Anti comment spam measures

In the past months, I was getting more and more comment spam. Even though the configuration was set to moderate comments containing a link. It was a good filtering measure at the beginning, but became less and less handleable. When I decided to act, I was getting more than a hundred comment spams in my "Awaiting moderation" list. Per day. Maybe even more, I can't remember. And about the same amount were actually able to go past the moderation filtering, by not putting links in the comment itself, but in the homepage field of the comment form.

While wordpress' comment moderation interface is pretty efficient at deleting a lot of spam, the comment management interface just sucks, even in the "massive editing" mode. So, after having spent quite some time in this sucky interface, I decided I didn't want to resort to it any more.

First I had to remove all these comment spams. I had to use use the SQL delete command myself, since WordPress is useless. I basically deleted all comments posted after the last real one I saw. Sorry if someone posted one I didn't see. The tricky part was that the comment count for articles is kept in a field of the wp_posts table. Which means there was a difference between the actual comment count and the count displayed. For those who'd want to do the same at home, here is the magical SQL query to refresh the comment count:
update wp_posts set comment_count = (select count(*) from wp_comments where comment_post_ID = id and comment_approved = '1');

Next step was to avoid getting more spam. I didn't want to use captchas or any turing tests, because they basically all fail to be accessible in some way. So, I took a balanced decision. While I appreciate to get comments, I can't stand any more the spam that get in posts as old as the blog. The best thing to do then, I think, was to allow comments on recent posts only. Sorry for those who'd like to comment on old stuff, but being able to comment on the newer posts is still better than nothing. I also kept the link moderation policy, which seemed to be helpful at the beginning.

For the little story, again, WordPress was not very helpful, so I had to resort to an SQL query to close comments on all the posts.

It's been 3 weeks or so, now, since I switched to this new policy. I got only 1 spam to moderate and none directly in the comments. Let's hope it will last.

2006-06-25 20:27:18+0900

p.d.o, website

Both comments and pings are currently closed.

6 Responses to “Anti comment spam measures”

  1. James Cape Says:

    The Askimet plugin does a very good job of filtering out spam en-masse, and is entirely backend-driven (no captchas or javascript or whatnot).

  2. Steve Kemp Says:

    I do that too. My SQL is :

    update wp_posts SET comment_status=’closed’ WHERE (TO_DAYS(now())- TO_DAYS(post_date) >=7);

    I call this via cron every day so that posts older than a week will have comments disabled automatically. It would be nice it wordpress managed this itself.

  3. glandium Says:

    James: Askimet sounds tempting, but I’m still reluctant to systems that can give false positives.

  4. Ben Says:

    Try “Comment author must have a previously approved comment” option in WordPress.

  5. JD Says:

    I’m interested as to how turing tests aren’t accessible. I know that captchas aren’t, but I wasn’t aware that there was any problems with turing tests. I know that since I implemented a simple “I am a human” tick box on my comment form I have stopped getting any spam.

  6. glandium Says:

    JD: http://www.w3.org/TR/turingtest/