Friday, November 26, 2004

comment spam

The daily comment spam is getting worse and worse -- easily 100+ per day. It never makes it to the website because WordPress is setup so I need to approve all postings, but it is a PITA to weed
through the spam to find the occasionally real comments.

I've seen on Jeremy Zawodny's blog that in order to post, you need to type *his* first name in one of the forms. Not rocket science if a human is making the posting, but perhaps just difficult enough for the spammer's script to fail. The other nice thing is you can always change the question to something equally as trival. Say, "what the the color of the sky?" or "3141592 is my favorite number, what is my favorite number?"

Jeff Barr posted an entry on exactly how to do that in Wordpress. The only thing that was a little tricky was the change to wp-comments-post.php was on line 22 in my copy of the file. The difference because the file is a DOS format and emacs displayed it with ^M^M at the end of each line (essentially halving the
number of line Jeff saw.

The changes work for me...


  1. Yep, just about anything you can do to make your comments vary from the out of the box configuration helps tremendously. Rename the comment script. Change the field names. Bloxsom's Rael put in an required field with a lil' math problem: what's 2+3? The spam scripts tend to be quite brittle. A little unexpected variation tends to foil them.

  2. Sometimes I think the spammers just Google for 'wp-comments-post.php'... That's what I'd do if I ever developed a mean streak. ;-)

  3. [...] om string trackbacks from this morning. And I was so happy with the little WP hack that stopped all the comment spam. [...]