I get hammered with spam on this site, and for the most part Akismet, Spamlookup, MT Autoban, along with a few other hacks, have kept it from appearing on the site and putting too much of a load on my server. I recently installed a new plugin called NoHarvester, which blocks comment spammers from using zombie computers to do their spamming (basically does an IP address check) as that seems to be a fairly common attack lately.
While so far it appears to be working just fine, please let me know if you’re having trouble or if it thinks you’re spamming by e-mailing utterlyboring [at] gmail [dot] com, as I can only test this so much.
Speaking of spam, I have 10,123 published comments on this site, but the comment table’s auto-incremented ID is set at 55,442. So for every one published comment, I’ve received nearly 4.5 spam comments (and that’s only counting ones that have made it into my database — I’m sure I’ve blocked thousands of others that have never made it to my server).
Update: Yes, I know there is spam on this entry. It’s been marked as junk on the back-end, but it’s still showing up. I’m working with SixApart to troubleshoot the problem, as something isn’t right, so I’m leaving the spam there temporarily as an example.
Comments
cheap viagra
8c)
I had to moderate that, Jack, but am letting it through because it’s you and I’m just curious as to how it’ll affect the google ads that show up on here.
I’ll have to take a look at that NoHarvester. The help you provided earlier aided me in building my own rather functional spam-filter, which blocks about 25 comments a day. I can’t see how many it actually blocks, because spammers are immediately banned before they can actually do any harm.
For me, 25 comments is a whole lot, considering I only write an update myself every few days, and only get a legit reply every other day or so. To give you a better indication, I only get about 6 thousand human hits a month, with another 12 thousand spammer hits on top of that.
You can safely say that without a filter I’d get more than 20 times as much spam as real comments. Luckily, in the past three weeks (only one week after it was implemented and still during its training) the spam filter has held up superbly; not a single comment leaked through. Additionally, I can see visitor behaviour and so far so good.
There’s little I hate in this world more than spammers. *harsh curse words here*
Thanks for giving NoHarvester a try!
I’m sure it can greatly cut down the amount of spam that makes it to MT’s database, while at the same time reducing the workload of MT’s junk filters. And it really shouldn’t have any effect on human commenters.
Hahahaha, I’m getting “New Comment” e-mails to this post; comments written by spammers!
Looks like that spam prevention method needs to kick in before comment notifications are sent out, Jake.
Ah, nevermind. You can see the spam right there.
Yeah, obviously the filters don’t catch everything. Have NO idea why those were missed.
OK, that’s just weird…all those comments are in my junk folder, marked as junk, but they’re still showing up here. WTF?!?
test
I completely understand your annoyances! 🙂
I have been recently actively attacked by spam comments which either have a ‘_’ instead of ‘.’ in a URL link in the comment content, or have the URL in BBCode format and Spam Lookup and Keyword filters kept letting them through.
I got hold of a regex to counteract this specific comment content.
I also read (and implemented) a tip from ‘Learning Movable Type’. This is deleting a code from Individual Archive and Comment Listing Archive, forcing all commentators to |Preview| their comment post and then |Post|. This is said to counteract the bots.
Would this counteract the ‘harvester’ bots also???
No, harvester bots only view your webpage on the lookout for e-mail addresses. They typically don’t spam.
The only effective way of counteracting havesters is by masking your e-mail addresses. Either require a valid login (using secure subscriptions by using some sort of Turing image / CAPTCHA — I have a free, open-source one available here) or use a javascript function to build the address on an onclick.
Bots just love the good ol’ href=”mailto:[email protected]”, so avoid it like the plague.
Not necessarily, Paul. The harverster bots that I think he’s referring to are the ones that aforementioned plugin block, which are the ones out looking for MT form tags that they can just attack. Forcing the preview, without other measure there that make sure that they previewed first (there are plugins for that) isn’t going to be nearly as affective as just blocking them out entirely with the plugin, as they generally just bypass the buttons anyway.
Hey Jake, I’m still getting comment spam via e-mail from this topic.
That’s because my filters marked them as clean, as they were just mostly random text and not inherently harmful. I deleted them, which is why you don’t see them now.
I think I’m just going to close comments on this entry.