While I have not been writing many posts here, I have been keeping up with the behind the scenes maintenance stuff. Keeping WordPress updated, dealing with spam buildup, updating plugins, dealing with spam buildup, updating themes, dealing with spam buildup, figuring out how to run PHP5 on this blog, and finally, dealing with spam buildup.
Spam, Spam, Spam & More Spam
As hard is it is to believe, most of the time I spent on behind the scenes stuff was dealing with spam. Akismet does a great job filtering it, with only a few pieces getting into the actual comments section, but on occasion, some real comments get sucked into the spam section. Since I get so few real comments here, I hate to just delete those, but that means at least looking at all of the spam that was sorted out. 🙁
This doesn’t sound too bad, but if I did not do it for a week, I could easily end up with a couple of hundred messages to look through. There were times I was getting 60+ spam a day in the spam section. Doing searches of obvious spam terms, like certain drug names, and doing a mass delete of the results made it somewhat easier, but still time consuming and not at all fun. (One of the things they do not tell you about when sharing “The Joys of Blog Writing”.) So I finally decided to check out the plugins and see what was available to cut down my numbers.
I was not looking for a spam filter. Akismet does a fine job at that. I wanted something that would catch a known spam IP address and prevent it from even reaching Akismet. I had faith that WordPress plugin writers would have something to address the issue. And my faith was rewarded in the best way. I not only found what I was looking for, I was lead to something greater than I knew existed.
Clicking on the spam link on Add New under Plugins will get you a lot of results. A lot of it is probably quite useful, like the various CAPTCHA plugins for comments and contact forms. But I was looking for something that could filter based on IP addresses and preferably was fairly automatic. Fortunately, one of the first plugins I noticed was AVH First Defense Against Spam which mentioned that it used 2 outside services for checking IPs. That was much more appealing than the ones that required my building my own blacklist or having to manually update a provided blacklist.
The installation from the WordPress site worked fine, which is always nice, and it added a separate menu under the regular dashboard menu. The new menu includes an Overview, General Options, 3rd Party Options, and a FAQ page.
The Overview page is not very useful at first. It provides information about stopped spam and some of the settings you use. The place to start is the General Options, which has 5 windows that require some kind of decisions from you.
Most of the settings are easy to understand. Do you or don’t you want to receive and email from the plugin when it runs its daily cron jobs? If you don’t know or care what that means, leave it unchecked and ignore it. Use IP caching or not? If you have a high traffic site, probably a good idea, but again, a simple check in the box to make it happen or not. Do you want to receive an email if a comment fails the security checks? If you want to see it in action, check the box, if you want to set it & forget it, leave it empty.
The two most important parts of the General Options are the Blacklist and the Whitelist. One of the reasons I picked this plugin was the use of outside sources that didn’t require me to set up a local blacklist. And the use of both of these lists is entirely optional. You don’t want to mess with them, uncheck 2 boxes and ignore them. I personally would recommend at least using the Whitelist, to list various search engine IP addresses, but it is not really necessary. I do not know of any search engines that have been blocked from my site by the plugin.
The 3rd Party Options page is where the really important stuff needs to be decided. Under the Stop Forum Spam window, you need to check the top box. That is the minimum requirement for using the plugin successfully. If you don’t want to bother with anything else, check that box, set the number in the email threshold under it to -1, save the settings and move on to other stuff.
What I would recommend, even if you do not want to get any emails from the plugin, is to go a bit farther. One of the options in that window is using an API key from the Stop Forum Spam website. This requires signing up at the website, but that is painless and quick. And doing so give you a way to pay back and improve the service.
When you have an API key, an option is added to anything on the Spam section of your comments. (Yes, you will still get some spam. None of the plugins I looked at say anything about stopping all spam, most say they will not do so. C’est la vie.) You are able to Report & Delete the message with one click. That is, report the IP address to the Stop Forum Spam database, so that it will show up when others check there. I have also been adding the IP to my local blacklist, so I never have to worry about it showing up again. That is not necessary, but since the local blacklist is checked before the Stop Forum Spam database, it saves me an API call on a known spammer.
The other side of the 3rd Party Options page is for dealing with Project Honeypot and their blacklist. In order to use the information from Project Honeypot, you need to join their site and get an API. This is also pretty painless and quick, and they do have a different blacklist, so it works well with the Stop Forum Spam to catch spammers. One of the things that I like about the information you can get from Project Honeypot is it includes things like whether or not an IP address is from a search engine bot. This allows you to easily add them into the Whitelist, making sure they do not get blocked from your site and decreasing the number of API calls you make.
This is a very nice plugin. It scales easily with user knowledge and desires, allowing you to control everything in the set up, from emails to what databases to check. You can set it and forget it, or be more proactive with the black and white lists. No matter how active you want to be dealing with spam, this is a good plugin to use. And just to give an idea about its value, according to the Overview page, as of this writing, 2302 spam stopped in the month of October.conditions