Order of the Bath

A while ago I mentioned that I had installed the Akismet spam blocker on this blog. I still think it does a wonderful job, but over Christmas another problem appeared. Akismet certainly traps all the spam still, over 2000 items in a few days when I wasn’t watching closely and then 2-300 per day since, but it parks it all in a holding queue. The default action is to hang onto it for 15 days then it drops off, lost forever. The idea is that it gives you time to spot any false positive identifications and retrieve them. In practice there is just so much of the unsavoury stuff that it was not possible to go through it—it is actually quite depressing trying.

As an improvement I have installed the Firefox Greasemonkey script called “Akismet Auntie spam for WordPress.” What this does is reduce each spam item to just two lines which contain the essential information—the name, email, URL, IP address and the beginning of the comment. This makes it much quicker to scan through and detect any possible mistakes, particularly reducing the huge link infested ones to a manageable size. Yet, with a few days away, even this was not enough and I had noticed that the comment URL on the blog was now the most referenced page on the web server and there was a risk that the web host may complain.

It was with great pleasure that I discovered the answer in the WordPress “Akismet Worst-offenders” plugin—this is sort of a plugin to a plugin, it provides additional admin functions. It is very much a work in progress but it does a great job. The first thing it does is to categorise spam into types based on things like IP address (where it came from) and URL (what it is advertising) and content (number of links). This allows you to delete stuff in related chunks rather than an all or nothing approach which is the default for Akismet. If you have 25 comments all from the same IP address in a very short period then you can reasonably assume they are rubbish and dump them. Using this it is possible to reduce the queue to a single page which it is not difficult to go through by hand.

A recently added feature, however, is even stronger. Having identified where the spam comes from it can add a “Deny” clauses to .htaccess, the file that controls the web server, so that addresses are completely blocked from your site. Now the rouges are completely locked out, the spam doesn’t even get as far as WordPress, and the load on the server and database is considerably reduced. The block list is continually reviewed so that only currently active spammers are blocked and, in case you were worried about potential readers being blocked from the site, however innocent they may be, the chances that the owner of an infected spambot actually wants to read your blog are immeasurably slim, unless of course you are on the A list.

Now the negative bit—the documentation is pretty poor. The guy is at the end of his doctorate so is rather busy at the moment, but I trust that things will improve. The basic function is easy to set up. Just download the file, rename it to .php, install it in the plugins directory and activate it. There is a configuration panel which can be left at the defaults and that is it.

The .htaccess bit is not descibed anywhere that I can find. What you need to do it download your existing .htaccess file and add the following lines to the end.

Order Allow,Deny
# BEGIN worst-offenders
# END worst-offenders
Allow from all

then upload it again. That will tell it where to insert the deny messages and then that just works as well.

This entry was posted on 9 Feb 2007 at 20:44 by Rick and is filed under Technical, WordPress. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.