Blacklist not catching all words

  • My blog gets blasted by spam, mostly for gambling sites, so I got fed up cleaning out the comment moderation screen daily and decided to use the blacklist. Because my blog is mostly music, I just don’t think I’m going to get legitimate comments using words like “poker”, “casino” & “blackjack”. ??

    Two strange things happened. After blacklisting the above words, the next day all the comment spam with those words had them capitalized. I found this interesting because the keywords had never been capitalized in the spam before the blacklisting. Somehow the ‘bot knew it had hit a blacklist, rather than being deleted by comment moderation.

    So, naturally, I went back and added the same words beginning with capital letters. A couple more days passed…I added a few more words, both lowercase and with first letter capitalized, whittling down the gambling spam, choosing the keywords carefully, adding a few drug spam words.

    Then I started getting gambling spam with lowercase words, “poker”, “casino”, “blackjack”…the same words, same spelling, exactly the same as on my blacklist. I’m getting much fewer comment spam than before the blacklist, but I can’t figure out why words on the blacklist that it caught last week are no longer being caught, or at least not in every message. There’s nothing unusual about the spelling or capitalization, no hypens or anything that would obviously “fool” the blacklist.

    I even added “poker” again, so it’s on the list twice now (3 times, counting “Poker”), but I’m still getting spam with “poker” in the message, sometimes in the subject and the URL. Any ideas?

Viewing 4 replies - 1 through 4 (of 4 total)

  • Could they be coming through as trackbacks? I don’t think the blacklist looks at trackbacks (not positive on that tho…)

    I am using the Bad Behaviour and zero spam since then…

    Moderator James Huff

    (@macmanx)

    The blacklist does filter trackbacks and pingbacks, as well as comments. Your best plan of action, when using a moderation list, is to add the domain to the list. For example, if you’re being spammed by pokerroyal.com, add pokeroyal to your blackist. URLs are always lowercase, so they can’t mess around with that.

    However, I highly agree with Moshu’s suggestion. Bad Behavior will keep you 95% spam-free.

    https://www.ioerror.us/software/bad-behavior/

    Thread Starter Gymshoes

    (@gymshoes)

    Thanks for your suggestions. I’m going to leave this issue listed as “unresolved”, though, because it seems to me that if a program has a blacklist that deletes all posts with certain keywords, then it ought to delete all posts with those keywords! That it did initially, then stopped blocking certain words indicates to me that either there is a flaw in the way the blacklist works fundamentally or there is a hole that allows certain spambots to bypass it. (Which in my case means it turns up in the moderation queue.)

    I will look into installing the bad behavior plug-in. Thanks for the tip! ??
    PS: Is there any chance this plug-in will be bundled with future versions of WP?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Blacklist not catching all words’ is closed to new replies.