Anti-Spammer: The Tools I use to stop Comment Spam

I am not really sure how many people are actually interested in this kind of thing or not interested - feedback needed here folks. I am talking about the battle which I have been having with spammers, who have been able to force the site down. Since I haven't received anything negative about it, I will continue to write a little about it...

Stopped 1746 spammers since 2013/11/25

no spammers allowedPretty impressive if you ask me, stopping almost 1750 spammers in 5 days, is pretty awesome. That's a tool which is simply called Stop Spammers. It's done wonders in terms of keeping the site going. For a while there, I was restarting the server every couple days, we are now 5 days with out a restart - had to restart it this morning however

I am also using Better WP Security, which is kind of like a Firewall, but gives security suggestions as well. I know this has helped to find holes in the software. Since 11/25, it stopped an additional 2500 attacks. These attacks were in the form of 404 errors due to missing or changed URLs or bad logins. Most of the logins were for ones which don't exist or are for the "admin" username - which was suggested to be changed due to all the attacks on it.  That's one of the things which really made a difference for me, as Login Lockdown (and similar) or Login Captcha type addons weren't doing enough for me.

HideMyAss VPN

Encrypt your web browsing, gaming, and online banking

I found an attack which wasn't listed at Stop Spammers, via Better WP Security, which warns of intrusions and various kinds of attacks. The attack is for this string "'+++liker.profile_URL+++". I found a link which recommended forcing a 303 (redirect) error, to forward them to the main index page when this particular kind of attack is initiated, via the htaccess file. It didn't work. I still get the attacks, and the site went down again for a couple hours.

I did notify the Stop Spammer developer about the attack url type, hopefully he will be able to use the info I provided with the Anti-Spam addon. He did say it will be included in v5 (we are on 4.2) of  the addon, but that could mean that it will be several months before an update, or it could be a pro feature ($$). I will probably end up paying for a pro-feature if it goes that way.

So the Stop Spammer addon will auto-blacklist known spammers, and work to report ones which get through. Now I did install a few bonuses to this. One of them is what's called a honeypot, where if a spammer tries to click on a hidden link, then they get tagged as a spammer. Since it said I should put them on all the pages on this site, I added them to some of the sidebars and footers. Hopefully that's enough, but I suppose I could add it to the Amazon advertisement at the top of the page. The other bonuses work again to help find and report known spammers. My site will now help others with this mess of spam, as well. I never realized the amount of spam out there, till the firewall/security program let me know what was going on. You can only guess sometimes what is happening.

I do have to thank a developer/programmer friend of mine, initials are J.P. He is the one which helped me move a couple times to different servers. We are currently hosted at SoftLayer which is the #2 hosting company in the world (godaddy is first). Not only did he move it, but got it setup. He also provided the link I need, so I can restart the server when I want to. A short while ago, I asked him to set up a restart script for the server, but for some reason, it didn't work, and shut the site down as well. Happened a couple times in a row, so had him remove it. A shame though, means I still have to manually reset the darned thing whenever it goes down. 

Now, imagine if we were back on a shared host, and had all these problems. The other sites on the same host would also go down. This actually happened a while back. When it started, I let 1and1 know we were being DDOSed. Now I do know it was an actual DDOS attack and not a Spam attack. Back then, we were on a forums, and the tools weren't as rich as they are today. Anyways, they put the site into a "blackhole" which killed all the incoming traffic till the attack stopped. But it took them a good 12 hours after I responded to do that. I wasn't on an unlimited bandwidth plan then - so they tried to charge me $1200 for the attack. We moved to godaddy's hosting then, and got the unlimited package. Well, a couple kills to their server, and a lack of specs - which is to say we needed more processing power, and we moved over to a VPN, which is a Virtual Private Network. It's similar to shared hosting, but we have a separate container on the server which means that our website doesn't fuxx with anyone else's web site, if we go down... and then we kept going down, had multiple issues... on to Softlayer - again J.P. was an immense help here.

Now another thing I also added, was a new SEO plugin. I was using the All In One SEO Pack, and I guess it's good for beginners - which I have been for quite some time. This new one does add a couple features. The first feature is to add something to our RSS feed, with links. This will help to prevent peeps from stealing our guides and posts (which I know some do). Well it won't remove it completely, but will add a link back to here (going off-topic here, but Slick RSS is a great RSS reader for Chrome). Another feature was the ability to turn off certain types of links which can also be used to advertise on this site, specifically viewing of the users' public info. Subscribers need not worry about this, their info is located elsewhere and hidden. As for the actual SEO workings, it's advanced, and I wish I had had it installed before the AIO SEO plugin. I would have learned and possibly been higher on the search engines with the info I now know.


Plugins we are using which relate to this post;

I do love constructive feedback, so let me know what you thought of the post, and please share this post with others. If you own a website and any of this helped you, a link back, is most appreciative.

Leave a Reply

Your email address will not be published. Required fields are marked *