This blog is powered by WordPress and is using Akismet plugin to detect and block spam comments. I’ve used Spam Karma 2 (SK2) before which is probably outdated by now and it really slows the blog down. Then I switched to a paid plugin called Comment Guard Pro developed by Taragana which is lighter than SK2 but it’s pretty aggressive as well in combating against comment spam. What I didn’t like about it is if the user has entered the wrong CAPTCHA code, the comment that the user typed is all gone. The plugin is encrypted and there is no way I can make any changes other than requesting them for help. I finally ditched Comment Guard Pro and used the good old Akismet.
Akismet is very light and the detection is nearly perfect achieving over 99% of an overall accurate rate. This blog is being hit by an average of 1000 comment spams per day and it manage to block them from being posted in the first place. It misses a few spams and also sometimes wrongly flags a genuine comment as spam but its no big deal since I check the pending and spam comments every day. Recently this blog has been hit by Russian comment spammers and Akismet misses all of them.
I upgraded my Akismet API Key to a commercial one to have higher priority over free ones, service is faster and more reliable and no traffic limits or throttles. Sadly the Russian comment spams are not detected.
The Russian comment spam normally does not have any link on the message and the whole message are in Russian. The URL will be filled with a link to the site where they are trying to spam. I’ve done a reverse IP lookup using DomainTools and found that there are a few thousands of domains and hosted on different servers. So far I’ve recorded a total of 210 and the spams are still coming in. Blocking the URL is not good enough because I have only 210 and I know there are thousands of them which are not blocked.
I noticed that they are always using the .ru email address to post the comment. Instead of installing another anti-spamming plugin, I am trying to keep it simply by using the WordPress core to block the spams. Log in to your Woprdpress Admin, go to Settings > Discussion. At the Comment Blacklist, you can fill in any word and when a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam.
If you want to mark all russian emails as spam, simple enter “.ru” without the quotes in the comment blacklist and click Save Changes. I have analyzed their comment spams for a few weeks already and it seemed like they are always using the same email service such as qip, rambler, yandex… If you only want to block the Russian comment spammers, use the list below. That should auto move all the Russian comment spams into the Spam area.
@qip.ru
@list.ru
@rambler.ru
@ukr.net
@mail.ru
@yandex.ru
If you don’t mind making your readers typing captcha code, you might want to consider WP-reCAPTCHA plugin because it is hard to crack since the text are randomly distorted and the words are being scanned from old books which cannot be recognized by OCR.
Related posts:
Its really interesting for me thank you
one license for me please RAYMOND
well .. i get a lot of similar spam in my site
that’s true.. i also got all of those spams in my site.. I noticed that they are always using the email from Russia and China also. A lot of annoying..
Not all of us that use mail.ru are spammers Using this service has its benefits for a start nearly all the spam you get is in Russian a simple Rule in outlook that filters out any emails with Cyrillic in them almost completely eliminates spam. :)
Not all of us that use mail.ru are spammers or russian. Using this service has its benefits for a start nearly all the spam you get is in Russian a simple Rule in outlook that filters out any emails with Cyrillic in them almost completely eliminates spam. :)
There is a site I go to that uses pictures as the captcha. You just type in the name of the animal such as a dog, cat, lion…….you get the “picture” right. Wonder if this is a better method. Sometimes those letters on the captcha are hard to read.
I think that adding WP-reCaptcha would eliminate all the spam bots on the net. Except if it’s a case of a persistent human writing malicious comments, which most probably won’t happen, the odds of such attack happening are usually low because it’s hard/boring/time consuming/nerve damaging/ to achieve, it simply doesn’t pay off. I think that You’re getting now spam from only one particular spammer with the same technique. He/She might just change the e-mail domains in future and the filter would be useless…
Also think about other languages/morphological formations too that might just pass through Akismet without any problems, it’s pretty much an open problem.
WP-reCAPTCHA plugin is great. One should give it a try
I think an add-on for Firefox such as ‘Textarea cache’ would be very useful for everyone in cases such as this and others; where you type a long email or such and accidentally click the refresh or back button.
Textarea cache saves the text you type in text boxes (or ‘areas’) so that you can retrieve the content easily in case the text ‘disappears’ :)
thanks great tip.