Tag Archives: badbehavior

Upgraded to WordPress 2.5

I’ve upgraded to the just-released WordPress 2.5. The new admin interface is very nice, especially the ability to upload more than one image at a time (though I think they might want to test uploading a single picture a bit more [edit: Maybe it’s specific to Firefox 3 beta 4—on uploading one image, it shows the control panel three times instead of just once.] [edit2: Maybe it’s on the Firefox beta, but the Linux version of Flash Player. It works just fine on the same version of Firefox on the Mac.] [edit3: It’s definitely the Linux Flash Player; I tried it with Opera on Linux and had the same problem.]).

I’ve adapted my theme to use new built-in support for Gravatar and optimal titles instead of the plugins I was using before.

All the stuff you’ll see appears to be working just fine so far. A couple of minor glitches with some admin plugins (WP-Amazon takes two clicks to show or hide instead of just one), but no biggie.

There was one issue during the upgrade. I’ve been using XCache for WordPress to improve site performance. I was asked for the XCache admin login & password during the database upgrade. I couldn’t remember them, so I renamed object-cache.php and hit “cancel” on the password prompt, but it seems to have upgraded everything fine.

The one really annoying thing is that the Bad Behavior anti-spam plugin conflicts with the new media uploader (it’s already on the WordPress 2.5 Plugin Compatibility list). There are two issues. First, “Shockwave Flash” is apparently used by spambots, so it was listed in blacklist.php (code 17f4e8c8). Second, it seems Flash is mixing and matching HTTP 1.0 and HTTP 1.1. If I remove it from the blacklist, it trips condition a0105122, which indicates an Expect header appearing in an HTTP 1.0 request. Removing that test allows it to upload, but the test catches a lot of spam…

Edit: I tried out the visual editor again, as it was billed as “it doesn’t mess with your code anymore.” Sadly, it does mess with your code. It disappeared an image in one post, and it still replaces semantically-neutral <i> tags with <em> tags, even when you’ve entered them manually. <em> is for emphasis. When you italicize a book title, you are not emphasizing it. By replacing one tag with the other, it adds inaccurate semantic meaning. This is just as incorrect as using <h5> to get small text instead of using it for a level-5 heading.

Spam Switch

With the recent rash of Trackback spam, I finally bit the bullet and am now experimenting with Akismet in addition to Spam Karma. I’m not sure how well they work together, or, at this point, which plugin processes the comment first. Update: I’m trying Akismet on its own for now. Or, more precisely, Akismet as the sole second line of defense. Bad Behavior is still holding the front line.

Update (Feb 14): I’m now back to using Spam Karma 2, but with a plugin that uses Akismet as one of the score components. This seems to be working well, as SK is able to block the ridiculous stuff (100 porn links in one comment, etc.), and Akismet is able to catch the trackback spam that’s been passing SK2 by temporarily including an inbound link.

The big problem I had with Akismet was that aside from the age of the target post, the blocked comments weren’t sorted or filtered in the admin interface. I was having to look through ~30 comments a day for false positives. Spam Karma will show only the borderline comments by default, and uses a table structure that makes it easier to skim.

This way, though, I get the proverbial best of both worlds.

Tired of Pingback Spam

Bad Behavior and Spam Karma do a good job of fighting most of the spam that hits this site, but over the last few weeks I’ve seen a (relatively) new kind that seems to require manual intervention: pingback spam.

It took a long time for spammers to really start abusing pingbacks, because of two things: First, pingbacks require the remote site to link to your site before they can get you to link to theirs. Second, it was just so much easier to abuse trackbacks and ordinary comments. I guess those have gotten locked down enough that it’s worth the effort to target pingbacks now. Continue reading

Trackback spam is back

I’m surprised it took so long, but trackback spammers seem to have finally figured out that they can sail past the simplest check against trackback spam—does the calling page actually link to the page being trackbacked?–by temporarily adding that link.

Or maybe they have for a while, and they’ve only just started getting past my other layers of defense (namely Bad Behavior and other checks by Spam Karma).

*sigh*

The Good Old Days

I recently stumbled across an archived mailing list post of mine from the days before spammers started targeting WordPress. Someone had remarked that their spam problem had disappeared when they switched from Movable Type to WordPress, and I responded:

Oh, they hit us WordPress users too, just not as often as MT. Having it automatically moderate comments with certain keywords or more than X number of links helps cut it down, and the ability to (a) see all the latest comments and (b) mass-delete comments reduces the pain of cleanup. But they do target WP blogs from time to time.

I tend to get a pair of comments sent to the moderation queue every few weeks (presumably they figure if the first two didn’t show up, they won’t waste their time with more), but just this morning I had to delete a spam comment that came in last night and didn’t trip the moderation rules. (One of those with the generic “I like your site” messages and the author’s URL being the spamvertized site.)

That was September 2004. How things have changed! All WordPress blogs come with Akismet as an anti-spam measure, but I still prefer to use Bad Behavior, which has blocked ~2900 hits to this site in the past week alone, and Spam Karma, which has collected over 17,000 comment spams.

And with all those counter-measures in place, I get a couple of comments landing in the moderation queue each week. And just this morning I had to delete a spam comment that came in last night and didn’t trip either layer of defense (it was a generic piece targeting keywords found in a post). The filters are just barely keeping pace with the increased volume.