Support » Plugins and Hacks » Testing Spam Plugins

  • Is there any easy way to test a spam plugin? I just got off the phone with an irate commenter who received a rude message from a spam plugin and I realized I wasn’t sure how exactly to test the plugin to see what kind of message they were receiving.

    I’ve since installed Stopgap (I’ll move to Hashcash once I upgrade to 1.5).

    How can I test Stopgap?

Viewing 15 replies - 1 through 15 (of 15 total)
  • Moderator James Huff


    Disable javascript in your browser and try to post a comment.

    Easy enough – thanks!

    FYI: Hashcash leaves an advertisement at the bottom of every </form> tag, and so far hasn’t stopped much spam.

    It may be working well on the backend (i wouldn’t know) but i turned spamminator and bad behavior back on today after a huge wave of disgusting porn spam made it’s way through hashcash.

    thought i’d let you know.

    Moderator James Huff


    HashCash’s main catch is that it doesn’t protect you from trackback spam.

    Yes–it’s only for comment spam, but with Hashcash, none of *that* should get through, unless it’s been submitted by human hands…

    Does anyone have a solid recommendation for a trackback-only spam blocker (WP 1.5.1)?

    Moderator James Huff


    I haven’t tried any, but here’s the list:

    One option for trackback spam is to moderate all, by default.

    However I found such measures were not necessary by using few WP features like blacklist judiciously.

    @andymatic I think I know which plugin you are referring to. In fact I got severely pissed off with its false-positive error messages which are very juvenile and very insulting. Unfortunately some moderators here like podz don’t want to hear anything bad about it and will vigorously defend it, without understanding ground realities.
    HashCash is pretty good in stopping comment spam. It however doesn’t stop trackback and referrer spam. You can try ideas which worked for me.

    @angsuman, thanks, I installed the referer plugin but since I’m not planning to enable comments I didn’t use hashcash. However, I really would prefer not to have to moderate every trackback so if you can think of a more automated solution that would be terrific.

    Moderator James Huff


    There are two “more automated” solutions out there. One would be Bad Behavior. Bad Behavior analyses all bots that enter your site. If the bots match certain criteria (IOW, if they’re spam bots), they are denied entry. This has kept me 98% spam-free for the past few weeks. Another option would be Spam Karma. Spam Karma analyses all comments and trackbacks. If the comments and trackbacks match certain criteria (IOW, if they’re spam), Spam Karma automatically deletes them.

    All automated solutions, however, carry the possibility of false positives. Though, I haven’t had any false positives with Bad Behavior yet.

    I address trackback spam with a strong blacklist. I do not have moderation enabled for trackbacks and it works fine.
    IMHO simple solutions are often better.
    I noticed that most of my trackback spam also carries a payload of referrer spams. I guess spammers realized it saves their bandwidth and doubles their chances 🙂
    So I use a strong blacklist of referrer spammers too, which in turn blocks most of my trackback spams at the outset.

    Last 3-4 months I am spam free without requiring maintenance, so I can safely say the same will work for you.

    My fear with “intelligent” spam blockers is of “false positives” and chances are you will not notice them until much later when you happen to browse your database for blocked spam comments.
    Tell me how many people does that and how often?

    Angsuman, thanks, I will try that out. Looking at your blacklist, it seems pretty short and also doesn’t take into account the ‘funny’ ways spammers have of spelling words these days to avoid filters (for example, p0ker with a zero instead of an o or v1agra with a one instead of an i). I was reading a bunch of your blog entries last night and didn’t notice any spam so it does seem to work, I’m just wondering if you can comment on this.

    What can I say. It seems so far comment spammers haven’t caught with the sophisticated ways of email spammers yet.

    It is actually because they want to score high on keywords like poker and not p0ker. Search engines give much relevance to the keywords in your domain name and url. It doesn’t help their cause to misspell.

    I keep the blacklist as short as possible to prevent any delay before serving legitimate pages. As it stands today it imposes no measurable delay on load testing.

    Hi, I have no idea if anyone has tried this type of comment spam blocking but I wrote a very easy to use flash-based comment spam blocker.

    If anyone finds it useful let me know, because I’d like to add it to the codex for others to benifit from it as well (if it works of course).

    Moderator James Huff


    It’s nice, but it won’t stop trackback spam.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘Testing Spam Plugins’ is closed to new replies.