Renaming yr comments.php makes things far easier to manage and deter spam.

That trick is older than me (I’m fifty )
Doesn’t work with clever spammers.

The tricks are countless.
I made website where anonymous can post articles and comments.
The site is without spam protection, but did not get one single spam article or comment.

We are talking here about standard GPL product used by hundred of thousands weblogs.

BTHW, I’m using 6KB of code to protect my weblog from SPAM.
That is EASY

azrin @ http://www.azrin.net

What I want to say is:

( Firstly, excuse my ignorance. I’m just a carpenter )

Isn’t it easier to put some checking code in wp-comments-post.php and stop the spam without using few anti-spam plugins?

I found this in the Internet, and I think that it does good job in stopping automated spam:

if(!isset($_SERVER['HTTP_USER_AGENT'])){
die(”Forbidden - This page is for normal browsers only”);
exit;
}
if(!$_SERVER['REQUEST_METHOD'] == “POST”){
wp_die(”Forbidden - You can post from my form only!”);
exit;
}
// Host names from where the form is authorized
// to be posted from:
$authHosts = array(”mnogo.truden.com”);
// Where have we been posted from?
$fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER']));
// Test to see if the $fromArray used www to get here.
$wwwUsed = strpos($fromArray['host'], “www.”);
// Make sure the form was posted from an approved host name.
if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], ‘.’), 1)), $authHosts)){
wp_die(”Forbidden - No, No, No!”);
exit;
}
// Attempt to defend against header injections:
$badStrings = array(
“spamword1″,
“spamword2″,
“spamword3″);
// Loop through each POST’ed value and test if it contains
// one of the $badStrings:
foreach($_POST as $k => $v){
foreach($badStrings as $v2){
if(strpos($v, $v2) !== false){
wp_die(”Forbidden - You have used BAD SPAM words! Clean your language and come back again.”);
exit;
}
}
}
// free up used memory
unset($k, $v, $v2, $badStrings, $authHosts, $fromArray, $badStrings);

Just a note, the difference between the plugin and WordPress’ builtin “Options -> Discussion” comment settings is that those WP options still saves spam comments into your spam / moderation queue (thus checking for false positives is a pain), whereas this plugin rejects spams with an error message and thus would never make it into any queue.

Regarding false positives, the error message clearly outlines why the comment was rejected, so a real person could go back and modify their comment around that error. A spambot is probably not so intelligent (yet).

In anycase, this plugin isn’t ment to stop all spam… but ment to be a prefilter and used in conjunction with other plugins like akismet or SK2.

What I don’t like about http://tantannoodles.com plugins is after time goes by I can’t remember what that tantan folder is all about. Other plugin folder or files give you a hint, theme-switcher.php & sexycomments for instance.

What I like about Joe Tan and his plugins is they check themselves for updates via wp-admin.

For the number of links you have “Comment Moderation”
For the brackets and spam words you have “Comment Blacklist”

You can put [url= to filter the bbcode.