I’ve always felt that Akismet does a pretty good job of filtering out spam. After all, since I started using it, Akismet has caught around 500,000 spam comments for me. But a few months ago, I decided to try out a different anti-spam plugin that caught my eye. And surprisingly enough, it’s my Akismet stats that tell me that the other plugin is doing a great job.
What is this mystery plugin? It’s called http:BL (for HTTP BlackList). This plugin taps into the Project Honeypot databases to block access from known sources of spam, email harvesters, and the like. To use the plugin, you must register for an API key on the Project Honeypot site. Registration is free.
The plugin filters IP addresses which are registered in the Project Honeypot databases for suspicious activity, spamming, or harvesting. I’m aware of the problems of filtering based on IP, however, the plugin smartly provides an option to check how recently the IP was active, and only block accesses which have shown recent suspicious activity. Each IP address is also rated on a scale of 0 – 255, and you can choose where you want to set the “threat level” threshold.
In the graph here, notice how in early November, 2008, the number of spams that Akismet saw each day dropped to nearly nothing. Guess when I installed http:BL? The new plugin is seeing the spams before Akismet. But anything it allows to pass through still gets sent along for Akismet to check, too. Really, the main problem I still have right now are comments which appear relevant, but which link to sites that I consider spammy. But outright spam content in the comments themselves is just about never an issue anymore.
The main drawback I see is that I don’t have any easy way to gauge if it’s blocking false-positives. You can, however, login to your account on the Project Honeypot site, and lookup IP numbers to see what kind of activity it generated. Spot checking IP numbers from the plugin’s logs from time to time might prove to be interesting.
If you are having problems with spam comments on your blog, and you want to add an effective anti-spam plugin, I suggest you give http:BL a try. Let me know how it works out for you!
Related posts:
- Some blog spam cases you might want to watch for
" I like to think that I’ve got some pretty decent spam prevention measure in place on my server. My mail server uses RBL/DNSBL services..." - Yahoo! Web Hosting adds WordPress
" Double Yow! Another announcement from Matt: Yahoo! Web Hosting has added WordPress to their offerings. And as an added bonus, they automatically enable the..." - Spam: Kill it at the root
" I posted an article over on the WordPress development blog earlier on the subject of blog comment spam. Why do spammers post comments on..." - Testing a new spam blocker
" I’ve been trying to snatch a few minutes here and there to work on the automated spam blocking system that I proposed last week...." - Dear Spammers…
" Thank you for continuing to submit your data to my anti-spam systems. I have been able to put your information to very good use,..."
19 Comments
I dont know what happens with all these things
I really find your blog interesting. I don’t so much have a use for new spam filtering though. Asismet does the job for my little old blog.
I use the http:BL lists through Bad Behaviour,[1] which is an even more drastic solution.
(Bad Behaviour incorporated this recently, in v. 2.0.21.)
I’ve been using this combination for a few weeks and I’m happy with it. I don’t think I’ll go back to just Akismet or similar solutions like TypePad AntiSpam. I agree that the main drawback in this kind of defence is that it’s not easy to know what’s going on with false positives, and I’m not very comfortable with this, but, on the other hand, the alternative I was considering was to stop checking the Akismet queue for false positives, so, why let them in in the first place?
Project Honeypot seems to be good!
Cheers!
[1] http://wordpress.org/extend/plugins/bad-behavior/
I too use BB with http:BL, but I also use Akismet. All told, maybe 2 posts get picked up by Akismet per month. Enough that the three pronged defense sticks around for me!
Totally gonna use this now that Spam Karma 2 is no longer in active development. [Yes, I have thought idly about taking SK2 on, as Dr. Dave GPL'd it, but not that seriously.]
I thought Akismet did a great job of filtering out spam.
Http:BL blows it out of the water.
Having them both work in tandem is a good idea just to make sure nothing gets through.
I used it for a bit until something went awry. I can’t remember now what exactly the problem was, but it caused an issue for a friend of mine – his blog got caught in some kind of false positive because of my use of the plugin and had some issues – wish I could remember the details but it’s all hazy now. Anyway, I stopped using it because of the issue. So…although I’m not being very helpful with my lousy memory, just wanted to alert you to possible issues with it.
Also just wanted to say hi, Dougal, as SU landed me here.
Thanks for stopping by, Donna! A lot of the more recent changes to my blog, like the StumbleUpon links, were made because of your advice at WordCamp Birmingham
Actually, I’m gearing up to (finally) do a major redesign here, as I have some time between projects at the moment. I just need to make up my mind on exactly what I want to do
Hi everybody,
Good post.
Did I compreend it right, could we use bouth? Akismet and Http:BL? Cos if we could its good news …
Dam SPAMMERs!!
I found http:BL a while ago too and agree, it’s a great and effective spam killer. Can I ask what ‘Threat score threshold’ you’ve got yours set on? Mine’s on 30 at the moment, but a little spam still slips though. I’ve been wary of putting the threshold lower than that in fear of blocking genuine visitors.
I had the threat level at the default 30 for a while. But I recently upped it to 60, with no apparent ill-effects. I also don’t block on merely ‘Suspicious’ IPs, just the comment spammers and email harvesters.
I see everyone talking about akismet, and i believe its a good spam filter.
I have an bluehost account, and generated a password + user name true Fantastico on WP install.
But when i want to generate a API key to akismet, true the link on the admin panel, WP said that “my password is not correct??” I`m sure that the password i`ve typed its ok, but it keeps saying thats not ok.
Can some one help me out? I´m tired of deleting tens of spams every day …
thanks
I am using the http:BL plugin for some time now. I am quite content with it. My thread score threshold is set to one (the lowest value) and the age threshold to 30 days. When I was traveling in India I discovered that a lot of internet cafes are listed as suspicious. So I unchecked suspicious as malicious without problems so far.
Seems you can use them both at the same time?
My main problem are the false positives. At least, with Akismet, when you de-spam them, they have a chance of getting whitelisted (although more often than not you should keep doing it for the same commenters).
Did I understand correctly that this plugin has no option at all to whitelist false positives?
Thanks for any advice.
Project Honeypot is doing great service to webmasters. I am using same server but on different platform (joomla) using different plugin (sh404sef). But it is as effective as it is in Wordpress. I’ve used this service on a wordpress blog also and it really is great to have such a handy service. Just like reCaptcha all we need to do is to tweak a bit of the code and we are done. Three cheers to project honeypot.
It’s nice to have another layer of spam filtering. I run my email through something similar, the first layer bounces the most egregious and the next just moves it out of the way. One day they accidentally changed the algorithm of the first layer at the server and it literally bounced all of my email that day. This was a few years ago. Maybe I’ll change the settings myself if I ever want to pick up and move to another country with clean email
Thanks for the heads up on the new spam plugin. Sounds incredibly powerful, I’m not extremely technical, but it seems like you really couldn’t get much better protection than that, no?
This sounds good but I’m always wary of relying on blacklists, especially when you’re not able to monitor or override false positives.
Personally I’d stick with Akismet and avoid the risk of turning away legitimate contributors although it obviously depends on your personal circumstances and size of spam problem.
Still, it’s great that there’s more choice in the fight against spam. I look forward to seeing how this develops…
I know this is an old post, hope it’s no problem that I stir it up a bit.
I noticed how everyone always talk about Akismet, and what other plugins they get to work with Akismet. Clearly that’s because Akismet is the most established spam filter there is out there. I however don’t understand why people go through the trouble of doing so, there are alternatives.
SpamTask is one filter that I’ve been using for a couple of months, and I’ve had great results so far. Though the problem you address, in which people post “spammy” links to your site wont be solved until more complete filters are created. I mean unless you could personalize your filter, it would be hard to accomplish.
http://codex.wordpress.org/Plugins/spamtask/
Regards, Bryan
One Trackback
[...] Awesome spam filtering for WordPress – geek ramblings (tags: gfmorris_comment) [...]