Excellent work!

Chris

I know that you’ve stopped development for now, but I’ll add this feature request for “posterity”:

I would love to have an option that puts trackbacks from my own site in the moderation queue.

Right now, every time I include a link to one of my own posts, it shows up as a trackback; that’s not a huge problem, but since I edit my posts often, I waste a lot of time going back and re-deleting those trackbacks after I’m done.

That would just be gravy on what is the plugin to end all plugins (and all spam).

I suffer flood attacks, instead of spam attacks. Spam Karma does not protect a particular, mostly forgotten, easily floodable feature of most sites: the “request new password” page.

My site has been used by a malicious user to flood the mails of my commenters by targeting an script that request hundreds of new passwords for them, flooding my registered visitors’ mailboxes… yes, bad thing…

The “SnowBall effect” could be adapted to protect those requests, and other similar unprotected areas, as the registering form.

Overall, GREAT job–you’re solving my comment spam problems. (If only referrer spam could go away too…oh well, I’m just resigned to not getting useful data from my logs there anymore….it never was really useful, just fun)

Keep up the good work!

BUT ( you knew this was coming ) today I’m being attacked for the first time with trackback spam. I do hope your new SK will have a bit heftier weapons against this aggravation.

Thanks for the work!

- unless 90% of the words in comments are other than dictionary words it will be considered spam (captcha test)

- extended ascii = spam (captcha test)

- N# words without punctuation = spam (captcha test)

Also how about an option to render the captcha in flash as opposed to a raster graphic?

$0.03

Also, I’ve noticed that many spammers are now including gibberish in their URLs. I suspect it’s an attemtp to overflow the blacklists and keep the burden of processing on our side. Can you include an “invert all” option like WP does, so that I can quickly uncheck all the gibberish URLs? The same for the list of IPs to insert into the database would be helpful, too.

- some way to share blacklist information with multiple WP sites under my control (FTP upload/download from user specified location)

- SpamAssassin rules

- user control over the number of characters shown in the captcha

God bless and Merry Christmas

I am currently busy (well, as far as holiday schedule lets me) putting together a rather hardcore kinda p2p blacklist system… it’ll probably go into a separate script (not even a plugin, as I’d like to make it blogging-platform independent) and be an important part of the system… Expect a lengthy post on this matter in the next day or so.

As for all the points mentioned above, they are duly noted and will be placed atop the implementation list. The “Restore deleted”, in particular, seems to be a popular one.
Two request that probably won’t though, and the reason one:
1) placing all comments into moderation: is obviously what SK is trying hard to avoid. Getting 1000 moderated comments that you need to sort through and manually delete is hardly an improvement at all.
2) using a table prefix for the blacklist is a point more open to debate. Basically, this is a purposeful choice, in that it allows many installs to share a common blacklist table. Which after all makes sense. Of course, there’s the issue of someone entering bad stuff in the table, but we’ll go on the assumption that, if they are sharing the DB, you have a minimum of trust in their abilities to not do very stupid things, or you simply do not give them access to SK (could be done by giving them a user-level < 8)…
Are there any reason that we shouldn’t do this and we would really want to force a prefix?
I guess it would be possible to provide a configurable option for that… just wanna know if there are good reasons to.

Today Spam Karma defended my site against the first spam wave I’ve recieved - it still does.
Awesome! Thank you!