Spam Comment Blocked Count

Hey marcbkk,

I’ll be happy to help you out and answer your question.

No matter the capabilities of the bots, every spam attempt that gets blocked is counted by the plugin.

There’s a good chance that since you’ve been blocking those countries for awhile via .htaccess that they are no longer targeting you…for now. Some spammers track if their spam gets through, and if it does, they hit those sites even harder. When they get shut down consistently they go elsewhere. It could also be that it just goes in waves, and there will be some future increases in attempts. It’s likely that whatever the scenario you’re just at a quiet period in spam attempts right now, hence only 17 spam attempts in 24 hours.

As far as what gets counted, WP-SpamShield counts all spam attempts, including spam comments, spam trackbacks/pingbacks, spam contact form submissions, and spam user registrations. I just added a new FAQ about this earlier today that you may want to check out.

If you’d like to track this and see exactly what has been blocked, feel free to turn on “Blocked Comment Logging Mode” and check out the log after the counter goes up. If you want to see all items logged, included the ones that aren’t blocked, then choose the option “Log All Comments”. More info in the relevant FAQ here.

I hope that helps answer your question.

Thanks! I’m glad you’ve been getting to see what it’s like to have WordPress site without spam. 🙂

– Scott

You’re welcome. 🙂

The spammers can check a few ways…they could check and see if they get an error message (meaning failure) or if they get a comment moderated message, of it just gets accepted and shows up right away.

I hear you…spam is a real pain. Yes, I completely agree…letting spam into the database even to place it in a queue can really bloat the database. That’s one main reason why I didn’t even want to let a comment into the DB until it’s already been checked for spam. I’m glad to help!

Yes, agreed, CAPTCHAS are definitely unfriendly to users. Multiple studies have been done that show they can really hurt your business/site. I’m sure you will get more comments now.

Maybe you can help spread the word by letting your friends know about it! 🙂

Let me know if you ever need help again. Take care.

Hey Marc,

You’re welcome. I saw that review too. To each their own, I guess. 🙂 Yes, haha I know right…I had the same thought that they were asking for an Akismet clone. Exactly right on having mass spam submissions. One thing people don’t realize is that, besides having a bloated database slowing down a site, spam can be used as a DDOS attack, so keeping it out of the database is really important.

Thanks so much…I really appreciate the positive feedback and rating.

Take care, and please let me know if you ever need help again.

– Scott

You got it.

There is a LOT of money in spam. There are a number of reasons why they do it…here are a few of the main ones:

1. To get links to a client site to help them rank better in Google. Although in theory this would only work on sites that use “follow” links instead of the default of “nofollow”. Sites that uses “Dofollow” plugins get hit hard. (There may be a tiny amount of SEO value in “nofollow” links, but not much.) This is done by very low-quality SEO companies. (I hesitate to even call them SEO companies…they’re scammers.) Sometimes it’s not even to actually get better results in Google…it’s just to get a certain number of new inbound links to a site so that when they report to their client each month, they can wow them that they are fulfilling their obligations. If a client doesn’t’ know anything about SEO they will fall for it and think they are actually getting value when they are not. (Then they will wonder after a while why they aren’t doing any better.)
2. To get eyeballs on a webpage for their clients. Even when there isn’t SEO value, there is always value in getting clicks to a page, and getting people to see it, and to potentially purchase whatever product or service is being advertised.
3. SQL Injections on 3rd party sites. There is a fairly new genre of hacks that use a link from your site combined with a search engine crawler (like Google’s) to hack a third site. It involves posting a specially crafted link in a submitted comment. If it gets accepted to the page, when Google (or Yahoo, Bing, etc) crawls the site, and goes to the site in the link, it activates the SQL injection hack (if the site is vulnerable) and then there is no evidence of who actually did it, other than the search engine crawler.

You’re welcome.

That would indicate that the spam attempts have gone down.

The way the plugin works would not prevent the spambots from making a spam attempt at all…There’s no “pre-filter” so to speak. It does stop the spam earlier in the comment submission process than a filter like Akismet (ie before it gets to the database), but the comment (or trackback/contact form/registration) attempt does have to be posted to the site for it to process it in the first place.

The only way to stop the spam attempts from even being made is via .htaccess (but as you’ve noticed, there’s a good chance you can limit real users by doing this if you’re not careful), so if you have removed that, then spammers are free to submit. If they get submitted, they get tracked by the plugin, and therefore counted when blocked.

Sure, doing an experiment where you turn it off is the only real way to see how the numbers match up. It’s important to realize that numbers can change daily too.

Sounds good. I look forward to hearing about your results.

Yes, I’m very familiar with that concept. In fact, WP-SpamShield incorporates something similar (but a bit more advanced) as one of the many anti-spam techniques it uses.

Hey Mark…when you get a chance, I’m curious how your test went.

No worries. Life gets busy. That sounds about how I guessed it would go…but only way to know for sure is to test it out. 🙂 Excellent…Thanks for the great feedback!