A) Odds are those are trackback spam. No form necessary nor registration.
B) You’ll want some antispam prevention. My standard suggestion:
Install and activate Akismet or Spam Karma 2. Then install and activate Bad Behavior.
http://akismet.com/
http://unknowngenius.com/blog/wordpress/spam-karma/
http://www.bad-behavior.ioerror.us/
For those who struggle with the Akismet directions: http://wordpress.com/api-keys/
See also the Combating_Comment_Spam page in the Codex.
OK thanks Handy, turning off trackback seems to have solved the problem. Will look into these anti-spam tools you suggested. It’s too bad, though, that wordpress isn’t more spam-resistant out of the box.
Well I enabled Kismet, and it is catching spam, which is great, but I would rather the spam be disallowed. I shouldn’t need a spam catcher if I require users to register before posting–or does WordPress allow these robots to register automatically? I have turned off trackback or at least have set the option in the control panel but I suspect the main reason spam slowed down was that I blacklisted all the offending IP addresses.
Where in the code does it allow unregistered strangers to arbitrarily store messages in my database???? This is crazy! I will just delete the damn code. I want complete control over this site.
No reason to go on a rampage over your unfounded suspicions. Trackbacks are a useful feature which needs to work the way it does.
If you don’t care about trackbacks or pingpacks then do as you’ve done and turn them off. They’re not regular comments, so turning off comments doesn’t automatically turn those off too – hence the reason they have their own off switch.
What you do or don’t suspect based on 2 minutes of experience shouldn’t be sufficient reason for you to elevate your heart rate. If you like, test the facts by clearing the blocked IP addresses.
As per the FAQ I have renamed the “wp-trackback.php” and will see if comments continue to appear. I wonder if anyone else has this kind of problem. Perhaps WordPress is the wrong tool for a mostly presentation, occasional discussion type of site.
Maybe it’s the wrong tool for people who are overly concerned about things which are not actually happening.
To me it sounds like you’ve solved your problem, but that doesn’t seem to be enough for some reason.
With trackbacks disabled, and registration required to comment, I’d be surprised if you’re still seeing any spam at all.
I disabled trackbacks (via the admin panels, not renaming any file) and accept comments only from registered users, and I have yet to get a single spam message.
Keep in mind that turning off trackbacks in the admin panel only affects future posts. You have to edit each post you already have and explicitly disable trackbacks.
Bobcat – thanks for your suggestion. I disabled pingbacks for each posting (no option to change trackbacks). The spam has stopped for the moment. Interestingly, the spam didn’t stop after only renaming the wp-trackback file.
(@blisterpeanuts)
16 years, 6 months ago
I have a WordPress 2.0.11 installation that has not gone public. No one even knows it exists, but since it’s in mydomain.com/blog, some robots have obviously discovered it by chance and they’re managing to put spam comments like “Buy Viagra” into the queue even though I have the options set to “Comment author must fill out name and e-mail” and “Comment author must have a previously approved comment”. There are no registered users other than myself.
Even when I completely disabled comments, so that you don’t even see a link to leave a comment, I am still getting spam comments. I’m guessing the robots are using some back door to send comments. What’s going on here anyhow? I want to go live with this site but not if dozens of spammers are going to attack and bypass the permissions!
Thanks for any help