Dr. Dave, author of the excellent Spam Karma plugin for WordPress, has posted The State of Spam [Karma] in response to a new breed of spambots. (These sneaky %#@!ers hit this site on Friday, so I installed the 2.2 beta. They seem to have stopped trying over the weekend.) Anyway, Dr. Dave is holding a donation drive to help cover future versions of Spam Karma. I think it’s worth at least a few bucks.
FWIW, I use Spam Karma and Bad Behavior to block comment spam on this site.
Aside from the occasional massive spam run, there’s been a fairly regular trickle of spam targeted at the comments on this blog. Dr. Dave’s excellent Spam Karma plugin takes care of nearly all of these using a combination of content filters, blacklists, form checks, signs of proxy use, and more.
On Tuesday I added IO Error’s Bad Behavior. This plugin looks at actual HTTP requests, identifies known spambots and looks for signs of cloaked bots—those that claim to be a browser like MSIE or Mozilla, but don’t act like it—and prevents them from even getting in the door. The advantage here is that you can save processing time and bandwidth on all kinds of bogus requests, not just comment spam, but address harvesting bots, referrer spam, and so on.
Maybe it’s coincidence, but Spam Karma hasn’t seen a single spam attempt since I installed Bad Behavior.
Of course, blocking bots won’t catch the occasional person who posts comment spam the old-fashioned way: by surfing to the page and filling in the form. And eventually bots will do a better job of imitating real visitors, just as phishing attacks have moved from crude, badly-spelled notes to sophisticated forgeries with real logos and disguised links. Spam Karma will still be needed for those.
But the combination looks very promising!
Firefox 1.0.3 just came out. Security fixes, bug fixes, and if you’re on a Mac, they seem to have fixed the problem with some small images displaying incorrectly. (Mozilla 1.7.7 is also out with the same fixes.) I can finally recommend Firefox to Mac users.
Finally upgraded to Spam Karma 2.0 alpha. The previous version has been regularly blocking several hundred comment spams a week, but this morning someone clearly found a way around it, and I had to manually delete 5 or 6 today.
Mac OS X update, including Safari 1.3. Haven’t checked it out, but Dave Hyatt describes the new features.
And of course my first day back at work after vacation was Microsoft patch Tuesday.
*Sigh*. After a month of little-to-no comment spam, a pair of spam runs over the last two days led me to make some more changes yesterday. While working on those, I wondered why I hadn’t seen any trackback spam. And, wonder of wonders, the trackback spam started coming in today. Oddly, they were just random strings of letters, but they all pointed to the same random-letter website.
Well, last night’s discovery of WordPress: Combat Comment Spam should help matters. I’m considering adding Spam Karma to our arsenal.