UPDATE: There’s been an uprising in my own “Blogdom”! The people have spoken and I’m considering their words… Recent Posts on other sites, PMs and comments here have made me reconsider the usage of a “captcha” challenge script with use in presenting commentors the option to leave a comment. I still believe that Peter’s script is a fine example. I have opted to consider Lorelle’s advice and a fellow named “Otto 42” ;), after extensively re-reviewing the availble literature.
So in the place of my challenge guard, I’m adding Spam Karma 2. I’ll let you know how it goes! You can see more about the conversations about this at Lorelle’s WordPress site.
The original article follows:
It’s remarkable, programs like Akismet have protected us from over 1,000,000,000 (read a billion!) spammers! I first read about this in Photo Matt’s Blog. Spam has been a real problem for me and of course for all of you as well. The biggest problem I have is that I want to be able to have a dialog with people, but I don’t want to be forced to shut off my “comments” due to the tremendous amount of SPAM that keeps on coming.
SPAM has to be treated like an enemy and there are some KILLER plugins that will allow you to turn the tide in your battle with the EVIL SPAMMERS. With the right programs, you will be able to barricade yourself against the evil SPAM empire and stop the offenders that are trying to take over your “Blogdom”!
THE THREE-FOLD DEFENSE STRATEGY:
The following three plugins will provide a fortress for defense against SPAM while still allowing you to receive comments, pingbacks and trackbacks. As a matter of fact, since you are reading this article, why not let me know about it by leaving a non-SPAM comment! I’d like to know if, I helped you with your quest against SPAM or if you have any other weapons in your arsenal that will help others with this war!
Bad Behavior: Your First Line of Defense (The Moat)
Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however. Bad Behavior is available for several PHP-based software packages, and also can be integrated in seconds into any PHP Script.
This program is amazing at stopping SPAMMERS before they even “get to your Web log”. The Bad Behavior Plugin is designed to detect the EVIL army of SPAMBOTS and block them before they actually SPAM you site. It targets any malicious looking software with an error message. This “error message” confuses them, thus sending them on their “merry way” away from you and on to others without such a sturdy defense strategy. Bad Behavior doesn’t analyze the potentially bad message (parse), because it actually prevents it from being sent in the first place.
Peter’s Custom Anti-Spam: The 2nd Line of Defense (The Gate and Outer Wall)
Note: A lot of discussion about using a Captcha plugin like this has occured recently, see the above notes and comment section for more information. Join in the conversation and let us know what you think. Some people beat me up about this, some people reasoned with me, some people agreed- in the end, after taking another hard look what people were saying- they convinced me that this type plugin is not necessary for blog sites, mainly due to how much they say it harrasses would-be commentors (personally, I’ve never felt harassed). Currently, I have replaced this pulgin with Spam Karma2 and am evaluating how it works in conjucntion with Bad Behavior and AKISMET. We’ll see….
While there are a couple of other great plugins that are similar like Meyerweb’s WP-Gatekeeper , Did You PASS Math?, ΛορδΧηαος’s Challenge Plugin and Captcha!, I am a real fan of the simplicity, functionality and currentness of Peter’s Custom Anti-Spam Plugin. Peter’s plugin works with WordPress 2.1.2 and has some great functionality that includes customizing the words used for detecting spam AND still allows for pingbacks and trackbacks! Something I certainly still want and I know you do too!
Peter’s plugin is a “challenge” a “laying down of the gauntlet” type of plugin. Non-registered users will have to copy a word (customizable) to enter a comment providing a challenge of sorts. Your own subjects, don’t have to deal with this challenge if they are logged in already and safe inside you walls.
It’s a great “defense” against would be SPAMMERS, since SPAMBOTS can’t read well and “autofill” incorrectly, thus keeping them at bay and your Blogdom safe.
AKISMET: The Final Defense (The Keep)
Everyone has heard of the Aksimet plugin for WordPress, it’s your final bastion of defense. If you are running the new version of WordPress you already have it, but it may not be activated. Got to http://wordpress.com and get your personal code to activate it.
You don’t have to sign up for a wordpress.com blog to get your code, however it’s still a little confusing… You still have to choose “Start your WordPress Blog” to get your code even if you don’t want one:
Then choose “just a username, please”:
Follow the rest of the prompts to get your code. When you have it “copy” it so you don’t misspell it later when you sign it “into law”. Finally, go to your “plugins” menu and choose the Akismet Config. button and enter it in so you have protection! If you have not entered your code you are not being protected and your Keep is unsafe and your strategy weakened!
For any of the more hearty SPAM varieties that fool Bad Behavior and find a way to get through your “gauntlet challenge”, AKISMET is there to interrogate them one final time and check to see if their legitimate or not. It does this by comparing the message to thousands (hundred of thousands?) of other messages in the Akismet database. If they are found to be malicious, AKISMET sends them to your SPAM box, your little prison for the buggers. Now as Supreme King and Emperor of your domain, you have the ability to either execute them for their crimes against you and your Blodgom (and providing the world with the knowledge of this new type of SPY; Aksimet Learns from this and will protect others!) or you may free the innocent and have them placed rightfully into your comment section as ambassadors of your community!
Many professional bloggers recommend checking the “Automatically discard spam comments on posts older than a month” check box to minimize SPAM. The problem with this is that if you have a lot of really good “older” posts you won’t get any new comments about them. :(
The Defense Strategy Reviewed:
By using these three programs you should eliminate almost all of your SPAM enemy. Bad Behavior stops the SPAM before it even gets to your Web log (crosses the moat). If it gets by Bad Behavior, the guard at your gate (let’s call him Peter) issues a challenge for safe passage (Peter’s Custom Anti-Spam). Finally, at the Keep, AKSIMET takes another crack at interrogating the SPAM and renders any potential SPAM (SPYS at this point) into a holding-cell for you to decide their fate. It’s a great plan, it works; I use it here.
MOUNTING AN OFFENSE:
There’s another Bold option in the War against SPAMMERS and it’s called Hashcash. It’s software that not only protects you from SPAM, but irritates those sending it. Elliot Back has this to say about how it works:
I certainly don’t understand the mechanisms behind how it does this, but the author of Captcha! (above) has stopped development of his plugin due to the effectiveness he sees with Hashcash. Elliot claims it blocks 100% of SPAM; however, I have seen that some users state it slows down their systems. Personally, I don’t know, I haven’t installed Hashcash but I thought it was worthy of mention in the annals of this article. I’d love to hear from you if you are running it and if it is working for you. For now…
The battle awaits, your defenses are sure; onward into the fight!
Good article well done,
I am still up in the air about Captchas though… Your presentation was great.
So I did a “boo-boo”. I non-malicously posted in the wordpress.com forum about this article and some of the people there thought it was SPAM! Now, I’ve got a good rapport with etiquette and try not to do wrong-things on purpose… So if you’re here because your mad I posted this in a “wrong place”. I,truly and humbly apologize! :oops:
This brings up a whole new thing called Human Spammers. Lorelle, as always has written a great post that talks a little about them. You can see it here:
Jess, you should be. CAPTCHAS don’t work and they also tend to tick off users. I’m looking at one on this blog that I can barely figure out what the letters are right now.
It’s kinda like gambling. I don’t know if this will work when I hit the submit button. Based on years of experience with these, most of the time they don’t work and I have to try again or give up. Painful.
With the growing sophistication of comment spam bots, and the growing number of hired human comment spammers out there, these are easily overcome. CAPTCHAs are not a defense but a nuisance.
The rest of the arsenal in the article is great, and Spam Karma can add a great third line of defense, picking up what Akismet and Bad Behavior miss and acting as a backstop.
I’ve gotten a lot of PMs and feedback about this from WordPress.com now an article from Lorelle about this. After reading her response on her site to my questions, I may have to think about the Captcha type plugins a little more.
Perhaps, the best method for bloggers may be Spam Karma, Akismet and Bad Behavior. I’m still thinking… Have any of you had a good experience with HASHCASH?
I think it was a good article. I don’t have too much of a problem with the “captcha” stuff. It doesn’t bother me.
i hate spam
great to see there is such a plugin to help people on wordpress guard against spam. Great article.
What about the spam in comment #8 above?
Seems more work is needed.
Hey, pretty funny! I haven’t looked at this thread for a while. I’ll check it!
great article. this will come in handy against spammers in wordpress. thanks a lot!
i also hate spam but we cant get rid of it easy. they found always a new way to go through security programs. Anyway, thanks for the article.
[…] MusTech Net Music Education amp Technology WordPress Comment Posted by root 6 hours ago (https://mustech.net) Mar 28 2007 wordpress comment plugins building a fortress to defend against spam anyway thanks for the article blog comments powered by disqus Discuss | Bury | News | mustech net music education amp technology wordpress comment […]
[…] MusTech Net Music Education amp Technology WordPress Comment Posted by root 1 hour 45 minutes ago (https://mustech.net) Mar 28 2007 digital music fingerprints cyber police now dusting daily wordpress comment plugins building a fortress to defend against spam Discuss | Bury | News | MusTech Net Music Education amp Technology WordPress Comment […]