I can't tell you how many times I think I've copied something and go to paste it, only to find the previous thing I cut is still on the clipboard. I just thought i was getting old.
I'm thinking of disabling comments on posts older than a certain age, such as 90 days or 6 months as a means to limit the spam. While I like people who find the articles to be able to comment, I don't like all the spam. The old posts generate few legitimate comments.
I'm also wondering about the sudden jump in spam. I suppose they've found a way to solve the reCaptcha. Your thoughts?
I have a double-hurdle now: Captcha + a q&a step... it works fine for a day or two, but after that, I get swarmed again. AAJ is getting its spam queue increased as well, and they have far better security protection than the basic plugins that our wordpress sites have.
I'll be interested to learn if closing comments on >90 days actually shows a decrease in spam or if the active posts just get spammed more.
Is MiG having a lot of spam get through to the live posts or is it all just clogging up the spam queue?
90 days might be a tad short given that the world at large is not waiting breathlessly for our updates. Just in the last few weeks I suddenly had a burst of apparently legit comments (either that or spam that's unsuccessful enough that it just looks like a comment! - the sites they gave just look like blogs and don't seem to be selling anything) on the piece I wrote May 23. I suspect this was generated by the artist's twitter activity - more than any of my other pieces the artist started actively pushing that review; if so it's an instance of a piece taking a few months to get into circulation and then someone else doing something that helps a bunch of people to find it.
Is there any option in Wordpress to disable the "website" field when people leave comments? Would that make it any less attractive to spammers or would they just embed their site in the comments?
I tried another anti-spam plugin but it blocked legitimate posts. I won't mention the plugin because it's equally likely something in the theme is causing the problem. I've got another one to try that is a manual install so it will have to wait until I have some more time.
And just so I understand, you're looking for an anti-spam plugin that prevents spammers from making any comments at all, not one that does a better job of throwing them in the moderate queue, correct?
I've got the spam protect from Jetpack as the main thing on my site, but I've got another one called "Spammer Blocker" which basically compares the IPs in my spam moderate queue against site lists like Stop Forum Spam and Project Honey Pot, and if it finds a match, it blocks the IP from my site.
Also, I've got my site set to moderate all comments, unless they've been previously approved for a prior comment. I'm pretty sure that my setup has never allowed a spam comment to go live, and most don't even get past my spam queue. I've maybe had ten instances (out of ten thousand spammers) where a spam comment got past my spam queue and into the "valid" comment moderation queue.
It was definitely a spammer. I marked it as such, and cleared out the rest in the pending queue... all spam.
The first thing I did was go into the comment in Edit mode. Then I looked at the reg url (which was an obvious spam url "waystoinvest"), plus when I googled its reg email, it showed up on Stop Forum Spam as a reported spammer out of China. Another way to check would be on the reg IP address, but I didn't bother with the damning evidence already accumulated.
There's over a thousand spam comments in the queue. I'll start whittling those down. Pretty much any time someone is on the MiG admin board, they should just go into the spam queue and hit the Empty Spam button, which will send all those spammers away. If it gets to be as many as it is now, you really have to go page by page and delete one page at a time because otherwise the system hangs up and you get a fatal error message.
It look like what's going on is the spammers are using botnets. I can see in the log an IP is trying the comment 3 times then a different IP starts hitting the same comment. Some hours later the first IP comes back and tries a different comment 3 times. I have no way to tell how many times they request a new capcha for each page they load but it must be a few, whatever stays below the radar on reCaptcha. I think they're just loading captchas until they hit one they can solve or one they already know. Last week after I posted about the spam I configured Bad Behavior to use the Project Honeypot blacklist. I think it slowed the spam down a little, but clearly they are using a large number of IP addresses to avoid IP based detection. I also see variation in the spammed urls so they are trying to get around checks of the posted urls as well.
I might have to write some code that forces anyone who posts urls or blacklisted words to go through an additional step to get their comment posted. I hate to annoy legitimate visitors but when the spammers have them outnumbered 1000:1 it seems the number of legitimate posters annoyed is relatively small. If I have to choose between annoying legitimate visitors and annoying our admins I know which way I'm going to go.
re: GP: I strongly doubt we would want to run any ads from someone posting in Russian. The last english-speaking outfit that inquired about advertising wanted us to promote a gambling site. If the comment isn't about the article it should be deleted.
Oh I agree. It's a good example though of ones that are harder to delete instantly because they don't have a url to any product and appear to have rational content, albeit in this case with the wrong language selected. I was also intrigued to see the tactic of drafting a comment in very generic terms about liking the site, having learned from the page etc. Some were poorly done but one or two almost convincing until you look closer.
I deleted 995 spam comments a couple of days ago.
Strikes me this really is the direct equivalent in digital terms of industrial polluters in the physical world. The willingness to pollute/harm the entire ecosystem as long as it results in some dollars flowing to specific pockets. Boils down to age-old avarice and lack of charity.
Oh, I love to delete those generic ones. "I found this article interesting and informative. Keep up the good work." Damn SkippyThe good work of keeping worthless noise off at least one tiny part of the internet.
The generic posters want to get a comment approved so they can bypass the moderation queue and spam to their hearts content.
Okay, I've tweaked my security plugins and settings, and I have found a very good combo. I'm getting almost no spam comments anymore (whereas before, at least 100 a day). Of course, it might be just a matter of time before the little shits find a way around it, but a week is gone now and I'm very happy.
I use two plug-ins.
The first is called "Spammer Blocker" by Leikoun. If, one, something comes up as a hit on a spam detection site, it throws it into the spam queue (which is what MiG's system does now, too), but then it also has a matching system whereby if that IP first marked as spam and thrown into the spam queue tries to do it again, the plug-in will add the IP to a ban list which prevents it from ever commenting on the site again, PLUS, it deletes both spam comments automatically at designated intervals (ie, twice-daily) so that the spam queue never gets out of control. Here's the url to go get it, or you can just search for it on MiG's admin panel...
I have that combined with a plugin called "WP No-Bot Question" by Compdigitec (you'll have to search on the plug-in section on the MiG site to pull it up). It's very simple... it allow you to ask a custom question to post. I think it's better than Captcha, which based on feedback, has only prevented legitimate people from commenting on my site and not spammers.
Just be careful wih the question - my daughter was waxing very disgruntled recently because she had to answer one of the those to download something and the question was about some TV ad and she dpoesnt watch tv...
I'm finding the key to asking the right question is to use spaces so that spam bots can't read it. For instance, I'm currently using something like this...
Please spell the word "co l tr an e" backwards, with no s-paces.
You want to use a word that isn't a part of the site title, subtitle, or anything that's necessarily a alphanumeric constant. The space, I have found, also throw them off.
On AAJ, you have to answer a question to register. The questions are even simpler than mine, but that's because the forum procedure to register and security is much greater. For instance, they have questions like "What is this site All About?" or "How many thumbs on both hands?"
Yes, those are better that what my daughter ran into, which was something like "name the detergent that ...[insert slogan]...". I've started seeing Captchas that are sponsored ads as well.
I like the poetic justice in that. Throw ads back at the spammers.
Today I spent some quality time with the Bad Behavior logs in the MiG database. This confirmed what seemed to be happening in the server log. The spammers use any given IP for only two or three tries, then they give it a good long rest.
OK, call me gullible, but I think I've let a couple of these through already in the past. It's the pattern that gives them away, including the fact that they are all targeting my Leonardo Rosado piece. There's a variant where the comment is innocuous and the url of the commenter is to what at first glance seems a perfectly ordinary themed blog on Wordpress about something, with no sales pitch/fake handbags. But on closer examination to comments on the blog are incoherent and the content is cut and paste on some topic. This seems a rather elaborate way of getting past the spam queue.
I require comments to have some indication that the poster read the article. The generic nature of the innocuous style comments gives them away. Wolfram Alpha could probably construct a coherent, thoughtful comment on one of our articles but thankfully that level AI isn't available to the spammers.
I've thought of writing sandboxing software. This would make it look to the spammer like their comments were accepted and published, but only the poster and other IPs that hit the blog repeatedly would see them while the comment was actually in the moderation queue. The spammer would do one of two things: Either they are done and move on to the next blog, or they use their apparent ability to post unmoderated comments to hang themselves.
It looks like I'll have an article ready to review tomorrow that we can run for Christmas. It's a conversation with Richard Souther about his album "Tesla's Christmas". I hope to get permission to include a couple of tracks. He's agreed talk to me. We're playing phone tag at the moment.
edit: Added an outline with Pitch status. I hope it will bring some Christmas Cheer to Craig when he looks at the Calendar in the blog.
Comments
I'm also wondering about the sudden jump in spam. I suppose they've found a way to solve the reCaptcha. Your thoughts?
I'll be interested to learn if closing comments on >90 days actually shows a decrease in spam or if the active posts just get spammed more.
Is MiG having a lot of spam get through to the live posts or is it all just clogging up the spam queue?
jonah - So far nothing has gone live to my knowledge.
Craig
I've got the spam protect from Jetpack as the main thing on my site, but I've got another one called "Spammer Blocker" which basically compares the IPs in my spam moderate queue against site lists like Stop Forum Spam and Project Honey Pot, and if it finds a match, it blocks the IP from my site.
Also, I've got my site set to moderate all comments, unless they've been previously approved for a prior comment. I'm pretty sure that my setup has never allowed a spam comment to go live, and most don't even get past my spam queue. I've maybe had ten instances (out of ten thousand spammers) where a spam comment got past my spam queue and into the "valid" comment moderation queue.
Cheers.
'When I open your RSS feed it puts up a whole lot of strange characters, is the deal on my end?"
- anyone know the answer to this?
(the person's url suggests it could be spam, but the question seems like it could be legit)
It was definitely a spammer. I marked it as such, and cleared out the rest in the pending queue... all spam.
The first thing I did was go into the comment in Edit mode. Then I looked at the reg url (which was an obvious spam url "waystoinvest"), plus when I googled its reg email, it showed up on Stop Forum Spam as a reported spammer out of China. Another way to check would be on the reg IP address, but I didn't bother with the damning evidence already accumulated.
There's over a thousand spam comments in the queue. I'll start whittling those down. Pretty much any time someone is on the MiG admin board, they should just go into the spam queue and hit the Empty Spam button, which will send all those spammers away. If it gets to be as many as it is now, you really have to go page by page and delete one page at a time because otherwise the system hangs up and you get a fatal error message.
Cheers.
I might have to write some code that forces anyone who posts urls or blacklisted words to go through an additional step to get their comment posted. I hate to annoy legitimate visitors but when the spammers have them outnumbered 1000:1 it seems the number of legitimate posters annoyed is relatively small. If I have to choose between annoying legitimate visitors and annoying our admins I know which way I'm going to go.
re: GP: I strongly doubt we would want to run any ads from someone posting in Russian. The last english-speaking outfit that inquired about advertising wanted us to promote a gambling site. If the comment isn't about the article it should be deleted.
I deleted 995 spam comments a couple of days ago.
Strikes me this really is the direct equivalent in digital terms of industrial polluters in the physical world. The willingness to pollute/harm the entire ecosystem as long as it results in some dollars flowing to specific pockets. Boils down to age-old avarice and lack of charity.
The generic posters want to get a comment approved so they can bypass the moderation queue and spam to their hearts content.
I use two plug-ins.
The first is called "Spammer Blocker" by Leikoun. If, one, something comes up as a hit on a spam detection site, it throws it into the spam queue (which is what MiG's system does now, too), but then it also has a matching system whereby if that IP first marked as spam and thrown into the spam queue tries to do it again, the plug-in will add the IP to a ban list which prevents it from ever commenting on the site again, PLUS, it deletes both spam comments automatically at designated intervals (ie, twice-daily) so that the spam queue never gets out of control. Here's the url to go get it, or you can just search for it on MiG's admin panel...
http://wordpress.org/extend/plugins/spammer-blocker/
I have that combined with a plugin called "WP No-Bot Question" by Compdigitec (you'll have to search on the plug-in section on the MiG site to pull it up). It's very simple... it allow you to ask a custom question to post. I think it's better than Captcha, which based on feedback, has only prevented legitimate people from commenting on my site and not spammers.
Cheers.
Please spell the word "co l tr an e" backwards, with no s-paces.
You want to use a word that isn't a part of the site title, subtitle, or anything that's necessarily a alphanumeric constant. The space, I have found, also throw them off.
On AAJ, you have to answer a question to register. The questions are even simpler than mine, but that's because the forum procedure to register and security is much greater. For instance, they have questions like "What is this site All About?" or "How many thumbs on both hands?"
Today I spent some quality time with the Bad Behavior logs in the MiG database. This confirmed what seemed to be happening in the server log. The spammers use any given IP for only two or three tries, then they give it a good long rest.
I've thought of writing sandboxing software. This would make it look to the spammer like their comments were accepted and published, but only the poster and other IPs that hit the blog repeatedly would see them while the comment was actually in the moderation queue. The spammer would do one of two things: Either they are done and move on to the next blog, or they use their apparent ability to post unmoderated comments to hang themselves.
edit: Added an outline with Pitch status. I hope it will bring some Christmas Cheer to Craig when he looks at the Calendar in the blog.
Craig