1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

New Weapon Against Comment Spam for WordPress

Discussion in 'WordPress' started by WebGeek182, Jan 18, 2008.

?

How big a problem is comment spam for you as a blogger?

  1. HUGE PROBLEM: I HATE SPAMMERS!!

    7 vote(s)
    43.8%
  2. MAJOR PROBLEM: Spam is a definite problem and wastes time.

    3 vote(s)
    18.8%
  3. MEDIUM NUISANCE: Yeah, I get a fair amount of spam, and it's annoying.

    2 vote(s)
    12.5%
  4. MINOR NUISANCE: I get some spams here and there, but it doesn't bother me too much.

    3 vote(s)
    18.8%
  5. NO PROBLEM: What's spam?

    1 vote(s)
    6.3%
  1. nks

    nks Well-Known Member

    Messages:
    1,601
    Likes Received:
    40
    Best Answers:
    0
    Trophy Points:
    160
    #41
    Can you explain the algorithm or the rational why yours would be better than akismet? Or rather, why this one won't get a false positive?
    SEMrush
     
    nks, Jan 24, 2008 IP
    SEMrush
  2. Grump

    Grump Well-Known Member

    Messages:
    36
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    108
    #42
    Nope, there's no code like that on any blog pages - not at the administrative blog at http://afloorpro.net and not on the pages of my personal blog at http://jim-mcclain.afloorpro.net

    Any clues would be appreciated. I'm sure I could install this in the standard plugins directory, but then I would have to leave it up to the members to activate it. I don't want to intrude in their control panels unless absolutely necessary.

    I have no doubt this would be a very popular plugin for MU administrators. And if you found a way to add that informational tab to all member blogs as well, any members who wanted to go on their own with a blog would be sure to put this plugin at the top of their to-do list.

    Thanks for any help you can offer,

    Jim
     
    Grump, Jan 24, 2008 IP
  3. WebGeek182

    WebGeek182 Active Member

    Messages:
    510
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    95
    #43
    I've written more about this in detail on the homepage for the plugin: http://www.hybrid6.com/webgeek/plugins/wp-spamfree

    I'll give you a quick rundown here though too:

    WP-SpamFree uses a completely different system than Akismet. Akismet is a great plugin, but it has some weaknesses - for example the problem that you have to check your queue for false positives. (This wastes lot of time for most people.) The most common methods for fighting blog spam usually fall into two categories:
    1. Machine intelligence of some sort (an algorithm) to judge a comments spam status (like Akismet)
    2. Some type of test that involves user interaction: CAPTCHA's, challenge questions and such
    Some of the problems faced by plugins that fall into the first category is that they require connections to central server where data is collected, and they need a lot of database access which can really slow down your blog. Also, any automated system has the potential to be wrong and flag a false positive, as you pointed out. Some of the problems face by plugins in the second category are that people hate them...Stats show that the vast majority of people strongly dislike having to fill out CAPTCHA's and challenge questions.

    WP-SpamFree doesn't fall into either of these categories - it's a completely different type of plugin. In a nutshell, it simply tests for a combination of two things that most bots can't handle: JavaScript and Cookies. Stats show that 98+% of web users have these enabled, as its the default browser configuration, so it has the lowest inconvenience rate of any of these solutions. If the user has JS and cookies off, it simply prompts them to turn them on to post their comment. It saves you a lot of time because you don't have to check for false positives, it's an extremely effective method of cutting down spam to almost nothing, and it doesn't slow down your blog. I created and implemented a similar system on contact forms for clients several years ago...no spam.

    That's the quick explanation...there's a lot more info on it on the blog post. Hope that helps!

    Hey Jim. I'll have to run some WP MU tests and I'll let you know what I find out.
     
    WebGeek182, Jan 25, 2008 IP
    nks likes this.
  4. Grump

    Grump Well-Known Member

    Messages:
    36
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    108
    #44
    Okay, thanks. If you need a guinea pig MU site, I could fix you up.

    Jim
     
    Grump, Jan 25, 2008 IP
  5. nks

    nks Well-Known Member

    Messages:
    1,601
    Likes Received:
    40
    Best Answers:
    0
    Trophy Points:
    160
    #45
    That's a great explanation that you've provided. Yes, sounds like your method could be a new breakthrough to fight spam and bots. Is it 100% true that bots cannot handle JS and cookies?
     
    nks, Jan 25, 2008 IP
  6. WebGeek182

    WebGeek182 Active Member

    Messages:
    510
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    95
    #46
    Glad that helps. Nothing is 100%, but the number of bots that can handle both is less than 0.5% of those out there. (Even the spiders of Google and other search engines, with all their resources and AI, don't handle JavaScript.) This means that the amount of potential comment spam this plugin can beat is almost 100%. I haven't seen a bot beat it yet. Not so say it won't happen or hasn't, but it's rare, if at all. (And I'm working on some new additions for the future that will make it near impossible for future evolving bots to beat it.) This plugin doesn't address human comment spam, or trackback and pingback spam, but these are much lower in quantity, and if you use Akismet also, it will handle the latter. The goal of WP-SpamFree is to make the most difference for the most people, and I think it does that. :cool:
     
    WebGeek182, Jan 25, 2008 IP
  7. nks

    nks Well-Known Member

    Messages:
    1,601
    Likes Received:
    40
    Best Answers:
    0
    Trophy Points:
    160
    #47
    I have a great idea for you; why not you integrate the two system into 1 powerful plugin, Akismet being able to filter based on human spam, and your plugin capable to detect bots and spiders. That is a sure hit!
     
    nks, Jan 25, 2008 IP
  8. WebGeek182

    WebGeek182 Active Member

    Messages:
    510
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    95
    #48
    That is a great idea! Unfortunately collaboration isn't always a smooth process. :rolleyes: Hopefully things can move in that direction in the future though. :)
     
    WebGeek182, Jan 25, 2008 IP
  9. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #49
    I think that's what many of us are doing already. The two plugins run well togather.
     
    minstrel, Jan 25, 2008 IP
  10. WebGeek182

    WebGeek182 Active Member

    Messages:
    510
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    95
    #50
    @Minstrel: Exactly right.
     
    WebGeek182, Jan 25, 2008 IP
    MTbiker likes this.
  11. MTbiker

    MTbiker Well-Known Member

    Messages:
    2,537
    Likes Received:
    123
    Best Answers:
    0
    Trophy Points:
    170
    #51
    I recommend this more and more each day! I love it, although Akismet might get bored now that it's not really doing anything ;)
     
    MTbiker, Jan 29, 2008 IP
  12. WebGeek182

    WebGeek182 Active Member

    Messages:
    510
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    95
    #52
    @MTbiker: Thanks for the great review!
     
    WebGeek182, Jan 30, 2008 IP
  13. michael.aulia

    michael.aulia Active Member

    Messages:
    736
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    78
    #53
    I recommended it as well on my blog and it had some positive feedback

    Just wondering, if someone trackbacks to my post, will it get blocked by this plug-in? (I had a blog reaction of a post somewhere else, but it's not automatically put in the comments)
     
    michael.aulia, Feb 7, 2008 IP
  14. WebGeek182

    WebGeek182 Active Member

    Messages:
    510
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    95
    #54
    Hey Michael. Version 1.3 blocked trackbacks and pingbacks, but version 1.3.1 doesn't. (Someone brought it to my attention and I released 1.3.1 the next day which fixed it.) Thanks for the great recommendation!
     
    WebGeek182, Feb 7, 2008 IP
  15. michael.aulia

    michael.aulia Active Member

    Messages:
    736
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    78
    #55
    Hmm weird. I am using 1.3.1.
    Got a few "Blog reactions" on the Admin screen but not on the comments' pingbacks..
    For example, I should have got a pingback from http://94files.cn/?p=6685

    Apology if it's not caused by your wonderful plugin :D
     
    michael.aulia, Feb 10, 2008 IP
  16. WebGeek182

    WebGeek182 Active Member

    Messages:
    510
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    95
    #56
    Yeah, it's not the plugin. :) It doesn't have any code for filtering pingbacks or trackbacks as those aren't it's target. There are a few reasons why you might not always get pingbacks and trackbacks, and you'll see these whether or not the plugin is installed:
    1. Not every blog is configured to ping.
    2. Pingbacks and track backs don't always work.
    3. Sometimes Akismet flags them as spam (false positive) and they either get stuck in the spam queue or they get deleted immediately.

    Hope that helps! :cool:
     
    WebGeek182, Feb 11, 2008 IP
  17. WebGeek182

    WebGeek182 Active Member

    Messages:
    510
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    95
    #57
    Thought you all might be interested to know that I just released version 1.5 of WP-SpamFree. It's got some new features that make it even tougher for bots to beat. Check it out:

    • Improved spam protection!
    • A much-requested feature: A counter on your WordPress Dashboard so you can see how many spammers WP-SpamFree has kicked in the head!
    • Added advanced verification methods that make WP-SpamFree tougher to beat by potential evolutions in spambots.
    • It now creates multiple randomly generated verification keys, across several methods, including random cookie values (so bots can't just set a value and hit the page), along a few other tricks that make it extremely difficult for spambots to bypass.
    • Now uses WordPress's database to store important data. Don't worry, though - we're still keeping the overhead light so it doesn't slow down your blog.

    Even more improvements are in the works for future releases. Stay tuned!

    More info is available here.
     
    WebGeek182, Feb 25, 2008 IP
  18. michael.aulia

    michael.aulia Active Member

    Messages:
    736
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    78
    #58
    Thanks for the news!

    I can't see the counter on the dashboard though (and can't find any info on your site as to how to set it up)
     
    michael.aulia, Feb 25, 2008 IP
  19. WebGeek182

    WebGeek182 Active Member

    Messages:
    510
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    95
    #59
    Hey Michael. Great to hear from you again. No need to set it up. It will magically appear once the new version has blocked it's first comment. It will be on the dashboard right below the Akismet counter, and on the WP-SpamFree page in the admin. I figured there is no need to have it show up with 0 comments blocked. :)
     
    WebGeek182, Feb 25, 2008 IP
  20. richrf

    richrf Active Member

    Messages:
    1,101
    Likes Received:
    26
    Best Answers:
    0
    Trophy Points:
    88
    #60
    Hi,

    Thanks for the update. I generally do not like using plugins that access the database, since it opens up the possibility of SQL injections. Is there a way to turn off all functions that require access to the database? Thanks again for a great plugin.

    Rich
     
    richrf, Feb 25, 2008 IP