Over 300 message in my Gmail spam folder. A new personal record. I can’t stand it right now, but I’m going to try and hold out for 500.
Over the past week I’ve had a problem with spammers hitting my comment form hardcore both here and at 2 Hole Cards so hard it was crashing the web host server. They had to disable the sites and it looks like the spammers have moved along. Just to help out for future attacks, I’ve upgraded to the latest and greatest testing version of WordPress and added Spam Karma 2.3 as a new plugin.
I guess Chase bank can predict the future because I just received an email from them with the following…
Your online credit card account has high-risk activity status. We are contacting you to remind that on April 08 2006 our Account Review Team identified some unusual activity in your account.
Hell, I don’t even have a Chase account and never had.
On February 14th, I upgraded MtDewVirus to WordPress 1.5 and on February 27th, I deactivated all spam prevention plugins. I was kind of curious how many comments, trackbacks, and pingbacks have been flagged as spam by my WP install, so I just took a look. It’s April 1st, but this is no joke…I have 10,000 spam comments sitting in my database. Ten thousand pieces of spam in a month and a half! Thanks to WordPress, not a single one was ever viewable by those of you reading MDV.
Comment left by a spammer today…
I don’t think your site is working.
One thing I noticed however was pingbacks automatically being approved. I had trackbacks moderated by a plugin I wrote, but otherwise they would have been approved also. Since they weren’t from sites in my link list, they should have been going to moderation. Well, this morning I took a browse through the code for 1.5.1 (I’m using the latest and greatest) and I found a bug with pingback and trackback white listing. WP was marking every PB and TB as white listed. It wasn’t ever possible for them to not be white listed, so I fixed the code and submitted a patch. Now I’ve even deactivated my Moderate Trackback plugin since I don’t need it either.
If you’re curious about my settings in WP, here they are:
- Anyone can register = OFF
- Users must be registered and logged in to comment = OFF
- An administrator must approve the comment (regardless of any matches below) = OFF
- Comment author must fill out name and e-mail = ON
- Comment author must have a previously approved comment = ON
- Hold a comment in the queue if it contains more than 5 links.
- Blacklist comments from open and insecure proxies = ON
- Comment Moderation words = NONE
- Comment Blacklist words – I do have 7 words listed here. Contact me if you want them.
That’s all there is to it.