WordPress › Support » spam slips through bad behavior & spamkarma2

richards1052
Member
Posted 6 years ago #

Name: stud card picks covenant
| E-mail: 8cx6c@work.com
| URI: [poker-related] | IP: 62.193.231.242

nice site keep it on ;)

I've installed spamkarma2 & bad behavior and they seem to be doing a great job. I've had a few spam comments they didn't catch but those seemed pretty well disguised & I wasn't surprised that they might've had trouble flagging those.

But the one above seems so patently & egregiously spam that I'm pretty surprised that neither one caught it.

Do other members find these momentary glitches where obvious spam gets through or are your plugins picking up everything or should I worry that my plugins aren't working properly? Since this is only the first or 2nd piece of obvious spam that's gotten through (in the 8 wks. I've had my blog here at WP) I'm not going to assume there's a plugin problem. But I'll monitor it.
James
Happiness Engineer
Posted 6 years ago #

Please remove the link to the spam URL.

Don't worry, sometimes one or two get through, but keep in mind that it's always one or two out of a hundred or a thousand. And, please remove that spam link. They don't need to use our forums as PR boost too.
richards1052
Member
Posted 6 years ago #

Sorry, I should've thought of that before I posted it
nmallory
Member
Posted 6 years ago #

I've JUST started having this problem as well. I'm getting 5 or so a day like this.
skippy
Member
Posted 6 years ago #

Some spammers will manually submit spam comments. It's extremely hard for Bad Behavior to block these.

Make sure you have a reasonable set of moderation words. I only have the major items (poker, viagra, cailas, etc). This provides defense in-depth: if a comment makes it back BB and SK2, WordPress' default moderation system will still catch it.
nmallory
Member
Posted 6 years ago #

well, the poker part is showing up in the user's name instead of the url or email or post...and this is how they're getting through, I think.
skippy
Member
Posted 6 years ago #

Moderation words should check all of the commenter's information. You can even put IP addresses in your list of moderation words, to force users from specific IPs to always be moderated.
James
Happiness Engineer
Posted 6 years ago #

And, if you find a pattern, or prominent bot slipping through the cracks, please feel free to submit the information to the developers of Bad Behavior and Spam Karma.
richards1052
Member
Posted 6 years ago #

Skippy: I DO have "poker" listed as a comment moderation term. But I'm one of a good number of WP users whose entire comment moderation settings aren't working (I surely wish the bug would be fixed by someone). So this comment wasn't moderated as it should've been.
Peter Westwood
WordPress Lead Developer
Posted 6 years ago #

richards1052: AFAIK SK2 skips the builtin WordPress moderation words so adding things there to fix this won't help.

Can you paste the SK2 Karma report on this comment that skipped through which details how it got the karma level that made it public?

If you want to ensure that all comments go into moderation no mater what - which the WordPress option â€œAn administrator must approve the comment (regardless of any matches below)â€? does without SK2 activated then you can use this SK2 plugin to make SK2 obey that option http://blog.ftwr.co.uk/wordpress/sk2-moderate-plugin/

If there is enough demand for a SK2 plugin to make it use the builtin WordPress moderation keys I'm sure one could fairly easily be cooked up the SK2 API for extending it is very quick and easy to use

westi
James
Happiness Engineer
Posted 6 years ago #

Is there a possibility that the comment moderation bug is related to Spam Karma? I run comment moderation and Bad Behavior with no problems, but I don't have Spam Karma.
richards1052
Member
Posted 6 years ago #

Westi: I deleted the spam comment w/o checking it in the SK2 rpt. I assume once I do that it's erased fr. SK2? In future when this happens, I'll check out that rpt.

I'd prefer not the force ALL comments through moderation since 90% of my comments are fine. But I would like to force moderation for any comment whose author has not published a comment at my site before. And that setting (along w. all my comment settings) are not working in WP.

But if things do get bad I'll check out that plugin link you provided.

Macmanx: Maybe I'll try to deactivate SK2 for a few days to see what happens to my WP comment moderation behavior. But I assume that since there was a time (about 6 wks. or so) when I had BB, SK2 & WP comment moderation working fine together that this shouldn't be the problem.
Peter Westwood
WordPress Lead Developer
Posted 6 years ago #

richards1052: Yes once you delete the comment the SK2 report will be gone.

... I would like to force moderation for any comment whose author has not published a comment at my site before. And that setting (along w. all my comment settings) are not working in WP.

Ok. By default SK2 bypasses the builtin WordPress comment moderation functionality as it is designed as much more fully feature replacement to the builtin bits - this is why the WordPress settings are not working.

Writing a SK2 plugin to may SK2 obey these WordPress options should not be very difficult - The one I wrote for the â€œAn administrator must approve the comment (regardless of any matches below)â€? option took me about half an hour.

Would you be interested in a SK2 plugin which enforced the following WordPress option "Comment author must have a previously approved comment"? - if so I will have a play later and create this for everyone to use.
richards1052
Member
Posted 6 years ago #

That would be magnificent of you if you could build a plugin like that! Just to be clear--I'd like a comment from someone who's never previously commented to be moderated and all others to be automatically published. Now a question, if SK2 bypasses all WP comment settings is there a way I can add all the WP blacklist/moderated words, banned Ips,urls & e mails to SK2's blacklist? I see the SK2 blacklist pg. but I don't see how or where you add such data.

I'm not sure whether SK2 itself caused my WP comment moderation to stop functioning. Because I've had SK2 active for a weeks while WP moderation was working. Of course, I don't remember ever receiving SK2 spam e mail rpts until right around the time the WP comment moderation stopped working. So anything's possible I guess & you could be right.
richards1052
Member
Posted 6 years ago #

Westi: Ok, today SK2 & Bad Behavior let another obvious one through (containing the word "roulette" in the URL). Can you clarify where I should find the "SK2 report" for the comment which you suggest above that I post here? I found this entry in the SK2 "Comments Recently Approved" list. Is this what you mean?

2

0.5: Encrypted payload valid: IP matching.
0.5: Comment has no URL in content (but one author URL)
1: Severity settings adjustment.

And can someone tell me when the most recent upgrade for sk2 came out. The author doesn't provide dates or version #s for SK2 so I can't tell whether my version installed around June is the most recent or not.

Finally, Westi I haven't heard from you about that wonderful offer you tantalized me with to write a plugin to force moderation for all new comments. Any progress on that?
Peter Westwood
WordPress Lead Developer
Posted 6 years ago #

richards1052: That is the report I was talking about.

The most recent upgrade for SK2 is definetly newer than June - I have "2.0 Final r2" installed according to my WordPress plugins page.

As for the sk2 plugin - it will come soon I've spent the past few days holed up in bed with a nasty cold and am still not 100% - I probably won't have time to look at it till after next weekend I'm afraid.
richards1052
Member
Posted 6 years ago #

Get well soon. And don't worry about the plugin. I've lived w/o it for all these months & I'll be able to get by a few wks. longer...

So the SK2 rpt. for that comment didn't tell you anything?

Just noticed another obvious spam comment SK2 didn't catch fr. the other day. Has the word "poker" in the URL.

Guess I better upgrade to a newer version of SK2. maybe that'll help catch more of this stuff.

WOuld you know if, when you upgrade you should delete all files for the previous version of SK2 so there isn't a conflict with the new version?
Peter Westwood
WordPress Lead Developer
Posted 6 years ago #
Ok. After a bit of time recuperating I have now extended SK2 Moderate to enforce another core WordPress discussion option.

SK2 Moderate will now enforce the following WordPress options when installed within the SpamKarma 2 plugin:
1. "An administrator must approve the comment (regardless of any matches below)" (under Options ... Discussion)
2. "Comment author must have a previously approved comment" ( also under Options ... Discussion)
Go here for the full story and to download : SK2 Moderate Plugin

hope this helps rid you of they annoying comments :-)
Mark (podz)
Support Maven
Posted 6 years ago #

richards1052 - email spam has been around for years. It has had phenomenal amounts of time, money and resources thrown at it in a futile bid to stop it. It cannot be stopped. If you do not want email spam, then do not have an email address. It's that simple.

You want comments on your blog - then just accept that comment spam will happen. The fantastic work that drDave and io_error have done will not stop comment spam - it just holds the vast majority at bay.

Do this:
- remove all comment spam prevention measures you have.
- leave them removed for 48 hours
- THEN you will see what is a problem and just how much work those plugins - the product of time freely given - save you.

If you are after perfection - it will never ever happen.
error
Member
Posted 6 years ago #

It may never happen, but I'm after perfection. Feel free to send me any spam that got through. (Don't post here, I don't monitor the forums regularly.)

Topic Closed

This topic has been closed to new replies.

WordPress.org

Forums

spam slips through bad behavior & spamkarma2 (20 posts)

Topic Closed

About this Topic

Tags

Code is Poetry