I had relatively peaceful period in blogging after I renamed the wp-post-comments.php, but yesterday the first spammer updated his robot to snoop the new URL from the form, as I was predicting.

Fortunately all the spamming attempts so far have been feeble, going through the same old stuff and Spaminator has been able to delete all of them.

The situation still sucks and I really don’t want to waste my precious time to delete a bunch of comment spam emails every day. Maybe I’ve to figure out new counter-measures, once again. Or should I implement the monster that I designed earlier. Anyhow, all good pointers are really appreciated.

I’ve been hit hard with online poker comment spam recently. None of them got through Spaminator, but they still eat up processing power and bandwidth from my site. To get rid of some spammers (hopefully), I renamed the wp-comments-post.php.

This won’t help with the modern spamming robots, as they are capable of traversing the individual pages and read the comment form fields, and then generate the POST request on the fly. Renaming the fields would help for sometime, but not for forever.

I figured out a solution that could stop automatic spamming, but it’s not straightforward to implement and I don’t have time to set up a staging server to test it. The basic idea is simple:

1. Everytime the comment field is generated, a random number is added as an hidden field. The number is also written to the database along with the current timestamp.
2. When a comment is posted, the existence of such field is checked. If there is none, the comment is discarded as spam.
3. If the field exists, the value is compared to those found in database. If the value is not found or its timestamp is too old, the comment is discarded.

This approach has its problems, too. The comment spammers could load every entry in your blog, collect the generated values and use them to post the spam. But to get there, they should update their spam robots and that would take time.

The idea can be extended, for example, by splitting the generated number into two parts and using these parts as the name and the value of the field. Thus there wouldn’t be any specific name to look for for the robots. Or, use the value as the POST URL. Create a separate folder inside WP installation, copy the wp-comments-post.php into it, set it to handle 404 errors and then check the original filename. Simple, eh?

Anybody interested in writing this piece?

After I installed Kitten’s Spaminator, not a single spam comment has gone through. Several normal comments have been posted with no problems.

I’ve set Spaminator to send email to me for every spam killed, so if it accidentally kills a legal comment, I could repost it. I soon learned that this approach has one problem: I need to go through all the emails by hand and sometimes this is quite daunting task.

Spaminator sets the following subject for all mails:

[Blogname] Spaminator: Spammer caught!

I fixed the PHP code to include other information to make it easier to delete all repeating messages:

[Blogname: SPAM] sender <email> URL

For example:

[Nomadig: SPAM] Mr Foo Bar <foo@example.com> http://www.example.com/

This is accomplished by changing the value of variable $to on line 146 to following:

$to = '[' . get_settings('blogname') . ': SPAM]‘ .
      $this->post['author'] . ‘ <’ . $this->post['email'] . ‘>, ‘ .
      $this->post['url'];

I’ve gained first small victory in fighting comment spam. A few days ago I installed Kitten’s Spaminator and after that it has swallowed every comment spam message. Way to go!

My only concern is that it may delete some normal comment as spam and I wouldn’t know anything about it. The Spaminator sends email for every deleted spam, but currently I have to read the message to see the title and the sender of the message. This is cumbersome, especially is some jackass sends a spam for every article that I have…

Maybe I have to fix this someday, if the number of emails grows.

I got attacked by comment spammers during my long weekend in northern Finland. They seem to operate mostly on Saturday and Sunday (seemingly a favourite). I found out that I had issues when I was reading my email with my phone and there were 91 new messages in my Nomadig.com account. Unfortunately all of them were related to comment spam, and none of these spam messages were caught by WordPress spam tools.

As a sidenote, I must say that it was quite nomadic experience to clean up my blog while travelling in a long-haul bus from Taivalkoski to Oulu. I successfully used my phone to log in to the WordPress management pages and cleaned up all spam comments.

I also added a few spam words to the filter. This was a mistake. WordPress didn’t understand the newlines send by the phone and all words were separated with ‘?’. This, of course, opened the doors for spam. Luckily enough, I found this out during middle of another wave of spam and fixed the situation immediately. The flow stopped and I now have to clean up a couple dozen moderated comments.

I have to shift gears in the fight. I’ll use the following countermeasures:

1. Install Stop Comments plug-in from Laughing Lizard to allow me travel without caring comment spamming for a while. Unfortunately this restricts also all valid comments for the period of my trip.
2. Use Stop Open Proxy Commenting from John to stop comments from HTTP proxies that are known to send spam email.
3. Consider using Spam Karma from Dr. Dave to stop spam comments getting into the blog.
4. Study more alternatives at WordPress Combat Comment Spam site.

[Update Dec 8th]
I just installed comments off and ip blocklist plug-ins. If you cannot comment, please provide error report by email.

Any other suggestions?

I’ve been, once again, attacked by a comment spammer. It seems that she (yes, indeed she) is adding the very same message to every single blog article on this site.

Fortunately WordPress hasn’t allowed any of these messages to go through. I don’t say the explicit reason, as I really don’t want them to learn from their mistakes.

Maybe I should ask Google not to follow links on the comment pages? Or does somebody know whether you could control Google’s indexing with rel or rev attributes?

I’ve tried recently to add images to my blog posts whenever possible. They enrich the post and add value to the reader.

My problem is that I don’t have much time to fool around with the images. The current procedure for having a photo in my blog is the following:

1. Take a picture with one of my cameras
2. Transfer the picture to my laptop using memory card adapter
3. Open the picture in Photoshop
4. Crop and resize the image
5. Correct colours and sharpen the image
6. Save the image for web
7. Upload the image to WordPress
8. Attach the image to an article

Has somebody better way of doing this? Any technical aids that would do good? If somebody is willing to write a Photoshop export plug-in for saving images to WordPress, I’d be willing to beta test it.

I’ve been thinking for a long time to add some detailing to various categories. Some people may like to skip the reviews category altogether, and others read only those. If the article would show some visual cue about the category, it would be simple to jump your way through the categories.

To accomplish this, I need somehow to bind the article categories and my CSS together. WordPress does not have any readymade functions for this, as all category functions create HTML code that is unsuitable for my purposes.

Instead, I found myself once again hacking WP. The first task was to found a proper function to get the list of categories for posts inside the WP loop. The function, get_the_category() was found by reading the source code of the categories template functions. This function returns an array of category objects that contain the category information as member variables.

The rest of the process is relatively simple. Create a foreach loop over the array and print out the correct category name with suitable prefix or suffix.

WordPress index.php creates <div class="post"> for each post. I added my loop inside this tag:

<div class="post<?php foreach(get_the_category() as $ccat) {
  echo ' cat-', $ccat->category_nicename;
} ?>">

Note that I use category_nicename that is in lowercase.

The <div> for this article would be <div class="post cat-technology cat-wordpress">.

The next step is to fix the CSS, but it’ll be worth of its own article (a poor excuse for the fact that I haven’t implemented it yet :).