Comment flood prevention - a really simple solution
Mark Ghosh 
Thanks for visiting! If you're new here, you may want to subscribe to our RSS feed. This blog posts regular Wordpress news, updates of themes, plugins, ideas, hacks, quick fixes and everything about blogging, especially about Wordpress. Go ahead, subscribe to our feed! You can also receive updates from this blog via email.
I was having a terrible time with comment flooders recently and even though the comments are put in the moderation queue, it is still quite a chore to delete or remove a hundred comments that are fifty lines long. Not fun by any means.
To create a simple solution to the problem, I have increased the timeout between the time a comment is posted and a comment can be posted again. By default, this time in WordPress is set to 10 seconds. I have increased that time considerably and added a really nice comment to the error code so people understand the reasons for not being able to post something. A commenter that is genuine is more likely to try to post somewhere in between the beginning of the timeout and the end. On the average she/he will only have to wait half the time set in the timeout.
I think comment flooders will not be willing to spend more than six hours on leaving comments on a single blog. It *should* be counter productive for them.
Though I am not sure this will work, I am going to give it a shot. I have another comment spam prevention script (or service) in the works but ETA on that is completely up in the air.
How do I do this?
Look here: http://weblogtoolscollection.com/archives/2004/07/07/more-comment-flood/
If this is successful (looks like it stopped 2 sets of flooders already, I have a little script that tracks how many attempts were made) I might post this on the WordPress fora.
(No Ratings Yet)
Loading ...
Comments RSS
Powered by 
Designed by 
Every flood I’ve gotten has been through dozens (if not hundreds) of anonymous proxies so IP based throttling is useless.
The throttling is (meant to be) not IP based, it is based on the last write to the comment table. So, the part that I forgot to mention was that I have changed the MySql call as well. I will fix the post when I get home.
Bitte warten…
Mark Gosh behindert Kommentarspamflutwellen, so wie auch ich neulich einen gehabt hatte, mittels einer nur ganz kleinen Änderung: er verlängert einfach die Wartezeit, bis wieder ein Kommentar abgegeben werden kann. Das sind nur Änderunge…
Mark,
MooKitty has a plugin for comment spamming that sets up a mass editing mode to very easily get rid of the crap being sent your way. It also writes entries automagically to the spam filter list and will even ensure that there are no duplicate entries. It’s very slick.
http://mookitty.co.uk/devblog/
I might look into that tonight!
And why you are not using any spam prevention plugins to decrease a number of malicious comments? except of akismet of course
We have some heavy spamming going on for just one of our pages on one site. The same bot tries to hit the same form over and over with the same spam every 30 seconds or so for a few hours. I think it is stuck? Strange