I like to think that I’ve got some pretty decent spam prevention measure in place on my server. My mail server uses RBL/DNSBL services and sets maximum limits for certain protocol violations. All my blogs use Akismet for comment spam detection. I’ve got a large number of entries in my comment moderation and blacklist lists. And I hook it all together into my SpamValve plugin, which automatically adds firewall rules to block repeat offenders.
Still, though, occassionally I get bursts of traffic that either aren’t detected by these measures, or that are detected, but the process of handling the connection causes excessive load on the system. When that happens, I typically add new code to my SpamValve plugin to automatically block future attempts at the firewall. Here are some of the things that have caught my eye recently that caused me to take action:
- GET requests for trackback URIs
- When WordPress detects a trackback using HTTP GET instead of POST, it redirects the client to the permalink of the associated post. But that’s all it does. I flag that as a possible spam attempt. If I get several of these from the same IP, I temporarily block that host at the firewall.
- Bogus User Registrations
- I once saw a flurry of fake user registrations on one of my sites. I’m not sure what the purpose was, but it annoyed me. User registration attempts get flagged. There’s no legitimate reason why I should get more than 5 user registrations from the same host in a 48 hour period. So if I see that happen, I block the host.
- Direct (non-referred) posts to
wp-comments-post.php - If an attempt to post a comment doesn’t have an HTTP Referrer that comes from this site, it’s flagged as a spam attempt. The comment is still processed normally, with the usual Akismet spam/ham checks, and if it doesn’t appear to be spam by other means, the comment appears on the site. But if more than a few of these come from the same host, the host will get blocked. Yes, there are personal firewalls and browser privacy extensions that strip the referrer information out. But I doubt that anybody using those is going to need to post more than 5 comments here in a 48 hour period. Still, this is probably the one rule of mine that is most prone to false-positives. But it’s not likely enough for me to lose sleep over it.
- Too many spam comments from a host
- And, of course, if a blog comment is flagged as spam by any of the usual means (i.e. by Akismet or any other spam detection plugins), the host is flagged. More than 5 spams from the same host? Blocked!
- Mail spammers
- Lastly, I monitor my mail server log. Any time a message is rejected by the anti-spam measures in place there, the client IP is flagged. Again, more than a few spam attempts from the same host earn a place in my firewall rules.
These are some of the things I look for to prevent repeated abuse. There are other things as well, that I consider slightly less serious. For example, I recently discovered that a MySpace user was hotlinking an image of mine. So I’ve put measures in place to ensure that unapproved sites can’t hotlink those particular images.
I’m still keeping an eye on my logs to catch other types of abuse that need blocking. Have any of you other spam warriors noticed any trends of abuse lately?
One rule I found that’s been helpful to me: A lot of spam comments mix HTML links with [url=""][/url]-type links, trying to create valid link text no matter what site they’re posting to. Since my site doesn’t use the latter type of link syntax, I put in code to automatically block any comment which contains it. It does seem to have made a difference.
I love my Akismet. I almost gave up blogging a while back because of my spam issues. Life is better now.
A simple CAPTCHA plugin works great for me. The best one I’ve tried for Wordpress is SecureImage:
http://uberdork.supertwist.net/2005/03/13/plug-it-in-plug-it-in/
Ebonmuse; a problem with that is less web-literate users and commenters. I regularly see people try to post links etc using BBcode on blogs, and regularly those are legitimate links and users. Thee and me know proper html, many more don’t, and bbCode was designed to make things easy for the non web-literate.
I installed Bad Behaviour last weekend. My Akismet caught stuff has plummetted (one in the last three days) and the uncaught has disappeared. Bad Behaviour has blocked 1955 in the last 7 days, which is about what I was getting before. Very impressed.
My host doesn’t allow firewall access, so SpamValve no good to me currently, but it looks useful as a set of rules.
I have a pretty solid spam-blocking combo on my blogs. I honestly can’t remember the last time an actual spam got through. Details and links on my site:
Nerdaphernalia - spma blockers post
(In a nutshell: Bad Behavior + Spam Karma + Spam Karma “Akismet” plugin)
Ditto Marsha (2.) and Stephen (5.), Bad Behavior, Spam Karma and Askimet saved this particular blogger from giving up in disgust.
I was fielding 2,000 spam comments a day and now Askimet catches perhaps twenty and I hardly ever get any it’s not sure about.
I Was 40 comment spam everyday
By the way, posts to wp-comments-post.php without referrer variable it’s very rare today. Even a most stupid coder can read documentation for curl, for example and put a fake referrer to GET request. The best solution in this case it’s some sort of Captcha plug-in like mentioned by Gerald above.
Yes, it’s easy to fake the referrer. But I based that test on what I have actually been seeing in my logs. I was getting a lot of attempted comment posts without referrers. Pretty much all of the tests I do (the ones mentioned above, and others that I didn’t discuss) are based on direct observation of activity on my server.
Sometimes I see requests that are not obvious spam attempts, but are at best unfriendly crawlers (doesn’t respect my robots.txt, sucks down page after page of archives, ignores errors, etc). When these start having a noticeable effect on my server, I’ll manually flag those for firewall blocking. When an unfriendly client can no longer access your server at all, it really helps out with your system load.
I Had no Idea spam was so prevelant, I guess it’s all about intent, If the person making the post or comment is trying to contribute or share information that might be helpfull than that post is acceptable