I’ve experienced a weird and unfortunate chain reaction over the last 48 hours.
- A flood of comment spam
- Akismet not accepting connections from my server1 and/or not catching the spam. UPDATE: this wasn’t Akismet’s fault, see bottom of post.
- The email notifications from all the spam comments sending to my mail account
- My mail host started blocking all mail from my server (due to the high volume of comment spam)
This has presented me with a choice between receiving email and accepting comments on this site, and that’s an easy choice.
I disabled comments, and once the flow of spam mails stopped my mail host seems to be accepting mail again. It’s sad to see the problems caused by comment spam extending beyond the annoyance of having them appear on your blog.2
I’m taking some additional steps to try to get the mail situation set up a little better (domain migration so I have better DNS control, sending mail directly to Google Apps and then forwarding to my primary mail account from there). I’m hopeful that I can get the Akismet connection issues resolved and enable comments again in the near future.
Regardless, it’s been a genuine pain in the arse having to deal with this. Apologies for the impact it’s had on anyone looking to comment here and/or receiving emails from my server.
UPDATE: re-enabling comments, hoping for the best.
UPDATE #2: the inability to reach Akismet appears to have been due to a firewall issue on my server (no blame should be placed on Akismet).
I added the bad behaviour plugin to my blog, it blocks them outright once they have been flagged. http://wordpress.org[...]ad-behavior/
Bad Behavior does a lot of Bad Things, I’m not a fan.
Why not using re-Captcha? Is spam still able to sneak into comment box with re-captcha installed?
It sounds like Alex is already in touch with you about the server issue, hopefully we can figure out what’s causing the bad connections.
Thanks for the note Matt, I’m confident we’ll get it squared away. Who knows, there could be an issue on my server I need to fix too.
Why not use something like Disqus?
I think services like Disqus and IntenseDebate are great. Both run by smart folks with good intentions, and they are building services that scale in a way that I wouldn’t want to tackle. I have a ton of respect for them.
That said, I like being in complete control of the comments on my site, and don’t feel the need to have them exist in another cloud. I say that with the full knowledge that it may sound like the most ridiculous statement ever in 5 years or 6 months. I used to feel the same way about the photos and screenshots I post here, and now I offload 90% of that to Flickr. 🙂
Alex, I feel the same way about comments too. And I expect it’s as ridiculous as you suggest. At the moment, I’m luvin commentluv. Seems to split the difference really well.
Oh that’s a nice story what happens when a blog gets comment spam. I also have been spammed a year ago or something and I’ve managed to block them by adding a md5 javascript field to the form that is checked like a captcha. After that i had no spam anymore. Maybe there’s a wordpress plugin for this too?
Alex – One anti-comment spam type plugin I’ve found to be very reliable is “WP-SpamFree”. Although it doesn’t by default have any way to view blocked comments (there’s a setting which allows logging of 3 days worth of spammed comments for troubleshooting purposes), I’ve had one false positive in the 2 years I’ve been running it and that was when the plugin was new.
It compliments Akismet very well and has cut down my Akismet spam by 2/3rds and better.
Just a suggestion.
For a couple of good club solutions to block obvious spams, I use these two plugins.
http://wordpress.org[...]or-comments/
http://wordpress.org[...]-validation/
Simple, easy, tend to work well.
The SPAM script I was hit with filled out my non-standard custom CAPTCHA and sent to the non-standard URL where comments are posted. I can add a few more low hanging fruit items, but those are easily picked.
One of the major problems i have with comment spam, Is the fact that GoogleApps classifies the content as spam quite often, Leading to me never getting the spam-comment (or new-comment) notifications..
..My solution to that was to whitelist my wordpress email address, I now get all emails, I unfortunately however, Now get all spam emails which are spoofing my WordPress email address..
My next step is to set wordpress up with a unique email address, Or see if i can set up a GA filter to only whitelist emails if it contains the WordPress header/footer..
For spam comment i am using Akismet, Wp-Spamfree and CAPTCHA. but the latest known wp-spamfree got an error when submitting a comments (error regarding about browser cookies need to be enabled). I didnt know how to connect WP with Google Apps, so WP send mail notification through Google Apps email. I’am trying WP Mail SMTP plugin to replace wp_mail() using SMTP instead mail() but not yet work well.
I do have another of those spam plugins installed on the blog. Spam Karma 2. It has been in RC for the longest while but it catches most of the spam comments.
I used SK2 for a while, it stopped being effective for me and I stopped using it. Perhaps I get more progressive spam. 😉
Yes, I also recommend you to have a look at WP-SpamFree. Been running it myself for a year or so and it is blocking more than Akismet does.