Three weeks ago, I slightly modified the comment system on this blog for an experiment. This blog is a standard wordpress installation. Comments are normally directed to the
wp-comments-post.php script by the HTML form. What I did is:
- Create a
comments-post.phpwrapper script that just includes
wp-comments-post.php(this allows things to still work properly after wordpress upgrades),
- Make the HTML form direct to a
- Add a
usedForm=1parameter to the HTML form action, such that
comments-post.phpis supposed to always be called with it,
hasJS=1parameter to the HTML form action when the page is loaded, and a
Submit=1parameter when the form is submitted.
During the past three weeks, on this blog, there were 7170 comments, 8 of which were actual comments. 7162 were spam (~99.9%).
- 3165 spams (~44.1%) were sent to the original WordPress comment handler (
wp-comments-post.php) from 1589 unique IP addresses.
- 0 spam were sent to the new comment handler without a query string (
comments-post.php), but 1 was sent with an empty query string (
- 18 spams were sent to the new comment handler with a lowercased query string (
comments-post.php?usedform=1) from 6 unique IP addresses.
- 3971 spams (~55.4%) were sent to the new comment handler with the form query string (
comments-post.php?usedForm=1) from 1153 unique IP addresses.
comments-post.php?usedForm=1&hasJS=1&Submit=1) from 5 unique IP addresses.