• Here are 3 solutions for fighting spam:

    Akismet
    Get the plugin: https://akismet.com
    Signup at https://wordpress.com for your API key.
    ( You do not need a blog there, just sign up)
    Help here: https://wordpress.com/api-keys/

    Bad-behavior
    Get the plugin: https://www.ioerror.us/software/bad-behavior/
    Does NOT work at godaddy

    Spam Karma 2
    Get the plugin: https://unknowngenius.com/blog/wordpress/spam-karma/

    Do NOT ask ‘Which is best because….’ or ‘Which one do you suggest I get’ or any variation of that – they are ALL good and yes, they can all be used together.

    SK2 will run all existing comments through it’s filters to catch spam already there.

    CJD Spam Nuke from https://chrisjdavis.org/category/wp-hacks will also ID and let you remove spam with one click

    Captcha (where you have to type words in to verify you are a human) are NOT effective. You will still get spammed. So use one of the above.

    You may also see little ‘Donate’ buttons on the above sites. As their work was given freely and saves you masses of time (do you want to delete spam by hand every morning?), saying Thanks by dropping a tip into their jar would be appreciated I’m sure.

Viewing 15 replies - 31 through 45 (of 116 total)
  • So then clearly, the trackback feature needs more security and more options because this is just nuts. Either way it seems like a huge hole in the system if people can post messges through trackbacks at this massive rate.

    Or, install and turn-on Bad Behavior listed at the top post in this thread.

    Trackbacks are part of blogging. You can elect to disable them, of course. Or you can use a plugin(s) to filter ’em.

    So then clearly, the trackback feature needs more security and more options because this is just nuts. Either way it seems like a huge hole in the system if people can post messges through trackbacks at this massive rate.

    the trackback framework was designed before spam and without the thought of spam, so there is very little security designed within the framework.

    please read handysolo’s post above. those are your options. if you want the interactivity of comments and trackbacks, you will need to learn to live with spam. nothing will protect your blog 100%. if you can’t stand comment and trackback spam, disable comments and trackbacks.

    So, guys & gals, how are they getting in there? Is this a feature or a bug?

    smb488292, do you post before reading the thread from the beginning?

    look at the first line of the comment. if it has strong tags, it's a trackback. trackbacks bypass the requirements to comment.

    Well, I confess that my original understanding of trackbacks was a little vague. I thought pings/trackbacks were no different than one blog tapping another on the shoulder. Now I understand them to be more like shouting obsenities than a tap.

    Anyway, they are a backdoor to bybass the login security of a blog. I will tell that to my client. Now for another pot of coffee.

    Thanks for answering my question people!

    Thanks. We diffinately help me. Tired of spammers ??

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.remarpro.com Admin

    Well, I confess that my original understanding of trackbacks was a little vague.

    Clearly.

    I thought pings/trackbacks were no different than one blog tapping another on the shoulder. Now I understand them to be more like shouting obsenities than a tap.

    No, trackbacks are way for blogs to automatically tell other blogs about posts related to the blog receiving the trackback. So if I make a post about somebody else’s blog post, and I link to it, then my blog tells the other blog about it, and they can make a comment out of my post, or what have you. It’s a way for blogs to comment on other blogs.

    Spammers are clearly abusing this feature in order to post comments on blogs in an automated fashion. If you use plugins like the ones at the top of the thread, this prevents this sort of thing.

    Anyway, they are a backdoor to bybass the login security of a blog.

    No, sorry, but that’s not the case at all. Trackbacks are perfectly secure and functioning exactly as they were designed to function.

    If spammers can send you email, does that mean that your email is insecure? Or does it mean you need filters on your email?

    There is no technology in which you can both receive arbitrary messages and also prevent people from sending you messages that you don’t want. The technology has no idea what messages you don’t want. You have to tell it that you don’t want certain messages somehow. The spam-blocking plugins posted at the top of the thread do just that.

    I downloaded and installed Kismet, but there’s still spam getting through that needs to be moderated. I’ve had something like 15 attacks in the last hour or so.

    Should I get something else to help Kismet?

    Yeah. First post in this thread, see the link for Bad Behavior.

    Personally, I don’t think that asking people to install and activate plug-ins is an acceptable remedy for what’s clearly an exploit. Even if it’s an exploit of a fundamental character of the ping/trackback system, that’s still an exploit, and at the very least, people should be PROACTIVELY made aware of why this is happening and what they can do about it. WordPress has this neat feature for broadcasting messages to the entire community, but the last message on it is about the April Fool’s Day joke nearly two months ago!

    I removed the “allow comments” option of all my previous entries into my blog. How are they still spamming me?

    How do I put plug in the Bad Behavior plugin?

    @darthwong – I can only assume you haven’t read the entire thread.

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.remarpro.com Admin

    Personally, I don’t think that asking people to install and activate plug-ins is an acceptable remedy for what’s clearly an exploit.

    That’s the thing. It’s NOT an exploit, in any sense whatsoever. They’re not exploiting anything. There’s no hole in the code. There’s no bug.

    If you have comments on, and people post spam comments, is that an exploit too?

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.remarpro.com Admin

    dpaullin:
    -Download the Bad Behavior plugin and unzip it.
    -Put the Bad Behavior directory into your plugins directory.
    -Activate the plugin in your plugins panel.

    That’s it. It has no configuration. It stops the vast majority of this spam from ever hitting your blog at all. The few that do get through are usually caught by Akismet.

    That’s it. It has no configuration
    Except maybe to set the “verbose_logging” to FALSE, otherwise your DB will get fat pretty soon ??

Viewing 15 replies - 31 through 45 (of 116 total)
  • The topic ‘Spam? Read this.’ is closed to new replies.