Stop Comment Spam
Everyone seems to be getting in on the WordPress train. So time to share some techniques, starting with spam…
One that I’ve started doing recently is blocking it at the webserver level using mod_security if your webhost provides that option (I do!). A ruleset similar to the following, taken from TextDrive’s forums will block a large percentage of comment spam. 100% of the 868 comments I had from the last few days awaiting moderation before putting this in are from byob@y…. (the obvious consequence though is that I have to disable that just to post this 
):
SecFilterEngine On
SecFilterScanPOST On
SecFilterDefaultAction "deny,log,status:412"
# Stop Comment Spam
SecFilterSelective "POST_PAYLOAD" "poker-w\.com"
SecFilterSelective "POST_PAYLOAD" "texas-holdem-big\.com"
SecFilterSelective "POST_PAYLOAD" "onlinepoker-i\.com"
SecFilterSelective "POST_PAYLOAD" "byob@y"
SecFilterSelective "POST_PAYLOAD" "yourfatass"
SecFilterSelective "POST_PAYLOAD" "your\ fat\ ass"
Should work for other blogging software too. More tips to come, I’m just getting back into updating my long overdue blogger.
(Edit: Looks like I need to fix my code block CSS)
Sexy! Didn’t even know that .htaccess for in on POST level stuff. Might have to take a gander. I’ve so far escaped serious blog spam since my WP conversion. We’ll see how long that lasts.
ColdForged said this on December 9th, 2004 at 3:03 pm
Yea, it’s pretty slick. However that above will only work if mod_security is running under your Apache web server.
Mike said this on December 9th, 2004 at 3:58 pm
Well hell… I found out the simple way that my web host doens’t include mod_security. Nothing like an internal server error to brighten the day. I’m hoping I can talk them into adding it as I’ve made it onto some spammers’ radars. None have become visible yet with the blacklist and all, but I still have to deal with them.
ColdForged said this on December 13th, 2004 at 7:59 am
re: SPAM on my Blog
Justin King's Rant::Blog said this on December 14th, 2004 at 7:04 pm