I’ve been hit severals time recently with comment spams. In fact the frequency of attack has really picked up as WordPress has become more popular.
I don’t use any form of blacklist, but controlling the spam is still pretty trivial. There’s one throttle in place that doesn’t allow more than so many posts in a short period of time–over ten posts in a minute, and over fifty a day; anything beyond these limits is automatically moderated. I can easily increase the number of comments per minute or day if I suddenly gain political blogger status.
(The ten posts in a minute throttle is new, so please send me email if you have problems.)
I also have code in place to automatically put my comments into moderation at 20 days. Due to the increased frequency of attack, I’ve changed this to put any comments older than five days into moderation. Since most activity falls within this five day period, this shouldn’t be too restrictive.
With these protections in place, I still get the comments. But no build is happening, so it’s just a straight database access and an email. And since I can’t get more than ten of these beasties at a time, the mail is no burden. Once a day, I then go into WordPress, go to the comment power-editing page, search on whatever is common on all the spams, and then mass delete the bunch.
If there’s one drawback to this, when my throttle is in place, your comments may end up in my moderation queue. But unless you’re selling me online gambling, I’ll let you through.
This spam throttling is one of my favorite WP modifications. If I had to pick any five modifications I’ve done to WordPress that has more than paid for the time to maintain these between version upgrades, I would pick the following:
- My comment spam throttling. Without having to resort to IP or other blacklisting, I have it controlled and managed with a minimum of effort. I am looking at putting this into a plug-in for WP 1.3
- My fullpage preview. There’s nothing like previewing your post within the environment it will be viewed at when published. The only way this can be a plug-in is to use DHTML to modify the page objects on load. Since I’m not fond of using DHTML for anything to do with navigation, I prefer to customize the page.
- My comment editing. As I posted comments in the last few days in other weblogs, I really regretted I couldn’t edit the comments after the fact. My damn typos. Because of this, I’ve come to have a deep appreciation for my own comment editing feature. I think all sites that offer comments, should provide comment editing. Best thing of all, this can be a drop-in modification. I need to package it accordingly for 1.3.
- My moderated comments customization. Being able to turn moderation on an off selectively rather than globally is a wonder. Again, this can be a plug-in, but would require DHTML to modify the document and this doesn’t ring my bell. So it stays a customization.
- My other customizations are tied for usefulness, but I like my comment/trackback split, and my talkback feature (both plug-ins, which I need to link at the WP support wiki). I also like my Insert post status that allows me to publish an entry, without it being part of the overall site navigation. This is particularly useful for About pages and other content that you want static. I also like my static page implementation, though I think the one that comes with WordPress now might be better (have to check it out and see).I also like my new “about this entry” with notes annotation that I just added. It adds an element of fun.
Why do technologists like weblogging? Because the tools are a tweaker’s paradise.