14 replies on “Comment Spam Kills Sites”

  1. It haven’t heard anything similar with WP. This doesn’t mean that WP couldn’t be targetted in the same DoS fashion. Leaving a comment is a very efficient operation in WP, it doesn’t do a whole lot of work, just drops it in the DB. There are also some great anti-spam plugins for WordPress as well.

    I would investigate a few options though before making a hasty switch.

  2. In the past 2 weeks, I’ve had to threaten to shut down several MT sites for not moderating their MT-Blacklist, the result of which was causing insane server loads. The problem with shared hosting, of course, is you have to look out for the greater good of all. You must worry about an individual client, but if their site is taking down the whole server, then you have to make a choice.

    I’ve been spam attacked on my WP-powered sites, receiving 1200 comments in one hour that went into moderated mode. As I was deleting them, they kept coming in. It was crazy, and I was thankful for the “Mark all to delete” plugin to help me clear them out. (Clicking radio buttons one-by-one in that situation is craaaaazy.) Fortunately, the anti-spam measures I have in place keep things working, and spam-free.

  3. Wow, I was only just discussing with somebody why their MT site had been taken down for the second time by their hosting company. Didn’t realise it was this bad. It certainly explains a lot.

  4. It is bad. I use WordPress and thank Gawd for the WP version of the blacklist. Previously I had tried changing the filename of my comments forms. That works for about 3 days till they catch on. I was getting two dozen spams per minute until I changed the rate at which users could comment to once every 60 seconds. That, more than anything else has helped. I haven’t had one in two weeks now.

  5. After getting hit with about 300 comment spams in a week, I studied the logs and determined that most, if not all, of the spam was posting directly to the post form without ever hitting my site (at least with the same IP as posted).

    I added a single hidden field to the comment form. The value of the field is set to the md5 of the user’s ip address. If anyone posts the form, and this field doesn’t validate they get a “spam sucks” message.

    After adding this simple mod, I’ve gotten 0 comment spam. After checking the logs, I’m also confident that only spammers have gotten the spam sucks message. I realize that it won’t take long for the spammers to adapt if a lot of people do this, but it certiainly is slowing them down for now.

    –Anton

  6. “I’ve been spam attacked on my WP-powered sites, receiving 1200 comments in one hour that went into moderated mode. As I was deleting them, they kept coming in. It was crazy,…”

    Are we talking spam or crapflooding? These are distinct problems with distinct solutions. Tools like MT-Blacklist (or similar) are useless against a crapflood. Conversely, spammers do not have an incentive to DoS your server. They want your site nice and responsive when google comes around to index it.

    I haven’t been keeping up with the latest in spambot and crapflood technology. But, from these reports, it doesn’t sound like they’ve advanced much over last year’s models (aside from the fact that they now target WP too).

  7. I use SPAMINATOR and have turned off email notification from the plugin. My blog is SPAM-free, and my inbox is now only getting “regular” SPAM instead of moderation requests. It’s blissfully quiet here at the powerplant.

  8. I’ve never been on the hot side of spamming — I’ll get trickles here and there — but I’ve found that the Spam Karma thing looks like it should relieve a lot of headaches. Note that I haven’t compared it with anything, especially the Spaminator, but on its own merits.

Comments are closed.