WP-SpamFree Today, I upgraded WordPress to version 2.8.3. I upgrade immediately when a new version is available. And these days, I don’t even test this. I really like WordPress as it is one of the most decent, new-technology, web 2.0 driven, extensible blog I’ve ever seen. The upgrade goes automatically. And it works like a charm.

Well, almost.

People started to complain that they couldn’t post any comments to my blog anymore. They got the notice of SpamBam that spam comments were not allowed and JavaScript should be enabled. But users are definitely NOT spambots and JavaScript was enabled, so I started a search.

SpamBam uses a random key to determine whether the posted key was the same as the previously generated one. This key was regenerated after posting the comment. I assume that WordPress now calls the do_action(‘comment_form’… not only when generating the page, but while posting the comment as well. And there’s the problem. SpamBam registers the generation of the key in the comment_form action, so the key is regenerated so that it doesn’t match the key on the blog page anymore.

Since I didn’t immediately find a solution for this and since SpamBam isn’t updated since ages, I started to search for another anti-spam plugin that doesn’t work with captcha‘s (extremely annoying and not working after all) and is really reliable… I found WP-SpamFree which seems to use about the same technology as SpamBam, but a little more sophisticated and it was updated only recently. It feels more solid and commenting now works again.

I now enabled a logging feature to see how many spam comments are blocked, just to see whether it is actually working. And ehm… hopefully I don’t end up in receiving spam comments again. But I doubt it. 


    • August 14, 2009

      Omdat die nog werkt met captcha’s. En dat wil ik vermijden. Feit is dat met wp-spamfree alleen echte commentaren worden toegelaten en spam tegengehouden wordt. De logs die optioneel bijgehouden worden tonen aan dat inderdaad een heleboel spam wordt tegengehouden. Ik heb nog geen enkele spam-mail binnengekregen (to moderate want ik toon geen enkele commentaar automatisch, tenzij die persoon al eens werd toegestaan.)

      Maar het is alleszins wel een goede tip voor wanneer spammers javascript gaan beginnen interpreteren. Hoewel captcha’s zoals gezegd door het “botnet van horny people” niet noodzakelijk zo veilig zijn 🙂

      Ook opmerkelijk: daar waar ik 10 spam commentaren per dag kreeg in het begin, heb ik er nu nog slechts 1 per dag.
      Hebben spammers hun activiteiten gestaakt omdat het toch geen zin heeft?
      Hebben ze hun activiteiten gestaakt omdat er het logo van projecthoneypot.org op mijn website staat? Who knows…

      Laat maar. Het zijn er weer veel per dag…

Comments are closed.