I’m currently managing a friend’s WordPress blog while they bugger off on a round-the-world trip. Goodness me they get a lot of spam.
Within a minute or so of turning off Spam Karma (it causes problems with the comment count, apparently) I/he had 15 new comments, all spam. So, without FTP access I quickly put in a hack to the comments page thusly:
<textarea name="quack" id="comments"></textarea>
document.getElementById('comments').name = 'comments';
Anyway, I went to bed last night feeling smug that I’d robbed a load of spammers of their precious links. This morning I took a look: 38 new comments. They’ve already made their way around it.
This suggests one of three things:
- The spammers caught the error and changed their behaviour to suit. Doubt it, it’d be easier for them to move onto other blogs.
- My code is rubbish and never worked in the first place. Never impossible.
Anyway, kudos to those guys for not being thwarted by a simple script! Now, let’s see what happens when I get Spam Karma re-enabled or I activate Akismet…
It worked for nearly 2 years without a single automated spam comment getting through (many tens of thousands were stopped; no false positives either). Manual spam got in, but was minimal. Finally the spammers changed their ways and (I guess) began using full browser sessions to post their spam – once they do that you need to start looking at content analysis or other methods.