I recently stumbled across an archived mailing list post of mine from the days before spammers started targeting WordPress. Someone had remarked that their spam problem had disappeared when they switched from Movable Type to WordPress, and I responded:
Oh, they hit us WordPress users too, just not as often as MT. Having it automatically moderate comments with certain keywords or more than X number of links helps cut it down, and the ability to (a) see all the latest comments and (b) mass-delete comments reduces the pain of cleanup. But they do target WP blogs from time to time.
I tend to get a pair of comments sent to the moderation queue every few weeks (presumably they figure if the first two didn’t show up, they won’t waste their time with more), but just this morning I had to delete a spam comment that came in last night and didn’t trip the moderation rules. (One of those with the generic “I like your site” messages and the author’s URL being the spamvertized site.)
That was September 2004. How things have changed! All WordPress blogs come with Akismet as an anti-spam measure, but I still prefer to use Bad Behavior, which has blocked ~2900 hits to this site in the past week alone, and Spam Karma, which has collected over 17,000 comment spams.
And with all those counter-measures in place, I get a couple of comments landing in the moderation queue each week. And just this morning I had to delete a spam comment that came in last night and didn’t trip either layer of defense (it was a generic piece targeting keywords found in a post). The filters are just barely keeping pace with the increased volume.
I dunno a whole lot about that kind of thing, but I’d guess the chain of related/connected sites is a reason you’re such a target.
Not saying that’s a particularly useful observation, even if it’s true, but I guess I’m wondering “out loud.”
I hadn’t thought of it in those terms, but you’re probably right. Combine it with the sheer size of the archive—we’ve been at this for 4½ years, and the dashboard says we’re up to 1,310 posts—and even a single spam run, if they’re being thorough, can get pretty big.
On the plus side, that figure for Spam Karma seems to be a total since first installing it, which would go back maybe two years. And it turns out those 2900 hits blocked by Bad Behavior are mostly probes by spambots looking for targets. “Only” about 700 were actual comment attempts, and another 500 were trackback attempts that probably would have been blocked anyway, once WordPress checked the remote sites for links to the posts.
Scary. Sometimes, it feels kinda good to be a nobody in the online world. The alternative sounds like a lot to worry about.
(Sorry. I dunno why it put her name in that field.)
It’s a known problem with the cache plugin I’m using. Sometimes it’ll include a commenter’s info when it saves the most recent version of the page. It normally doesn’t cause problems because I don’t get very many actual comments. I guess I may as well turn it off and see how well the site manages.