Although I haven’t been active on this blog for a couple of months, the stream of spam comments and trackbacks hasn’t decreased at all. In fact, I think it has intensified in the last couple of weeks. I don’t have the exact numbers, but I estimate that there were around 300 spam messages in the last 2 months – an average of 5 per days.
I got tired of deleting the comments, or marking them as spam for akismet to handle them, so I decided to install a few extra wordpress plug-ins to do the job for me:
- Akismet. This plug-in is actually installed by default, but you need to activate it manually. When activated, it sends every message received at this blog to a central akismet server for analysis. Since the central server receives thousands of messages, it has the power to compare each message from this blog with thousands of other messages, and to pick up trends of comment spam in real time.
- Bad Behavior. The ultimate gateway filter. Bad Behavior analyzes incoming http requests for common patterns of behavior that are typical of automated bots and other malicious software.
- Challenge. This plug-in is responsible for the math challenge that you now face if you wish to leave a comment. Its purpose, like the captcha, is to verify that you really are a human being, and not an automated program.
- Simple Trackback Validation. Some spam messages arrive as trackbacks rather than as comments. This plug-in follows a simple logic: when a trackback is received, it retrieves the web page located at the URL used in the trackback and checks if the page contains a link to this blog; if there is no link, then it is a spam message.
I could have installed more plug-ins (there are lots to choose from), but I don’t think it would change much. You might have noticed that the plug-ins listed above are all complementing each other. Each plug-in handles a certain aspect of spam filtering that the others don’t, thus I hope that by combining them together I’ll have a spam-proof filter that is stronger than each of them alone.
I couldn’t find any more plug-ins to add that won’t replicate any functionality that I already have. For example, adding a captcha plug-in for submitting comments probably won’t do much, as it replicates the functionality already provided by Challenge.
However, one might claim that there is never “too much” when fighting spam (just like there is never enough security), but that is not true. Answering both a math question and facing a captcha (and whatever else will come next) is a nuisance that hinders usability. Therefore, as a general rule, one needs to think carefully how much benefit a new plug-in provides to the system before adding it.
Hopefully with these plug-ins spam would be history, or at least it would become a manageable problem.