The other day I opened up my blogs and I saw that they had this huge influx of comments. As this was rather unusual, I checked the moderation queue and to my surprise, I found a huge number of comment spam. Weirdly though, the spam contained none of the usual links, and instead found a random string of letters and numbers, like “j2miob2e5gylwz9w”.
As if that wasn’t weird enough, it seems that the spam got through Akismet multiple times. The spam messages came from these IP addresses:
Searching Google with the IP addresses brings up a lot of discussion about the spamming incident. Apparently, this has happened to a lot of blogs over a short period of time, and most, if not all, of the affected blogs were on WordPress.
So, what on earth was that about? It seems like somebody’s testing a brand-new spam tool that actively tagrets WordPress blogs. I’ve already blocked the said IP addresses via .htaccess, but who knows when the next spam attack will come?
This is probably the best time to brush up on some basic comment spam prevention tips. WordPress has some built-in spam prevention features, like:
- Keep comment modderation on; make sure that people need to have a previous comment approved first before they can successfully comment.
- If a comment has more than two links contained in it, it should be automatically moderated.
- Fill out the “common spam words” form in WordPress so that comments get moderated when anything within the comment (including the author URI, author name, author email and the body of the comment itself) matches the words in the blacklist.
- Akismet may not be built in WordPress by default, but it is included in the installation and installing it is the first thing I do when setting up a new blog. It still is the best spam filter out there.
If you have other anti-spam measures you implement on your blogs, just drop a comment and tell me about it.