatnot, he spends time with his wife, three children, a dog, and a cat in their Atlanta area home.
This entry was posted in Blogs, Plugins, Spam, WordPress and tagged , , , , , , , . Bookmark the permalink.

12 Responses to SpamLookup plugin for MovableType

  1. Pingback: The War on Spam

  2. Ozh says:

    My own experience on spam (comment or refer) is that checking RBL’s and proxies is far from usefull. I ran a test once on 30.000 (yes, thirty thousands) comments from about 4000 ips, and less than 20% where listed in RBL’s

  3. Dougal says:

    On my blog, the spam attempts are in a lull at the moment. But I’ve had weeks where I’ve gotten hundreds of attempts per day, and I’d say that in some spam runs, well over 50% were via open proxies.

  4. Pingback: Photo Matt » Default Spam Handling

  5. Brad Choate says:

    While SL doesn’t have a URL-whitelist configuration, it does let you choose to allow previously used URLs through (it’s strict about this though– it must match precisely with a previous comment’s “URL” value and no other URLs can be in the comment text). But, I have reservations about whitelisting in general– even if the whitelisted data isn’t published.

    One of the default IP/domain blocklist services with SL is the relatively new Blog Spam Blocklist (bsb.empty.us) by Ask Bjørn Hansen. Since it targets weblog spam in particular, I have found it to be more effective than services that are primarily for email spam.

    As for the TrackBack IP check option– yes I agree, there are valid pings being sent where the IP may not match the domain IP at all. I use ecto myself and it can send pings out instead of having MT do them. So, if that is a concern, then the choice would be to install the MT-Moderate plugin that lets you moderate TrackBack pings in MT and moderate pings where the IPs differ sufficiently. The number of valid pings sent where the IPs mismatch are far, far, FAR lower than the spam pings. It’s a very effective indicator.

  6. Just put mismatched IPs into moderation, use a dual-layer ip filter where you check all your whitelists first, making sure that sites like blogger and typepad are on those whitelists.

  7. wirjo says:

    I haven’t got spammed in ages – Thanks to WP-Blacklist.

  8. Dougal says:

    Brad, thanks for the clarification. It’s also interesting to learn that the Trackback IP checks are effective. I did’t have any guesses as to the chance of false-positives, I just knew of a couple of different ways that they could happen. One, as you mention, is with blogging client software which is capable of sending its own trackbacks. Another would be servers with IP-based virtual hosts. The IP number used for the web server could be different from the interface address used for outgoing traffic from that same server. In that case, it might be possible to reduce false-positives by validating against just the first three octets of the address, rather than the full host IP.

  9. dr Dave says:

    Dougal,

    All the checks listed for the SpamLookup plugin, or at least all the ones that matter, have been in Spam Karma for months and are now in an even cleaner form in Spam Karma 2. In fact, I have good reasons to think that’s where some ideas come from (which is absolutely fine by me).

    With SK2, I added the possibility to easily add more filters, while leveraging the power of the ones already installed. Basically defining an extra Plugin API layer, specifically for spam… I’d recommend you give it a look and tell me what you think: http://unknowngenius.com/blog/wordpress/spam-karma/dev/

    SK2 has been near plubic-beta-ready for a long while now, unfortunately the lack of a stable WP release correctly supporting plugins have made me hold on it for a while. As soon as 1.5.1 comes out (soon I hope), I’ll put the finishing touch and release it. As it is, with only about 80% of its functionalities deployed (e.g. no default blacklist), it has stopped *all* spam but two or three out of thousands, over a period of 1 month. And *zero* false positive (not a single one). Same results for all testers. I’m pretty confident there won’t be a spam problem once I’m able to release it (without having to ask people to patch their WP install first, which is a recipe for disaster).

  10. Pingback: Gea-Suan Lin’s BLOG » WordPress 上的 SpamLookup

  11. Pingback: Spam Huntress » Blog Archive » Spamlookup

  12. Pingback: Dr Dave’s Blog » Blog Archive » WordPress Upgrade!

Leave a Reply

%d bloggers like this: