Comment Spam – block comment spam

[jenni101]

[Topic has been split into a new Topic]

Hi,

I’m just about to launch a members only community site and thought i should review the comment spam protection options. So… a couple of questions about blocking comment spam…

1. Is it advisable to add the list from http://www.theedesign.com to your code above?

2. In WP codex ref. http://codex.wordpress.org/Combating_Comment_Spam/Denying_Access they have this code:

Can I add this as well as the above code? and as well as the BPS brute force login code (as it presumably only protects wp-login)? And if so where? – in the bottom custom code box with the comment spam code?

# Deny Access to No Referrer Requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

Many thanks.

[AITpro Admin]

BPS Pro has JTC Anti-Spam|Anti-Hacker for comment spam protection against automated spambots and hackerbots.  99% of all comment spam, spam registrations, spam logins are automated and done with bots.  Human spammers make up the other 1% of spammers, which JTC will not protect against.  The code you posted above from WordPress is also for protecting against automated spamming.

WordPress has a built-in anti-human spammer feature here:  Settings >>> Discussion >>> Comment Moderation and Comment Blacklist.  The way these features/options work is you add words to filter comments that are probably human spammer comments.  Example:  We have a dummy who was posting Cambodia real estate posts in this forum site so we added “cambodia” to the Comment Blacklist feature/option.  So if you have a human spammer issue then you will just need to add words that that human spammer uses in spam comment posts.

[jenni101]

Thanks for that – yup, I’d read your detailed info here (http://forum.ait-pro.com/forums/topic/block-referer-spammers-semalt-kambasoft-ranksonic-buttons-for-website/ ) and will be monitoring all comments, but just wanted clarification for a couple of things.

Initially I’d prefer to try to not use a CAPTCHA code for our members comments as it’s a social forum using BuddyPress. So my questions are:

1. If it’s a paid members only site, is auto comment spam or human comment spam still a problem?
2. Is it beneficial adding in the anti auto comment spam WP code above?
3. If it is, where in the Custom Code should I add the WP code above to help block auto spamming?

And as you recommend, I’ll add in repeat offender’s key words to the WP blacklist! Easy to forget the obvious way to do things, when you’re focused on other things.

Many thanks for your advice and help.

[AITpro Admin]

I’ll make this brief and to the point.  A BuddyPress Forum site is not a standard WordPress website.  They are integrated together and share many things, but there are also major differences.

We spent months of testing a couple of years ago in 2013 to find out what is the most effective spam prevention method/protection: http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/  The result of that extensive testing was JTC Anti-Spam|Anti-Hacker.

1.  If you have a registration page and login page that are not protecting against auto-posting spambots then spambot user accounts will be created.  Could be as low as 10 spambot accounts per day to as high as 1,000 per day.  You can of course manually delete those spambot user accounts or just ignore them.
2.  No.  That code would not be beneficial on a BuddyPress Forum site unless you are also using the standard WordPress comment form that is used in typical WP Blog Posts.  You can do both on a BuddyPress site, but typically all posting will occur in Topics, Replies and the Activity Stream.
3. That code would go in this Custom Code text box: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here

[jenni101]

OK – nice and clear now, thank you.

Just one final query re #1 – if you only allow registration and login by paid membership (ie they have to have already paid) how can spam bots/human spammers get past either the registration or login page?

Cheers.

[AITpro Admin]

I am guessing by what you are saying that when customers pay they are given a login account then and not just anyone can register or login to this site.  In that case you are not allowing general registrations or logins so that would be the same as not allowing any public registrations or logins.

[jenni101]

yup – so they pay > get redirected to the Buddypress registration page > once registered they get emailed a login activation link > they can then login when click on this link using the details that they used on their registration form. Thereafter they can just login from the main site using the buddypress login link. All this is protected by a membership level in s2member framework.

Does that sound protected enough from spammers to you?

[AITpro Admin]

Yes.  Since you do not allow public registrations or logins then spammers will not be allowed to publicly register or login.

[jenni101]

Great! Thanks for your help to clarify this for me.

Cheers.

[Author]

Posts