Yes, I’ve been getting several per day.
They’re trying to break the “emergent registration” process in WordPress. First-time commenters are held for moderation; but if a commenter has successfully commented in the past they skip moderation.
So they post junk — sometimes deceptively innocuous comments — in order to get their email approved, then they’ll flood you with crap.
Be vigilant.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Ah ha! Yes I got one of these too.
Jbbrwcky
Well, here is something freaky: I was enjoying about 5 months of SPAM free blogging, when all of a sudden, WHAM! I get hit 35 comment and back-track spam in one go, then 4 hours later, 60 more, starting about 5 days ago. Stopping short of returning back to WordPress 2.1, I started implementing all my old Anti-SPAM Warfare armaments from WP2.1, and low and behold, I only slowed it down back down to 30 every 6 hours. Now, most of the “casino, poker” crap is hitting my older post, yet, how? I have turned off those comments and Back-Track on those posts, and yet, this garbage still pops up there? Now, fortunately, none of the for mentioned SPAM has hit the main page, and I’m moderating it. But how come these clever SPAMMERS reach through to the comments without verifying and being blacklisted, as I have done? Any ideas as to closing up this hole? My Email account is taking a beating right now…….. *help* :-/
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Thomasso, going back to WordPress v1.2 will certainly not help. The spam bots have found your blog and they don’t care what version it is. In fact, in v1.5.x, you have more default anti-spam measures than you did in v1.2.
Find the keywords that are the same in the spams that you’re getting and those either to your comment moderation list or your blacklist. More info: http://codex.wordpress.org/Combating_Comment_Spam#Comment_Moderation
There are also several plugins that may help. For this flood, I recommend either Bad Behavior: http://www.ioerror.us/software/bad-behavior/ or Spam Karma: http://unknowngenius.com/blog/wordpress/spam-karma/dev/
You can find more anti-spam solutions here: http://codex.wordpress.org/Combating_Comment_Spam
Also, you should upgrade to WordPress v1.5.1.2 whenever you get the chance. Just follow these instructions: http://wordpress.org/support/topic/33189#post-187724
macmanx, Thanks for your reply and helpful hits. I’m not knocking WordPress, a matter of fact, I will testify that it is one of the best blogging tools out there and that I find very user friendly. My reference to 2.1 was, implementing simple things like Jeff Bars’s extra filed approval system and Kitten’s Anti-SPAM tools were wonderful in WP2.1. I just implemented Bad-Behaviour, thinking that fighting them at the front-line: script to bot level my be the only answer.
As far as that weird comment SPAM goes, holy crap, that is currently accounting for 10 out of the 30 or so spammy comments in the last couple of hours! Trinidad and Russia seem to be the favourite hot spots for those IP address. I’m also running LINUX, with FireFox, like rscrawford, so I feel somewhat safe, but man…… sneaky & creepy
Moderator
James Huff
(@macmanx)
Volunteer Moderator
If you can get a handle on some common user names or IP addresses, you could block them all via .htaccess. See:
http://codex.wordpress.org/Combating_Comment_Spam/Denying_Access
and
http://www.macmerc.com/articles/Power_User_Monday_Tip_of_the_Week/302 (shameless plug)
Hi, I have no idea if anyone has tried this type of comment spam blocking but I wrote a very easy to use flash-based comment spam blocker.
http://www.collcoll.com/dev/wordpress/index.php/2005/06/17/9/
If anyone finds it useful let me know, because I’d like to add it to the codex for others to benifit from it as well (if it works of course).
Moderator
James Huff
(@macmanx)
Volunteer Moderator
It’s nice, but it won’t stop trackback spam.