April 23, 2013 at 4:22 pm #37264
Theme Eleven 40
I disabled comments and trackbacks from the genesis theme settings. Literally you can’t write any comment on my site, there’s no comment form displayed.
But I still get comments, spam comments…!?
How is that possible? How do they comment if I disabled the comments?
Today I got 6 spam comments on this post:
Can someone please help me to completely disable comments?
ThanksApril 23, 2013 at 4:42 pm #37269
Completely stopping this is hard.
You might want to check out this technique for htaccess modifications if you’re on an Apache webserver. Be sure to adjust the “yourdomainname” in the script. Other approaches would involve using htaccess to redirect anyone attempting to access the comment script to somewhere else, since anyone accessing it is a bot. Techniques that involve removing or modifying core WP won’t survive WP upgrades, so they should be avoided.
April 24, 2013 at 3:11 am #37341
I didn’t think it was so hard/impossible to stop.
So basically all of you out there are facing this problem everyday?
To be honest I don’t even know what Apache webserver is… is there any easier way?April 24, 2013 at 7:21 am #37367
You can try contacting your host, pointing them to the link I mentioned, and see if they can help you with htaccess changes.
You can try spam plugins like Akismet, which should classify most spam comments as spam and after a period of time they’ll be automatically deleted, but Akismet won’t stop spammers from posting the comment in the first place.
As I said earlier, putting a complete stop to this isn’t easy and usually takes some set up on your web server (e. g., the htaccess stuff I mentioned).
April 24, 2013 at 10:32 am #37429
Thanks Bill, I got my host to paste that code in my htaccess and lets hope it works.
Thanks!April 24, 2013 at 11:14 am #37437April 24, 2013 at 11:18 am #37439
Yes, basically simply change yourdomainname with letstalksex.net
or something else?April 24, 2013 at 2:54 pm #37463
I don’t think you need to use the .net, since the script already says .*
Note that this technique is only blocking spammers when the referrer is not your own domain. Since you’ve removed the comment form, it’s virtually impossible for the referrer to be your site unless the spammer spoofs this value in the header. In other words, this technique is NOT foolproof. A better technique would be to redirect every access to the comment form, regardless of referrer. Consider this a good 1st step, and if the problem continues, go back to your web host and see if they can help with more advanced techniques.
April 24, 2013 at 11:10 pm #37526
SummerParticipantPost count: 1112
I’ve been using this method for several years successfully, but several interesting things happened with this .htaccess technique when I updated to WP 3.5.1
I used to have those rules outside of the #END WordPress block, because that code would vanish any time I updated something that updated the permalinks… all my .htaccess customizations would be erased and I’d be back to the default WP .htaccess and I’d have to paste all my rules back in.
But after updating to WP 3.5.1, all .htaccess rules outside of the WordPress block were ignored by WordPress… my spam blocks, my image hotlinking preventions, all stopped working with WordPress until I put them back inside the WP block.
I discovered this when I had to uninstall the MP Spam Block plugin because it wasn’t playing nicely with WPMU’s Comments Plus, and wham, I started getting over 500 spam comments a day without fail. When I put the antispam rules before the #END WordPress line, it started working again, dropping down to a more manageable 200 spam comments per day, and I still had to add Deny rules for a couple of specific IP addresses. When while using MP Spam Block I was getting 5-10 per day maybe, but I realized it was also blocking all trackbacks, including legit ones from my other sites, so maybe it was TOO good.
Same for the image hotlinking rules… they were ignored by WordPress until I moved them inside the WP block, so make sure you keep a backup of your .htaccess just in case you do something where you have to update permalinks… my guess is those customizations might still “vanish”… I haven’t tested it out to see if that’s still the case, though.
April 25, 2013 at 5:42 am #37607
First of all thank you.
Second, you say:
“A better technique would be to redirect every access to the comment form, regardless of referrer.”
And how do you do this?
Also, considering the interesting comment of Summer above ^ is this copy n paste going to last the next WP update? is there any danger for my site to crash?
Thanks both!April 25, 2013 at 10:45 am #37674
@Fabio – First, while I have general knowledge about htaccess, I’m not an htaccess guru, because htaccess is something that is connected to Apache web servers, and none of our web servers run Apache. Therefore, there are probably better sources of info on htaccess than what I might say. Further, you can easily break your site with changes to htaccess, so I’m also reluctant to encourage editing of this file via a support method like this, especially by those who don’t understand the consequences or aren’t in a position to quickly fix them. Therefore, I encourage you to work with your web host to modify htaccess because it’s a safer route.
Anytime you play with htaccess, or PHP for that matter, there’s a risk that even a small typo can cause your site to crash. That’s why you have to understand what you’re doing and have the tools to fix inadvertent mistakes, or put the job in the hands of someone who does.
@Summer & @Fabio – As a general rule, your WP rules in htaccess should be at the end. Your custom rules should be at the beginning. That probably contributed to Summer’s custom rules getting overwritten, but since I don’t use an Apache server, it’s not something I can test or verify. If I’m right that putting custom rules at the beginning does not cause WP to overwrite them on upgrade, then that’s the ticket to make them survive WP upgrades – put the custom rules first. And yes, I am aware that there are a number of articles on htaccess that say to put custom rules at the end of the htaccess file.
April 25, 2013 at 10:49 pm #37778
snakeairParticipantPost count: 164
Besides having Cloudflare I have a captcha plugin for the comment area. That stops a ton of spammers from submitting a comment. I do get a few daily but i’ve been banned there IP address’s. I’m used to handling spammer’s. I’m a super moderator on a large webmaster forum. lol
Really good advice so far in this thread.April 26, 2013 at 8:15 pm #37987
SummerParticipantPost count: 1112
@Bill, in WP versions prior to 3.2, I can confirm through experience that having those custom rules before the WP rules didn’t save them from annihilation :) Having that happen more than four times was what caused me to move them.
My biggest question was why did they stop working outside the WP rules section, when they worked just fine separated in previous versions?
Normally I enjoy setting up more demolitions testing on one of my demo sites, but I don’t have the time this weekend!
April 27, 2013 at 7:48 am #38057
thanks, I didn’t touch the .htaccess and I let my host do it. Hopefully they did it right…
To be honest, since then I haven’t had any more spam bot comment but I started to get spam bot subscribers!
My host told me that it’s like if the code we put in the htaccess deviated the spam to some 404 pages where they subscribed.
Of course now I’ve removed the subscribe form from my 404 page and also the spam bot subscribers problem seems to be vanished.
Thanks everyone for the help in this thread. Hopefully it will benefit many.April 27, 2013 at 8:18 am #38063
@Fabio – Glad it’s working.
@Summer – WP core only rewrites the rules within the # Begin and # End. That’s been the case for as long as I can remember (7+ years). It’s also a frequently used bit of code, since flushing permalinks triggers an update of the htaccess rules. If it was broken, we’d hear the screams from every corner. If that wasn’t working for you, there was something else going on. Hopefully, you’ll get a chance to do some testing.
For others reading this thread, there’s a difference between over-writing and over-riding. You said the rules were being over-written, and I think we both know what that means – the custom rules were removed from the htaccess file. A rule in htaccess that appears later in the file will over-ride a rule that appears earlier, so one can have a situation where it seems that WP is ignoring a custom rule. I don’t think that’s your case though.
You must be logged in to reply to this topic.