Lots Of Spam

I think this blog gets way more spam than your average blog. For instance, over the lifetime of this blog (a little over 4 years), it averages about 95 unique visitors per day. Pretty poor average, I know, but this blog existed for 2+ years being read only by my family. Over the last year and a half or so, my averages have been up around 150 – 200 uniques per day.

Now, comment spam wasn’t a huge deal here until about a year ago or so. When it became a real problem, I installed Spam Karma, which has stopped pretty much all of it. How many pieces of comment spam does “all of it” equal? Right about 60,000 comment spams, in nearly one year. See the little black bar at the bottom of this page? It counts the number of comment spams that Spam Karma has stopped. It currently reads “This blog is protected by Spam Karma 2: 62528 Spams eaten and counting…”.

It’ll be at 62700 or so by tomorrow morning probably. Maybe I’m way off, but I just think this is an awful lot of comment spam compared to the relatively low amount of “real” traffic this site sees. But whatever, I’m just glad to have Spam Karma.

WordPress.com: Spam Blog Fastest Growing

Take a look at this screenshot:
wordpressComBlogSpam

The 4th fastest growing blog shown there is a spam blog. I thought wordpress.com was having troubles with spam blogs soon after they launched. And I thought they devised a way to prevent it for the most part. I wonder if the spammers have come up with a new method to do their trickery…

WordPress Security Issue

Dr. Dave, the dude behind Spam Karma, has issued a warning to all WordPress users. A message popped up on my Spam Karma 2 dashboard warning of a potential security vulnerability in WordPress. Here’s part of the warning:

If you are running WordPress as your blogging platform and if you have been trusting enough to leave User registration enabled for guests, DISABLE IT IMMEDIATELY (in wp-admin >> options: make sure “Anyone can register” is not checked).

Additionally, delete or disable ANY guest account already created by people you are not sure about.

Leaving it open and letting people sign-up for guest accounts on your WordPress blog could lead to incredibly nasty stuff happening if anybody so desired. And trust me I am not exaggerating this. So don’t wait a second to disable this option and please relay the message.

Now, the WordPress development team was apparently notified a “while back”. They supposedly haven’t done anything yet to rectify this problem. Dr. Dave has received a lot of questions due to his initial post. In turn, he’s made another post in which he addresses some of those questions.

Hopefully we’ll see WordPress 2.0.4 out within a few days.

UPDATE: WordPress 2.0.4 Beta is out. It should be safe to open user registrations under WordPress 2.0.4. I’d expect to see the final 2.0.4 release next week.
[via Ryan Boren]

How Did I Survive Before?

I’ve been using the Spam Karma 2 plugin for WordPress to battle comment and trackback spam. Before deploying Spam Karma 2, I’d awake every morning to roughly 100 comment and trackback spams.

Since I’ve been using Spam Karma 2, I haven’t had to manually delete a single piece of spam or even moderate any. This piece of software should come bundled with WordPress, it’s that good. As of my writing this, Spam Karma 2 has caught 415 seperate pieces of spam.

I can’t even explain how it goes about determining whats spam and what isn’t. You’ll just have to read the website if you’re interested in that. It’s a really well written piece of software and well thought out. The author did an extremely good job with it.

I’ve also got a major referer spam problem. Referer Karma, from the same author, will be put in use here shortly. I had been using a very simple method for blocking referer spam. The method I currently use is another WordPress plugin, but I constantly have to edit it’s data file to keep up with spamming referer hostnames. Referer Karma should eliminate this need. I may just see if I can’t hack the current referer spam plugin to use the domain blacklist that Spam Karma 2 keeps. Spam Karma 2 adds all the domains I want to block as referers to it’s domain blacklist. It’s really a wonderful plugin.

Blogroll

I’m gonna clean up my blogroll tomorrow. If you wanna be included or want to be removed, just leave a comment or shoot me an e-mail. Gotta split some of those links into new categories. Getting sick and tired of the growing list, makes it too hard to find a specific link.

UPDATE: Probably not the best time to do this, but I’m using Spam Karma 2 WordPress plugin now for spam protection. There’s tons of comment and trackback spam every morning when I get up, along with a bunch of referer spam. I’ve tested it a little and it seems to work alright.