I think I may have found the magic combination against the comment spammers. I haven’t had a single piece of comment spam on the Cruise Planners site in a little over a week now. While I won’t make the mistake of saying that I’ve won the battle permanently, it’s the most progress I’ve had so far.
Part 1 is the Akismet plugin for Wordpress. It has done a terrific job of catching spam before it gets to the blog, comments that Akismet suspects to be spam sit in a seperate moderation queue. While Akismet has probably caught 99.5% of the spam comments sent to the site, there’s two downfalls to the plug-in, although they are minor. First, Akismet runs someplace else and if the owners of Akismet make a goof in their maintenance of the Akismet code the spam flood gates can open up. This is actually something that has happened in the past. Second, while Akismet is good at preventing the spam from being posted, it doesn’t keep the spammers from the site.
Part 2 is the judicious use of IP blocks on the site. First off when I see more than one piece of spam from the same IP address I block that address. I don’t want anybody who spams the site to visit. I also noticed that with few exceptions all of the spam comments came from IP addresses that belonged to RIPE networks and the majority of those addresses came out of Asia. Honestly, I don’t think that anybody from Asia needs to be visiting the Cruise Planners site, mainly because we can’t do business with people in Asia. So it doesn’t bother me to block all of the addresses belonging to RIPE networks that are coming from Asia.
Since putting those blocks in place I haven’t seen a single piece of spam hit the site, and I’ve noticed the Forbidden count go up significantly.
The next thing is trying to figure out how to keep the spammers from scraping content from our RSS feed…
