WP + Spam = :(

[Helpless-Laughter]

My whole site is ran in WP, which I love and yeah, in the past, I've gone through spurts where I wanna change it, for something new/a change, and had backed it all up and switched to Drupal (which didn't show me as much love) so I went back to WP. Since my WP return, however, everyday I have atleast 5 spam comments and it's gotten tiresome and monotonous.

Can anyone recommend a plugin (or multiple) or SOMETHING to help relieve me of this spamilicious problem?

~Jen

[Webzarus]

Is all the spam or the bulk of it coming from the same IP address / IP block ?

The responses and or resulting email notifications will have the ip adressss.

What I've seen in the last with WP SPAMMERS is that the bulk of the spam is coming from a handful of IP ADDRESSES, and a couple of IP blocks...

Using your .htaccess file, you can block IP or IP blocks pretty easily.

http://www.clockwatchers.com/htaccess_block.html is a very simple tutorial on how to.

[TheGAME1264]

5? That's low by WP standards, or lack thereof.

Like WZ said, the best way to handle this is to add the rules in .htaccess to block the majority of bots. My own trick is to let them find a bot trap that I put on the site and automatically write to .htaccess that way. Took a site that had a huge bot problem and removed 99.3% of them in about 10 lines of code...unfortunately, it also caught Bingbot because Bingbot is clumsy, but that was easy enough to fix as well.

[Helpless-Laughter]

No, the IP isn't the same. similar, but not the same

[TheGAME1264]

You can block the range (e.g. deny from 178.32. ).

[Webzarus]

The bulk of "IP blocks" that I end up blocking come from the Asian region, but lately I've been seeing a good bit of spam coming from Eastern Europe as well, but I intentionally don't use captcha or anything to stop them...

On client sites I implemented the hidden text area ( hidden using CSS ), ignore any post that has anything in the field... BOTS are stupid and eager to fill in any text area they find... I've found nothing to stop the actual spammers that employ real people to bang around submitting copy/paste submissions to any and every form they can find.

That's where the IP's in the same ip block come in... I just block the whole subnet.

[Helpless-Laughter]

I went through and typed up all of the IP addresses. They're all different, some are similar, some are not. I had cleared my email inbox, so I just have the last week's work, only 2 sets of 2 IPs start with the same 3 numbers.

I gather I can set up the htaccess to block those IPs, but this wouldn't keep other bots with similar IPs from sending spam through, would it? (I am very new to htaccess, I've never done anything with it in the past)

[Webzarus]

Are you using any kind of Captcha ? even the simple ones seem to be somewhat effective on SPAM BOTS... and that's why they are designed... to make it easy for people to submit, and limiting automated systems from submitting.

I installed the Captcha plugin on one of my clients sites and spam bot submissions went away... problem is, once your site gets on some of the list, tons of spam bots can and will visit the site, even though they can't submit, they are still using up your bandwidth.

blocking with .htaccess keeps them from making request on your server. moreover, bots that are using the same IP BLOCK Range are usually tied together in some way or form. If you start blocking some, your site name may actually be flagged to not visit by bots from their range.

reminder, using .htaccess without understanding can block access to your site from legitimate visitors.

deny 192.168.23.15 will block 1 potential visitor
deny 192.168.23. will block 254 potential visitors
deny 192.168. will block 64,770 potential visitors

potential because not all IP addresses in a given block are ever used, but you see the impact of what a single segment can have when blocking IP ranges.

The 192.168 example above is used for illustration only, I know that it is a private IP block that cannot traverse routers, I was just using it for example only.

[Helpless-Laughter]

last night, I noticed my anti-spam and captcha plugins, which have been my safehouse in the past, weren't activated. I got them all activated and added a deny for those IPs I had found and so far today I haven't gotten any spam, so I'm hoping this has fixed my problem

[seth@solarblu]

One way is to lock comments to actual users registered, I turn off commments on pages and only allow on posts, in the settings->discussion settings checking these items helps me out.
Users must be registered and logged in to comment
Comment author must fill out name and e-mail
Hold a comment in the queue if it contains or more links. (A common characteristic of comment spam is a large number of hyperlinks.)

And using wp-register with appropriate settings including captcha can also help reduce spam. Enabling Akismet will also help. Hope this helps buddy!