WordPress.org

Forums

WP 2.0.3 - Suddenly Spam! (15 posts)

  1. schiller
    Member
    Posted 9 years ago #

    I have my own home-brewed captcha on my WP blog. I was running 2.0.2 up until today and I was getting maybe 1 spam comment a day (all my comments go into moderation). However, I just upgraded to WP 2.0.3 today and suddenly, within a minute of fully upgrading the site, my blog started getting swarmed with spam comments (>100 in one hour).

    Things seemed to have cooled off now, and all comments only made it moderation, not to my blog, but I'm trying to figure out why this might have happened? Do spammers somehow track when you upgrade a site? How might this have happened?

    Thanks,
    Jeff

  2. mazter
    Member
    Posted 9 years ago #

    I had the same problem till last week. Whenever I post a new blog, I was getting >40 spam messages instantly and my email box was full of notification emails. I suppose, it has either something to do with the "ping servers" or spammers are using RSS feeds for new updates. For ping servers, I'm not sure if they have something to do with this, just suspect. Are you also using ping servers? I am using the list given on this site: http://codex.wordpress.org/Update_Services

    I had email notification for comments but after these spam storms started, I disabled it. Things seem to cool off right now. I got 1-2 more spam attacks after I disabled email notification, I'm not getting anymore.
    Thanks

  3. Mark (podz)
    Support Maven
    Posted 9 years ago #

    Spammers come and go in waves.
    I cleared someone's blog today of 6500 spams.. I LOVE spam karma :)

  4. schiller
    Member
    Posted 9 years ago #

    My point is that with 2.0.2 I was getting the occasional spam comment (which I assume was someone manually working around my captcha) but upon upgrading to 2.0.3 I haven't had a rest from spam comments. Between last night and this morning I've gotten 410 comments - that's someone who has clearly worked around my captcha in some automated fashion...

  5. ladydelaluna
    Member
    Posted 9 years ago #

    from what i've heard, captchas aren't really failsafe anyway... you really should look into SpamKarma2 - it's never let me down...

  6. maerk
    Member
    Posted 9 years ago #

    The best thing to do would be to drop the captcha, they're buggy and also raise accesibility and usability issues, and install something like Akismet or Spam Karma.

    It'll mean less fuss for your visitors :D

  7. red-star
    Member
    Posted 9 years ago #

    I read a lot about bloggers getting spam. When I started using Wp, I also started to use Spam KArma, and Bad behaviour.
    Now its Akismet and Bad behaviour.
    I have maybe one spam in 2 months, and I'm very happy with that. I can advise anyone to use those programs.

  8. schiller
    Member
    Posted 9 years ago #

    I understand the idea of using some WP plugins, but I'm trying to figure out if something in 2.0.3 is broken or more vulnerable to mass spam attacks than 2.0.2.

  9. gMk
    Member
    Posted 9 years ago #

    Struggled to configure Spam Karma on my current system....also combination of Bad Behaviour and Askimet....keeps me free of spam !

  10. schiller
    Member
    Posted 9 years ago #

    Another thing with these spam blocking plugins - how can you be sure that you're not missing valid comments? The moment you start trying to filter by content you have a possibility of valid comments accidentally getting filtered as spam. I consider that a problem. This is why I like the captcha because it's some attempt to differentiate between human and computer...

  11. Austin Matzko
    Member
    Posted 9 years ago #

    I understand the idea of using some WP plugins, but I'm trying to figure out if something in 2.0.3 is broken or more vulnerable to mass spam attacks than 2.0.2.

    schiller, I think it's just a coincidence that your spam wave hit the same time as your upgrade. I had a huge spam wave hit a couple of weeks ago without upgrading--in one day the number of spam trackbacks increased a hundredfold.

  12. maerk
    Member
    Posted 9 years ago #

    I see no reason why 2.0.3 should be more vulnerable. Spammers actually use your very own comment form to submit their comments, it's not attacking your system any other way.

    Akismet stores all the comments it thinks are spam in a separate place so you can see which ones are valid and which aren't. Then you can "de-spam" the valid ones, and it learns from its mistakes.

    I personally haven't ever seen a valid comment in the spam Akismet has caught, and I've been using it since version 2 (of wordpress, akismet is currently v 1.15) came out.

  13. jabesse
    Member
    Posted 9 years ago #

    WP 2.0.3 has the feature "Blacklist comments from open and insecure proxies." (under 'Options' -> 'Discussion')
    This makes the server do a RBL test at opm.blitzed.org.
    However, this RBL has ceased to exist:
    http://lists.blitzed.org/pipermail/opm-announce/2006q2.txt

    I suggest:
    - edit wp-includes/functions-post.php
    - find the text: opm.blitzed.org
    - replace with: sbl-xbl.spamhaus.org
    (don't remove the dots before and after)

  14. Another thing with these spam blocking plugins - how can you be sure that you're not missing valid comments?

    Bad Behavior doesn't block comments or anything else, really. It just recognizes things that aren't browsers and blocks them from getting anything at all. See, spammers *don't* use your comment form to make their spam comments. They use automated tools to post lots and lots of comments all over the place. Bad Behavior helps to block these from working at all by looking at things that normal browsers would send. This actually blocks most all spam, for now.

    Akismet intercepts comments and sends them to Akismet's servers, where they get analysed and a spam/not-spam message gets sent back. Stuff that it recognizes as spam then gets held for you to look at. If it's spam, you delete it, and go on with life. If it's not spam, then you mark it as such and the comment goes on the blog as well as you telling Akismet that it's not spam, so Akismet can learn from that and improve its detection algorithims. So you still have final say, with Akismet.

  15. evilzenscientist
    Member
    Posted 9 years ago #

    I use Akismet extensively - and it's been good to me so far.

    Some false positives, some false negatives - but training gets it on the right track.

Topic Closed

This topic has been closed to new replies.

About this Topic