Comment Spam – block comment spam

Home Forums BulletProof Security Pro Comment Spam – block comment spam

Tagged: ,

This topic contains 8 replies, has 2 voices, and was last updated by  jenni101 3 years ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #21647

    jenni101
    Participant

    [Topic has been split into a new Topic]

    Hi,

    I’m just about to launch a members only community site and thought i should review the comment spam protection options. So… a couple of questions about blocking comment spam…

    1. Is it advisable to add the list from http://www.theedesign.com to your code above?

    2. In WP codex ref. http://codex.wordpress.org/Combating_Comment_Spam/Denying_Access they have this code:

    Can I add this as well as the above code? and as well as the BPS brute force login code (as it presumably only protects wp-login)? And if so where? – in the bottom custom code box with the comment spam code?

    # Deny Access to No Referrer Requests
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

    Many thanks.

    #21651

    AITpro Admin
    Keymaster

    BPS Pro has JTC Anti-Spam|Anti-Hacker for comment spam protection against automated spambots and hackerbots.  99% of all comment spam, spam registrations, spam logins are automated and done with bots.  Human spammers make up the other 1% of spammers, which JTC will not protect against.  The code you posted above from WordPress is also for protecting against automated spamming.

    WordPress has a built-in anti-human spammer feature here:  Settings >>> Discussion >>> Comment Moderation and Comment Blacklist.  The way these features/options work is you add words to filter comments that are probably human spammer comments.  Example:  We have a dummy who was posting Cambodia real estate posts in this forum site so we added “cambodia” to the Comment Blacklist feature/option.  So if you have a human spammer issue then you will just need to add words that that human spammer uses in spam comment posts.

    #21652

    jenni101
    Participant

    Thanks for that – yup, I’d read your detailed info here (http://forum.ait-pro.com/forums/topic/block-referer-spammers-semalt-kambasoft-ranksonic-buttons-for-website/ ) and will be monitoring all comments, but just wanted clarification for a couple of things.

    Initially I’d prefer to try to not use a CAPTCHA code for our members comments as it’s a social forum using BuddyPress. So my questions are:

    1. If it’s a paid members only site, is auto comment spam or human comment spam still a problem?
    2. Is it beneficial adding in the anti auto comment spam WP code above?
    3. If it is, where in the Custom Code should I add the WP code above to help block auto spamming?

    And as you recommend, I’ll add in repeat offender’s key words to the WP blacklist! Easy to forget the obvious way to do things, when you’re focused on other things.

    Many thanks for your advice and help.

    #21654

    AITpro Admin
    Keymaster

    I’ll make this brief and to the point.  A BuddyPress Forum site is not a standard WordPress website.  They are integrated together and share many things, but there are also major differences.

    We spent months of testing a couple of years ago in 2013 to find out what is the most effective spam prevention method/protection: http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/  The result of that extensive testing was JTC Anti-Spam|Anti-Hacker.

    1.  If you have a registration page and login page that are not protecting against auto-posting spambots then spambot user accounts will be created.  Could be as low as 10 spambot accounts per day to as high as 1,000 per day.  You can of course manually delete those spambot user accounts or just ignore them.
    2.  No.  That code would not be beneficial on a BuddyPress Forum site unless you are also using the standard WordPress comment form that is used in typical WP Blog Posts.  You can do both on a BuddyPress site, but typically all posting will occur in Topics, Replies and the Activity Stream.
    3. That code would go in this Custom Code text box: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here

    #21661

    jenni101
    Participant

    OK – nice and clear now, thank you.

    Just one final query re #1 – if you only allow registration and login by paid membership (ie they have to have already paid) how can spam bots/human spammers get past either the registration or login page?

    Cheers.

    #21662

    AITpro Admin
    Keymaster

    I am guessing by what you are saying that when customers pay they are given a login account then and not just anyone can register or login to this site.  In that case you are not allowing general registrations or logins so that would be the same as not allowing any public registrations or logins.

    #21663

    jenni101
    Participant

    yup – so they pay > get redirected to the Buddypress registration page > once registered they get emailed a login activation link > they can then login when click on this link using the details that they used on their registration form. Thereafter they can just login from the main site using the buddypress login link. All this is protected by a membership level in s2member framework.

    Does that sound protected enough from spammers to you?

    #21664

    AITpro Admin
    Keymaster

    Yes.  Since you do not allow public registrations or logins then spammers will not be allowed to publicly register or login.

    #21665

    jenni101
    Participant

    Great! Thanks for your help to clarify this for me.

    Cheers.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.