Problem with Comments and Spam

Community Forums Forums General Discussion Problem with Comments and Spam

This topic is: not resolved

Tagged: ,

This topic contains 16 replies, has 4 voices, and was last updated by  Bill Murray 1 year, 4 months ago.

Viewing 15 posts - 1 through 15 (of 17 total)
  • Author
    Posts
  • #37264

    Fabio
    Participant
    Post count: 178

    Theme Eleven 40

    Website http://letstalksex.net

    I disabled comments and trackbacks from the genesis theme settings. Literally you can’t write any comment on my site, there’s no comment form displayed.

    But I still get comments, spam comments…!?

    How is that possible? How do they comment if I disabled the comments?

    Today I got 6 spam comments on this post:

    http://letstalksex.net/premature-ejaculation/

    Can someone please help me to completely disable comments?

    Thanks

    #37269

    Bill Murray
    Participant
    Post count: 575

    Completely stopping this is hard.

    You might want to check out this technique for htaccess modifications if you’re on an Apache webserver. Be sure to adjust the “yourdomainname” in the script. Other approaches would involve using htaccess to redirect anyone attempting to access the comment script to somewhere else, since anyone accessing it is a bot. Techniques that involve removing or modifying core WP won’t survive WP upgrades, so they should be avoided.


    Web: https://wpperform.com or Twitter: @wpperform

    We do managed WordPress hosting.

    #37341

    Fabio
    Participant
    Post count: 178

    Oh wow,

    I didn’t think it was so hard/impossible to stop.

    So basically all of you out there are facing this problem everyday?

    To be honest I don’t even know what Apache webserver is… is there any easier way?

    #37367

    Bill Murray
    Participant
    Post count: 575

    You can try contacting your host, pointing them to the link I mentioned, and see if they can help you with htaccess changes.

    You can try spam plugins like Akismet, which should classify most spam comments as spam and after a period of time they’ll be automatically deleted, but Akismet won’t stop spammers from posting the comment in the first place.

    As I said earlier, putting a complete stop to this isn’t easy and usually takes some set up on your web server (e. g., the htaccess stuff I mentioned).


    Web: https://wpperform.com or Twitter: @wpperform

    We do managed WordPress hosting.

    #37429

    Fabio
    Participant
    Post count: 178

    Thanks Bill, I got my host to paste that code in my htaccess and lets hope it works.

    Thanks!

    #37437

    Bill Murray
    Participant
    Post count: 575

    I trust that you explained to them they could not paste the code without modification. You have to include your domain name, as described in my earlier post.


    Web: https://wpperform.com or Twitter: @wpperform

    We do managed WordPress hosting.

    #37439

    Fabio
    Participant
    Post count: 178

    Yes, basically simply change yourdomainname with letstalksex.net

    or something else?

    #37463

    Bill Murray
    Participant
    Post count: 575

    I don’t think you need to use the .net, since the script already says .*

    Note that this technique is only blocking spammers when the referrer is not your own domain. Since you’ve removed the comment form, it’s virtually impossible for the referrer to be your site unless the spammer spoofs this value in the header. In other words, this technique is NOT foolproof. A better technique would be to redirect every access to the comment form, regardless of referrer. Consider this a good 1st step, and if the problem continues, go back to your web host and see if they can help with more advanced techniques.


    Web: https://wpperform.com or Twitter: @wpperform

    We do managed WordPress hosting.

    #37526

    Summer
    Participant
    Post count: 1071

    I’ve been using this method for several years successfully, but several interesting things happened with this .htaccess technique when I updated to WP 3.5.1

    I used to have those rules outside of the #END WordPress block, because that code would vanish any time I updated something that updated the permalinks… all my .htaccess customizations would be erased and I’d be back to the default WP .htaccess and I’d have to paste all my rules back in.

    But after updating to WP 3.5.1, all .htaccess rules outside of the WordPress block were ignored by WordPress… my spam blocks, my image hotlinking preventions, all stopped working with WordPress until I put them back inside the WP block.

    I discovered this when I had to uninstall the MP Spam Block plugin because it wasn’t playing nicely with WPMU’s Comments Plus, and wham, I started getting over 500 spam comments a day without fail. When I put the antispam rules before the #END WordPress line, it started working again, dropping down to a more manageable 200 spam comments per day, and I still had to add Deny rules for a couple of specific IP addresses.  When while using MP Spam Block I was getting 5-10 per day maybe, but I realized it was also blocking all trackbacks, including legit ones from my other sites, so maybe it was TOO good.

    Same for the image hotlinking rules… they were ignored by WordPress until I moved them inside the WP block, so make sure you keep a backup of your .htaccess just in case you do something where you have to update permalinks… my guess is those customizations might still “vanish”… I haven’t tested it out to see if that’s still the case, though.


    #37607

    Fabio
    Participant
    Post count: 178

    @ Bill:

    First of all thank you.

    Second, you say:

    “A better technique would be to redirect every access to the comment form, regardless of referrer.”

    And how do you do this?

    Also, considering the interesting comment of Summer above ^ is this copy n paste going to last the next WP update? is there any danger for my site to crash?

    Thanks both!

    #37674

    Bill Murray
    Participant
    Post count: 575

    @Fabio – First, while I have general knowledge about htaccess, I’m not an htaccess guru, because htaccess is something that is connected to Apache web servers, and none of our web servers run Apache. Therefore, there are probably better sources of info on htaccess than what I might say. Further, you can easily break your site with changes to htaccess, so I’m also reluctant to encourage editing of this file via a support method like this, especially by those who don’t understand the consequences or aren’t in a position to quickly fix them. Therefore, I encourage you to work with your web host to modify htaccess because it’s a safer route.

    Anytime you play with htaccess, or PHP for that matter, there’s a risk that even a small typo can cause your site to crash. That’s why you have to understand what you’re doing and have the tools to fix inadvertent mistakes, or put the job in the hands of someone who does.

    @Summer & @Fabio – As a general rule, your WP rules in htaccess should be at the end. Your custom rules should be at the beginning. That probably contributed to Summer’s custom rules getting overwritten, but since I don’t use an Apache server, it’s not something I can test or verify. If I’m right that putting custom rules at the beginning does not cause WP to overwrite them on upgrade, then that’s the ticket to make them survive WP upgrades – put the custom rules first. And yes, I am aware that there are a number of articles on htaccess that say to put custom rules at the end of the htaccess file.


    Web: https://wpperform.com or Twitter: @wpperform

    We do managed WordPress hosting.

    #37778

    snakeair
    Participant
    Post count: 157

    Besides having Cloudflare I have a captcha plugin for the comment area. That stops a ton of spammers from submitting a comment. I do get a few daily but i’ve been banned there IP address’s.  I’m used to handling spammer’s. I’m a super moderator on a large webmaster forum. lol

    Really good advice so far in this thread.

     

     

    #37987

    Summer
    Participant
    Post count: 1071

    @Bill, in WP versions prior to 3.2, I can confirm through experience that having those custom rules before the WP rules didn’t save them from annihilation  :)  Having that happen more than four times was what caused me to move them.

    My biggest question was why did they stop working outside the WP rules section, when they worked just fine separated in previous versions?

    Normally I enjoy setting up more demolitions testing on one of my demo sites, but I don’t have the time this weekend!

     


    #38057

    Fabio
    Participant
    Post count: 178

    @Bill

    thanks, I didn’t touch the .htaccess and I let my host do it. Hopefully they did it right…

    To be honest, since then I haven’t had any more spam bot comment but I started to get spam bot subscribers!

    My host told me that it’s like if the code we put in the htaccess deviated the spam to some 404 pages where they subscribed.

    Of course now I’ve removed the subscribe form from my 404 page and also the spam bot subscribers problem seems to be vanished.

    Thanks everyone for the help in this thread. Hopefully it will benefit many.

    #38063

    Bill Murray
    Participant
    Post count: 575

    @Fabio – Glad it’s working.

    @Summer – WP core only rewrites the rules within the # Begin and # End. That’s been the case for as long as I can remember (7+ years). It’s also a frequently used bit of code, since flushing permalinks triggers an update of the htaccess rules. If it was broken, we’d hear the screams from every corner. If that wasn’t working for you, there was something else going on. Hopefully, you’ll get a chance to do some testing.

    For others reading this thread, there’s a difference between over-writing and over-riding. You said the rules were being over-written, and I think we both know what that means – the custom rules were removed from the htaccess file. A rule in htaccess that appears later in the file will over-ride a rule that appears earlier, so one can have a situation where it seems that WP is ignoring a custom rule. I don’t think that’s your case though.


    Web: https://wpperform.com or Twitter: @wpperform

    We do managed WordPress hosting.

Viewing 15 posts - 1 through 15 (of 17 total)

You must be logged in to reply to this topic.