Support » Fixing WordPress » getting spam despite no comment interface in loop. How?

  • When I built my site I was worried about spam and hacked the comment interface out of my loop. Later I thought about allowing comments (so I can be a part of the blog community 😉 ), and started ticking the ALLOW COMMENTS box as I wrote posts, however I never actually restored the comments interface in my theme.

    This week I started getting “approve these comments” emails, all spam from the same person (the keyword is the same). Presumably, a bot can access my wordpress comments without the interface. I’m curious how this works, and what other access to wordpress’s functions do hackers/bots have?

    I’m guessing no one will reply to this since it’s not a code question and abstract discussions usually get ignored here, but maybe you know some search terms to help me learn how to make wordpress less “leaky”? It seems WordPress has some doors and windows that bots know, that I don’t. Feeds are one thing, but how does someone leave a comment without the loop?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Spam bots usually don’t use the comment forms, they just send HTTP POST requests right to the recieving script – the names of the form fields are the same for all WP blogs anyhow.
    You can not (easily) change that behaviour of WP, but you can install and activate a spam protection plugin like Akismet, Bad Behaviour or SpamKarma2 – personally I am using SpamKarma2 and so far it has caught all spam I receive (several hundred per day).

    If you want to learn more about HTTP etc I would recommend the Wikipedia article on HTTP as a starting point.

    Bad Behavior works great with Akismet -or- Spam Karma2. It stops ’em before they ever make the post in many cases.

    Oh, and WP-Spamhaus was recently introduced and look interesting.

    Ahh-HAA! Timo, that Wiki article was a real epiphany! I didn’t realize so few requests were happening in HTML, or that they were so basic! Suddenly RSS and exerpts make sense too! Wow, I finally get it! Why streaming is a different protocol…. Even the CHmod settings! Yeah, this helps so much!

    I am the square that suddenly grasped the concept of the cube.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘getting spam despite no comment interface in loop. How?’ is closed to new replies.