Translate This Page
About the Author
- Mark Ghosh
An avid fan of business, education, technology and finance. I lead a lean, highly focussed and capable team of Java Back End developers and Front End developers through a maze of complex software wizardry to fulfill the web maintenance needs of a large chemical manufacturer. As per Myers-Briggs Personality Types, I am an ESTJ. I pride in a project completed on time and according to plan. My hobbies include all kinds of technology, anything that I can taste and anything that goes fast or flies in the air. I like to read business books and comics in my spare time.
Categories
- bbpress
- Best of WordPress
- Blog Templates Blog Skins Blog Themes
- Blogging
- Blogging Essays
- Blogging News
- brainstorming
- buddypress
- Business of Blogging
- CMS
- Code
- Cold Fusion
- Community Interviews
- Cool Scripts
- General
- HOW-TO
- LinkyLoo
- Movable Type Plugins
- Photolog Script
- Podcasting
- QuickLinking
- Spam
- SXSW
- TLA
- Tutorials
- User Reviews
- Web Design
- Web Ethics
- Weblog Add-Ons
- Weblog tools blog tools blogging tools
- Weekly Plugin Review
- WLTC Community
- wordcamp
- WordPress
- WordPress Discussions
- WordPress FAQs
- Wordpress for Beginners
- WordPress Hack
- WordPress News
- WordPress Plugin Competition
- WordPress Plugins
- WordPress Polls
- WordPress Security
- WordPress Templates WordPress Skins WordPress Themes
- WordPress Tips
- WordPress Tools
- WordPress Troubleshooting
- WordPress Weekly
- WordPress Widgets
- WordPress WishList
- XHTML Tips
Obviously Powered by WordPress. © 2003-2013
Why not use WP Hashcash? It uses JS and md5 encryption and doesn’t cause much higher server load.
Because WP Hashcash doesn’t come into play until after your web server has already done a lot of work trying to process a comment post request. It stops bogus comments from getting to the database, but it doesn’t do much to save the server’s CPU.
That’s why I came up with SpamValve. I shifted some of the burden to a much lower level of the operating system (the TCP/IP stack), which takes a lot less work. I still get occassional load spikes, but I think that some of them are from other users’ web applications on my server.
I use bad behavior. It seems to do a nice job, but I don’t get nearly the traffic you do. Let us know how Hashcash works for you!
Have you tryied to block bad referals? Try to add them to .htaccess and it will block big part of spam posts before accessing your page.
Have you considered the Bad Behavior Blackhole + Spam Karm2? A very good combo I think.
Even run as a plugin with database logging, Bad Behavior should be very fast on reasonably fast servers. With a site exceeding 10,000 hits a day, though, you might not want to log.
That PHP value for site-wide usage should be about like this:
php_value auto_prepend_file /server/path/to/bad-behavior/bad-behavior-generic.phpNote that Bad Behavior does not need to be installed in the WordPress directory in this installation type – indeed, it can be anywhere. And it should not be activated as a WordPress plugin in this configuration.
Bad Behavior Blackhole is another project entirely (albeit related) and is developing much more slowly.
Let me know if you have any questions or troubles.
If you write something, you’ll be the hero of the WP community.
Since WP 1.5, even upper level comment spam control is ridiculously inadequate. With WP 1.2, your ThreeStrikes system coupled with Kitten’s SpamWords stopped all comment spam on my high- and low-traffic WP sites. Now that Kitten’s given up, all the anti-spam systems, including Bad Behavior, just don’t cut it.
For the timebeing you can turn off trackback to stop the deluge. Then you can experiment with plugins/hacks. Most spams in my experience are trackback. Fortunately most of them also carries a referrer spam load, so I can stop many using the Referrer Bouncer plugin.
WordPress Spam control HAS to be content based to be effective. Pariah, I apologize for being dormant for this long. I might come up with something soon.
PS: Slowed down to only 5200 comment spam attempts yesterday
“WordPress Spam control HAS to be content based to be effective.”
I don’t disagree, though I apologize if my first comment somehow conveyed that I did.
Three Strikes, coupled with Kitten’s Spam Words, read the content of comments and bounced spams based on content and URL count. One month after the launch of QuarkVSInDesign.com I was taking in an average of 3,000 spam comments per day. Installing Three Strikes and KSW instantly dropped that count to under 20, with the remainder being manually posted.
For a while I received the Three Strikes output and, other than a one day issue caused by my user error, it never trapped legitimate comments. Since a forced upgrade to WP 1.5 (due to security issues with 1.2), I’m spending half my day moderating comments the other anti-spam plugins caught and snatching up the dozens they don’t.
I have no clue what the WordPress equiv (if any) is but something MT users have found to work really well is MT Keystrokes http://overstated.net/projects/mt-keystrokes/ which basically tests to ensure that someone has manually inputted something into the comments box, albeit it won’t stop those morons that manually enter their spam it’ll stop the bots.
I run Spam Karma2 and Bad Behavior and I haven’t had a spam since =)
Hm, you have to actually be using Bad Behavior for it to do anything to stop – or even slow – the incoming tide of spam.