February 11, 2007

WordPress, Akismet & a little code blocker

Early on in my usage of WordPress, and with the gracious help of Darin Swan, I implemented a "word blocker" which prevented the posting of comments containing certain words. Unfortunately, it also prevented using certain words (or parts of words), some of which might normally and innocently be used in writing comments. (An example is "assuming".)

Since I began using the WordPress Akismet comment spam quarantining plugin in December, I was pleased that it set aside almost all comment spam, quarantining them on the internal WordPress Akismet page. The result was that I’ve been able to remove my old word blocker, and Akismet has captured over 5000 spam comments since December, with very few errors. Heck, I was even able to allow previous posters to comment at all without moderation.

Unfortunately, it also meant that I had to skim through dozens of comment spams in the internal Akismet page every day. And I’d wondered, in my Akismet and blog spam post in December:

I have one nagging thought: since I would assume that most comment spam is automated, if the comments are accepted by the blog (but not posted), does this not give blogspammers the idea that they’re actually being posted?

I don’t know if that’s true or not. (I do know that most comment spam here at Developed Traffic is aimed at posts about spam blocking, firewalls, and the like. I guess that is a hint to me, even if it’s the generic “me”, for even trying.) Anyway, I’ve tired of seeing how many spam comments have been blocked (not that that’s bad) and especially having had to skim through 5000 comments so far to ensure that any legitimate comments get posted. While the spam comments are quarantined, and not mixed with legitimate comments (maybe five out of 5000 have been), it’s still time-consuming, as well as annoying to see what kinds of “content” these people want to post.

At any rate, I’ve noticed that most comment spam contains two versions of URLs: the usual a href HTML variety and the BB code [url] versions. My guess is that they just mega-blast spam comments at both blogs and forums, hoping to be able to post their URLs by using both versions. And so, on a trial basis, I reimplemented my wordblocker for just the BB code version of the URL.

In wp-comments-post.php, around line 19 (in WordPress 2.0.7) — after the comment_on_draft statement — I added:

$comment_content = trim(strip_tags($_POST['comment']));
if (eregi("\[url",$comment_content) !== false) { die("Sorry – BB Code tags not allowed.");}

What this does is, if someone posts [url=whatever, WordPress will block it with the message: "Sorry – BB Code tags not allowed.". Apologies to anyone who may want to write a BB code URL here, although I’m not sure why it might be needed. If you need to post the BB code [url code for some reason, just add a space after the bracket. It should still go through.

Lastly, I’ll note that the immense flood of comment spam caught by the ever-efficient Akismet has now slowed to a crawl. I expect that blog spammers may take a different route in the future, but for now this is good. :)

4 Comments to "WordPress, Akismet & a little code blocker"

  1. Teli says:

    Only 5,000? Since installing Akismet in early January, it’s already trapped 27,302.

    Honestly, I don’t even bother scouring it any more for legit comments because it’s just too crazy. If I let it site for more than 24 hours, there can be hundreds of potential spam comments to sift through and that “Delete All” button starts beckoning me to click it.

    On one blog, I’m using the Akismet worst offenders plugin and love it. It allows you to delete the egregious spam attempts (multiples from the same IP or domain), so you can whittle the list down to one that can be easily scanned. It would be amazing to have it integrated into the official Akismet plugin.

    One thing about Akismet is that it no longer uses the built in WP blacklist (I know because I’ve added the BB code links to the blacklist, but they still make it through into the Akismet management page).

    Thank you for posting this bit of code because I wasn’t even thinking about adding a “blacklist” to the actual comment form.

    ~ Teli

  2. Diane Vigil says:

    Wow, Teli. That’s a *high* number!

    I had actually been using various blockers for many months which prevented comment spam from being posted at all. So maybe some of them gave up on me. :)

  3. Teli says:

    And that’s just one blog…let’s not even discuss the others. I wish they’d give up on me! LOL

    ~ Teli

  4. Diane Vigil says:

    Well, start blocking their nonsense.

    The only problem is that you have to be judicious about what types of words you’re blocking. For instance, I often say, “Assuming that” … and “assuming” gets blocked.

Have your say ...

First-time comments will be held for moderation (but comments are appreciated). Otherwise, just be courteous. If your name is a bunch of keywords, your comment will be deleted. Don't post links unless highly pertinent. Posters must be 16 or older.

Manage your subscriptions

Archives
© 2004-2014 DianeV Web Design Studio. All Rights Reserved.
33 queries. 0.205 seconds.