Ready to get started?Download WordPress


Spammers in Comments (25 posts)

  1. bhanu
    Posted 9 years ago #

    Just to get attention from the Authors and programmers,
    We are affected with these spammers, posting comments on our site with their "Quotes" and we get email everytime. All these days, I thought, its a person doing this posts manually. Now I got this spammer posting everyday, posting comments to all post. I dont think its done manually. because my site is not at that popular, for anyone to read the post and no one will care to read the comments. Its waste of time and money for that person.
    so its sure a automated script. And I observed this comments appear only when I update my site with new post of mine. whenever i update, comments starts flowing into, for every post on site.
    I can block ip, I can block keywords, I block this n that, but this is Bug in WP - I think , spammers who studied and identified it, are utilizing it to spam.
    I am no good at all with any of these blog scripts, and only because my domain CPANEL provides it as automatic installation and it suits 100% of my needs, i installed. I was very happy with WordPress till now!!
    Authors please look into this

  2. charle97
    Posted 9 years ago #

    this is not a bug in wp. all blogging tools that allow comments are affected by comment spam. if you have comments enabled, you'll have to deal with spam. the only way to stop comment spam on your blog is to turn off comments.

  3. You could try using your discussions options to hold comments for moderation if they contain 1 or more links. I've actually had the most success by keeping a very thorough keyword blacklist an requiring a name and email address to be posted with the comment.

  4. bhanu
    Posted 9 years ago #

    Is it like that?
    I got one more site, which I never update with new posts. Its not at all affected.
    So when ever i update/post a new matter to my- this site, these spammers are getting a hint,
    I dont want any anonymous person to know about my site update when they are not subscribed to know.
    How are they getting to know about my site update. How can I stop this trigger? Since my site is very much restricted to a small group of people related to a specific ethinic culture, I dont want it to trigger these spammers.
    Blocking is not at all a solution, because, they change ip-domain-content - so frequent, one single owner of site will have to spend all his time in configuring the block plugin.

  5. bhanu
    Posted 9 years ago #

    How about a secure feature,
    If any one is so much interested to leave on comment on our post, let them enter that secure word also.
    Secure word login: now a days this is so popular during registration process to stop automated registrations, some random alpha-numericals appear in the registration form, and user need to enter them manually to submit.
    If this spammer spending >=$5.25/hr to post comments on my site is willing to do this one more extra step?? I dont know, but there is some thing triggering these spammers, that my site is updated, and they are posting these comments which no one will read including me.

  6. charle97
    Posted 9 years ago #

    i combined automatic ip banning with wp-blacklist. my blacklist is not very aggressive. if the blacklist is tripped, i know it's a spammer and the ip is banned in my htaccess file without me having to do a thing. i check my htaccess file every few days to see all the new banned ips for comment spamming.

  7. charle97
    Posted 9 years ago #

    it's not a bug.

  8. bhanu
    Posted 9 years ago #

    What can be called a bug?
    i have no better term for this problem to generalize. Tell me why is my site triggering someone whenever I update it?

  9. Whenever you post to your blog, your RSS feeds are updated. These feeds are easily accessible (as they should be for your individuals using news readers). Whenever your RSS is updated, it throws up a flag to any bot visiting your site. Some of these bots are SPAM bots an immediately post. Others are syndication services (services which keep a list of recently updated blogs, Syndic8 and PubSub to name a few). Some spammers (or SPAM bots) actually follow syndication services very closely as they can use them to quickly link to your blog and post a SPAM comment. Again, what's happening is not a bug. It's a threat. And there's nothing you can do about it short of disabling all comments. THis threat affects everything with comment features. It affects WordPress, MovableType, TypePad, PHPNuke, etc.
    However, if you're going to block IP addresses, keep in mind that you may be blocking future visitors. Rarely is an IP ever unique. Blocking an IP address should be used only to break up a comment SPAM flood for one day, no longer. Blocking keywords and URLs is the best way to go about it.

  10. Fahim
    Posted 9 years ago #

    Bhanu, the spammers look for sites which are highly ranked on search engines etc. Since your site caters, as you say, to a niche market, it probably ranks very highly on certain search engines for particular terms. This might be why they keep on hitting your site. And these are not people but automated robot scripts which when they find a good site, keep on hammering that site with spam comments. The only thing you can do is add effective preventive measures - this is a problem you face with almost any popular blogging software that many people use and is open sourced.
    One sugestion that I have for you is to use the WPBlacklist plugin. It will automatically delete comments identified as spam and at the same time, add the details from those comments, so updating your blacklist and making it more effective. However, you will need to do some work before you can get a plugin working effectively. If you want to download it, you can get it from http://sm.farook.org/files/WPBlacklist261.zip

  11. aaron1728
    Posted 9 years ago #

    I now moderate all comments because of spammers. I like the bot-thwarting things that request a random number to be entered that I've seen on some MT blogs.
    In the meantime, I often get multiple posts from the same legit person who doesn't understand that I have comment moderation on.
    I wanted to make a change to the text in my wp-comments-reply.php, to add text to let people know I moderate, but it doesn't seem to work. Is that the right file to modify?

  12. Beel
    Posted 9 years ago #

    <?php if ( comments_open() ) : ?>
    <h2 id="postcomment"><?php _e("Leave a comment"); ?></h2>
    <?php if ('open' == $post->comment_status) { ?>
    if (0 != get_settings('comment_moderation')) {

    Please note: Comment moderation is currently enabled so there may be a delay between when you post your comment and when it shows up. Patience is a virtue; there's no need to resubmit your comment.

    <?php } // comment_moderation != 'none' ?>

  13. aaron1728
    Posted 9 years ago #

    Thanks! Worked!

  14. bhanu
    Posted 9 years ago #

    I am thankful to each n everyone who spend their precious time to help me -> deal with spammer prblm.
    I am very happy that, there are real guys here to help with suggestions and help me to cope up with problem in very less time.
    Thank you very much

  15. In case anyone is wondering, here's an article that goes into detail about why IP banning is a bad idea and I do suggest that everyone at least read the first two paragraphs. http://kalsey.com/2004/02/why_ip_banning_is_useless/

  16. Anonymous
    Posted 9 years ago #

    I've just been reading this thread. Thanks for all the info. However, when I pasted the above code into my comments page, it made it go funny.
    Do I have to replace another code snippet with this code?

  17. onethumb
    Posted 9 years ago #

    I do think there is a backdoor in the program.
    I stopped the incoming spam from the Poker Jokers, but everytime I post a single comment pops up.
    The comment from the Poker Jokers is coming internally. Unlike other comments
    on my page these do not generate an email.
    Also, whenever I enter certain links the program is munging the links. I did not tell it to do this
    and I cannot find the script that does this.
    For example: If I add "Democraticunderground" to my links it will put mywebpage/wp-admin/www.democraticunderground.com. The shows "www.democraticunderground.com".
    Yet other links are not so affected. Only _specific_ links.
    There is a backdoor in this program, the Poker Jokers and others have found it.

  18. There is no backdoor. This has been discussed here hundreds of times. The Poker guy just uses the wp-comments-post.php file to post comments to non-existant post ids. Thus, when a post is created to fit that id, the existing comments appear. This is not an backdoor, just a normal function. You can get around it by renaming your wp-comments-post.php file and don't forget to delete it after you upload the new one.

  19. charle97
    Posted 9 years ago #

    onethumb, use TechGnome's Code.

  20. Agreed, forgot about that one.

  21. charle97
    Posted 9 years ago #

    if you're using an alpha of 1.3, you could try the plugin version, which is TechGnome's code converted into a plugin.
    these tools just block future attempts at posting comments to entries that don't exist. you'll have to manually delete the spam that's already in your db.

  22. onethumb
    Posted 9 years ago #

    I _did_ rename wp-comments-post.php and delete the old one and it has stopped the incoming. If I understand correctly there are posts sitting in my system waiting for a corresponding number to be generated by my publishing a new entry? This is the comment that pops up the very instant that I publish a new post? I will try again
    And why does it munge the URLs of _specifc_ sites? I have tried correcting them several times and they still are munged after the correction.

  23. Onethumb, Charle97 has the answer you're looking for.
    "onethumb, use TechGnome's Code."

  24. aletheia
    Posted 9 years ago #

    My friend Coffelius has just made this plugin which uses a graphic code generator. To make a comment you need to copy the code you see in the graphic to a new field in comments, this way only humans will be able to post and you'll block bot-using-spammers without having to moderate comments.
    You can download the plugin here

  25. Mark (podz)
    Support Maven
    Posted 9 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.