A thing to consider
If you came here looking for a solution to stop the I should email u about this
spam and if you don't know how to do it yourself, feel free to contact me
and maybe I'll help you ;) . Please, bear in mind that most likely it will be a paid service. However, I can help you to get rid of any spam, not only the I should email u about this
spam! All without images verification (known as CAPTCHA) which is not 100% user friendly.
Why Spamming? Why WordPress?
WordPress and it's vulnerability is well-known (at least I think so) and it can be compared to vulnerability of Windows operating systems in my opinion. The "I should email u about this." spam just proves it.
In fact, the possibility of leaving comments is appreciated by these groups the most:
- links builders (who can be considered spammers in many cases)
do use WordPress blogs to gain links, and thus spammers are links builders too. All SEO's who use black-hat techniques love WordPress just like malware developers love Windows! The fact that any application is so vulnerable should lead to different content management system usage. Just try this search query
to understand how many domains are vulnerable thanks to WordPress!
The Recognition of the SPAM
The I should email u about this
spam can be recognised when:
- the string contains only 1 sentence
Why Only 1 Sentence to Say It's Spam?
Often, when people leave useful and informational comments, they don't consist of 1 sentence. Otherwise we can say that it's about links building only (spamming). In fact, useful comments should contain 4 sentences at least
! Any sentence can end as one of these characters: .!?
, eventually ;
. If you'd block only I should email u about this
, other types of spam would pass your filter. Such as
- I should notify you about it.
- well.. it’s like I knew!
- nice! i’m gonna make my own blog
- and many more...
Let's use a filter or more filters to test any comment:
- Image verification (although this is not 100% user friendly and doesn't guarantee a manual spamming to be thwarted)
- Unrelated words test (if your website is about cars, it is unlikely to submit a comment about bonsais)
- Comment length verification
- Special characters detection (is your website in English? then there should be no comments in Chinese)
- Number of dots, number of characters between dots
- User agent and browser language detection (browsers do have agents and languages configured)
- IP recognition (if someone spammed from one IP, block that IP from posting further comments - or add additional verification which is for humans only; sound or image verification)
I haven't seen any freely available CMS software that allows spammers doing what they do with WordPress. In fact I'll consider becoming a member of some black-hat community just to test how fucking easy things are with spamming WordPress. For sure it would be possible to gain over 20K or 30K of incoming links overnight this way. Even though this spam is attacking non-WordPress websites too, in my opinion at least 70% of attacked websites are using WordPress. 9 out of 10 results in Google (the query somewhere above) are WordPress blogs (information valid on 20 October 2009).
20 October 2009