redemption in a blog

Why not simply rename wp-comments-post.php? solves you problem right away without bothering any of your visitors…

Posted by: Tijs on November 5, 2004 6pm

Well, that is a good idea, but I doubt it will solve the problem since spammers seem to be hitting me by actually posting. At least, that’s what my access logs seem to tell me. Or maybe I’m totally off-base. I’ll find out for sure if and when another steady stream of comment spam arrives. I’m pretty sure this is only stop-gap. If it gets worse, I’ll get down to business ;).

Posted by: Cheah Chu Yeow on November 5, 2004 6pm

Isn’t this better? http://james.seng.cc/archives/000145.html

Posted by: Terry Orio on November 5, 2004 7pm

I just renamed the file and then edited the one of the other comment files to go along with the renamed file and that solved ALL my problems.

Posted by: nick on November 5, 2004 9pm

test

Posted by: test on November 5, 2004 9pm

Another thing to keep in mind is that for a popular site like yours, spammers might be willing to do a quick scrape of your source to determine what the “letter of the day” is before they automatically fill out your form and post. I think this is why using a graphic might be more appropriate. A spammer then has to either look at the graphic, or figure out what your naming scheme is for the images you use for the “letters of the day.”

I’ve been thinking about options to use on my site (yes, even though it’s not very popular and I use my own CMS I still get spammed) and have yet to decide on anything definitive. I’m leaning toward creating a bunch of graphics that contain random words (not as predictable as the 26 letters of the alphabet) and having the commenter type the word in a text field. Once a month or so I could then rename the files and update my authentication accordingly so I can always keep the spammers guessing.

Believe it or not, the work involved would be much less time consuming than scouring my blog for spam and then removing it.

Posted by: Bernie Zimmermann on November 5, 2004 10pm

If the spammer program is smart enough, it can get the XHTML file, then get the “secret letters” by using something like DOM.

Of course little spammer programs will do so…

Posted by: minghong on November 6, 2004 12am

When it was at its worst I got 10-16 spam comments a day from spam robots. But since I installed the extra text field I haven’t received any. So far it’s working - the day it gets defeated I’ll probably enhance it further.

Posted by: Patrick on November 6, 2004 1am

I like this idea.

Posted by: CarLBanks on November 8, 2004 10pm

Hmm it’s giving me the wrong letter in the error message. It’s telling me today’s anti-spam letter is R but the error message says please put in C.

Posted by: CarLBanks on November 8, 2004 10pm

Sorry for triple commenting but what code do I add?

Posted by: CarLBanks on November 8, 2004 10pm

My goal: Keep my site completely reader-less so that nobody spams it. Yay! :) Working well so far.

Posted by: Nathan Wong on November 10, 2004 11am

What do I add back again? I accidentlly overwrote comments-post.php and now spam is rampant again.

Posted by: CarLBanks on December 17, 2004 5am

I adore this hack!

However, it’s admiration from a far…

can you write up ecatly what code you added where? i, for one, and definitely too stupid to figure out what to do exactly…

and yet, the solution is exquisite and i would seriously dig having it on my site instead of the fiercer measures which can inadvertantly ban people who are only trying to add something.

Posted by: fernando on December 19, 2004 8am