Some discussion on #wordpress and on the wp-hackers mailing list gave me this idea.
As WordPress spammers get more intelligent, they are going to realize that some people are using URI blacklists to block certain notorious spam-sites. Comments posted with these URIs won’t make it. So what is to prevent the spammer from trying other URIs until he finds one that isn’t blacklisted, and then launching a torrent of spam? Nothing. And what if they get lucky the first time and don’t trigger the blacklist? They’re free to post to their heart’s content.
So here’s the plugin I wrote to change that. Please note: while this should work in WordPress 1.2, there will be “comment posted” e-mails sent to the author even for comments that are put into moderation with this plugin. This is unavoidable in 1.2. In WordPress 1.3, it can intercept those e-mails.
The plugin works by checking to see if there are any comments in moderation or that have been posted in the last 24 hours that have the same IP address, e-mail address, comment body, or URI as the current comment being submitted. If there are more than 5 (default) comments that match any of those fields, the comment is sent to moderation, and all similar comments within the past 24 hours are retroactively sent to moderation. This check only occurs if the comment gets past WP’s built-in moderation.
The plugin has a safety feature so that legitimate commenters don’t get put into moderation just for posting a lot of comments on one day. The plugin takes into account the total number of comments posted by that commenter, and only if the last day’s comments are disproportionally more than the total number of comments posted prior to 24 hours ago do those comments go into moderation. The multiplier that determines this can be set by the user.
Copy-paste the text of the plugin into a file (call it whatever you like). Make SURE that there are no spaces before the opening
<?php or after the closing
?>. Upload the file to your plugins directory, and activate it using the interface.
If you like, you may change the default settings. Setting
$trigger lower will probably catch more spam, but if a legitimate commenter who doesn’t have a number of previous comments leaves a large number of comments in a 24 hour period, his comments will be moderated until you approve them.
The other setting is
$friendly_multiplier which is the number that is multiplied by the number of recent comments and compared against the number of old comments. If you want to reduce the number of previous comments required to overrule a heavy day of commenting by a user, set this lower. Setting it to 0.5 means that the user would have to leave twice as many comments in a 24 hour period than he has left in the period prior.
This plugin is highly effective against big sudden spam attacks because it can recognize the common thing among the spam (be it the IP address, the URI, the content, or the e-mail address) and go back and unapprove any spam that got through at first.
Let me know how it works for you and feel free to suggest any improvements.