how to block comment spammer

My 2 cents:
1. The search machine in this site is good, very good.
2. wp blacklist, does it ring any bell? I was hit by the same spam problem last week and i ran a search here and installed this piece of awesome plugin and everything is OK now.
3. This site has always and will always be my primary source in looking for troubleshooting solution regarding wordpress.
4. Matt talked about this, Podz talked about this and i really think everyone should start by searching before posting a new topic.
5. This forum wasnt even intended for css issues at first, but some are more than willing to help. So calm down and tell em’ what’s wrong. Slowly.

WordPress is doomed because we post a response with a request to search first the next time? Oh, woe is me ??
My father always said “Look it up” when I asked him how to spell something. Sure, as a child it was frustrating but then I grew up.
– The Ass (who hasn’t resorted to name-calling)

I’ve been getting a ton of those. I wrote a plugin to kill those comments before it even gets passed to moderation. Download it here.
In addition, I put the following in my .htaccess:
SetEnvIfNoCase User-Agent "^Mozilla\/4.0 \(compatible; MSIE 6.0; Windows NT 4.0; PCUser\)" denyThis
<Limit GET POST>
Order Allow,Deny
Allow from all
Deny from env=denyThis
</Limit>

Mike3k, with your hack you’ve just blocked anyone who wants to leave a comment with MSIE 6.0 under Windows NT v4.0. While that’s probably the spammer most of the time. It’s generally not a good idea to alienate your current and future viewers like that. There are better ways.

lol, talks about a hardcore comment-filter, Mike. I have no doubt even a mosquito cant sneak through your multilevel plus .hta access filter. It’s like saying:
“SPAM ME, YOU’LL DIE.”
I like that.

I grepped my access log and the only hits containing that exact user agent ending with PCUser were wp-comments-post.php. I don’t think normal IE 6.0/NT 4.0 will have that exact string.

I’ve seen the PCUser plague as well, and seriously considered blocking on the UA string. (Fortunately, installing a slightly modified three strikes plugin has blocked the current run.) A search through my site’s logs for October for “PCUser” — nearly all were (attempted) posts from this scumbag.
Nearly all.
I did find three visits — all early last week — that looked like normal web use patterns: each came in from a Google search, two were single-page visits while the third looked around at a half dozen pages, and they hit all the associated scripts, images, stylesheets, etc. They were also all hits to other, non-WP areas of my site. So it looks like *someone* has that UA, but it’s very rare.
I’ll be renaming wp-comments-post.php to be a bit more proactive. I was going to suggest an option to randomly rename it as part of the install process, but realized that would be trivially defeated since the bots are obviously pre-harvesting the URLs (based on the presence of referrers in the hits). They could as easily harvest the script location as part of the process.
(As for recommending that people search the archives… what do you think FAQs are for? As long as it’s suggested politely, it saves everyone more time in the long run, including the person asking the question. Give a man a fish vs. teach a man to fish, as the old proverb goes.)

Kelson, they don’t look in the FAQ either, that’s the big problem.

macmanx, I guess this didn’t come out right (chalk one up to incomplete revision), but I’m on your side. FAQs, searches — they save everyone time. The idea that saying “you can find this by searching for xyz” or “this is in the FAQ at xyz” is somehow unhelpful and even rude (in and of itself) seems shortsighted at best.
But then we do live in the era of instant gratification.

* Hugs Beel and podz * I didn’t mean bashing, exactly…I don’t know what I meant.

It’s okay ??
Text is such a crap medium for communication at times, in all directions. Even with ?? <– those !

last week i was suddenly getting hit with comment spam every couple of minutes; i was able to flag all of it just by adding a few words to the built-in black list. deleting all the comments was tedious, though, so i installed kitten’s spaminator, and i haven’t had a spam comment yet.
i wish there were some options for white-listing certain names or addresses…are there?