Important
As of January 1st, 2009, I am no longer developing, maintaining or supporting Spam Karma. If you want to contribute to its code or download the latest GPL release, you can check out the code repository, over at Google Code.
Thanks.
1. Overview
Spam Karma 2 (SK2) is an anti-spam plugin for the WordPress blogging platform. It is meant to stop all forms of automated Blog spam effortlessly, while remaining as unobtrusive as possible to regular commenters. Spam Karma 2 is the proud successor to Spam Karma, with whom it shares most of the development ideas, but absolutely none of the code
2. Requirements
- WordPress: SK2 requires at least WP 1.5.1 (or up). It is compatible with all versions of WordPress up to the latest release (2.1).
- mySQL: 4.0 or up is strongly recommended (some important functionalities might not work otherwise).
3. Installation
Install is the easiest ever:
- download the archive
- unzip and drop the whole SK2 folder, as is, in your
pluginsdirectory. - Enable the plugin in the WP Admin >> Plugins section.
- Browse to WP Admin >> Manage >> Spam Karma 2.
(Note: if you are upgrading from a previous install, simply overwrite the older files with the new ones in the instructions above)
Please check SK2 GPL repository for any potential downloads.
4. The Aftermath
Everything worked? Good.
Not quite?
Just check out the FAQ & Troubleshooting Page, your answer might be there. Otherwise, you can try WP.org support forums.
For bug-reports exclusively, you can contact me using this online form (do not use the old support email account: it is no longer active).
5. Tip Jar
If Spam Karma saved your life/relationship/cat/mailbox and you feel overly generous, please feel free to make a donation.
If you don’t have cash, but plenty of time to spare, consider helping out with some WP community-related projects.
6. Other Languages
Sprechen Sie Deutsch? Parlez-vous français? 日本語喋れる?¿Hablas Español? Parla Italiano? etc.
SK2 can probably speak your language !
Go here to find instructions on how to switch SK2 to a language other than English.
If your language is not in this list already (or even if it is, but you feel the translations can be improved), learn how you can contribute here.
7. Documentation and Extra Stuff
For more info about how SK2 works, what it does, how you can improve it etc, check SK2′s Documentation Blog on wp-plugins.net. Please feel free to contribute.
There are additional third-party plugins available to extend SK2′s functionalities. Check out the full list here.
SK2 will automatically inserts an “X spams eaten” message in your footer (you can disable or customize it in the admin options).
Using SK2? Eager to tell the world about it? Like having 300 little acronym buttons on the side of your page?
Say no more, we have what you need:
Feel free to download and do whatever you want with this kick-ass button, including using it on your own page, possibly with a link to this very page. However: hotlink it directly from this page, and I will unleash my legions of killer ferrets on you and your descendance, at the click of a mouse.
If you are a developer and would like to learn how you can very easily use SK2 as a support for your own anti-spam development effort, check out the SK2 API page.
If you have an idea on how to improve SK2 (and see no mention of it in the existing docs) feel free to contact me about it, but keep in mind that nearly any addition to SK2 can be done outside of the core, through an SK2 module. Feel free to contact me if you want to take on such a task and need a bit of help getting started.
Normally, SK2 should automatically check for updates on a reasonably regular basis, but consider checking that page back in a few weeks if you do not see any update.
8. What about Karma?
You mean, the sanskrit word that defines a concept in eastern religions?
I wrote an entry about it here.
9. Your comment was mistakenly eaten by Spam Karma?
10. Licensing and Legal Matters
Spam Karma 2 is not GPL. It is copyright and all rights reserved. However, it is absolutely free for download, use and non-commercial redistribution. Anything else is subject to prior written permission by myself. If you contact me, chances are I’ll say yes to any reasonable request.
External plugins (including those bundled with Spam Karma 2) are the property of their respective developers and, by default, subject to the same distribution rules.
What this mean in practice: Spam Karma is “free software”, in that it is absolutely free to download, free to use and even free to tinker with (although I typically would require any modifications made to it to be clearly indicated to potential users). What I do not want to see, though, is people grabbing a version of WP and SK2, packaging them together and selling them for $300 (as they could do, with GPL software). Bottom line is that I am not trying to make money with this, and I don’t see why somebody else should be able to without me having a say first.
Once again, this type of licensing doesn’t make any difference for 99% of users (it’s free for whatever you need it to do), and shouldn’t stand in the way of the remaining 1% with more specific needs. If you have doubt or questions, contact me: I am very open to any discussion or criticism regarding this format of licensing.
I am also very open to porting SK2 over to other platforms. Its architecture makes it extremely portable (for a WP plugin). Contact me if you think you may be interested in adapting it for another platform.
It goes without saying that this software is provided “as is”, without any guarantee of warranty of any kind, nor could I ever be held liable for any damages it could do to your system (see header of source code for details): if SK2 was to go berserk, screw up your database, delete your entire blog, kill your cat and rape your hamster (or the other way round), you’re pretty much on your own legally. It shouldn’t though.
11. Changelog
New in 2.3:
- Miscellaneous bug-fixes (UI, WP21 compatibility, compatibility with other plugins etc.)
- A few small changes in the modules (improving blacklisting module, disabling RBL for now).
- Important updates to WordPress DB schema in order to try and improve its sluggish loading time (not directly an SK2 problem per se, but had to be done for SK2 to run fine).
2.2:
- Miscellaneous bug-fixes (UI, WP2 compatibility etc.)
- Fine-tuning of older modules to accomodate new spambot breed.
- Minor additions to SK2′s filtering modules to raise SK2 protections.
2.1:
- Full multilingual support (see available languages).
- WP 2.0 and SQL 5.0 compatibility
- Improved email integration (can flag/unflag spam directly from notification emails).
- Miscellaneous bug fixes and improvements
There’s something so deliciously ironic about seeing a spamment on this page….
Heliologue: yea, the irony doesn’t escape me…
Fact is, this page has a very high PR and is prime choice target for spammer, with or without the added bonus of the topic of the page itself. The reason most of these spams make it through SK2 is that, they aren’t real automated spams: most do not advertise anything (only “test” keywords or some random gibberish), some are even posted manually (with someone filling in the captcha)… I suspect at least half of these are not even professional spammers, just funny guys trying to make a point.
As I pointed out in the past, for the 5 or 10 minutes these doofus spent making a point, it takes me 10 seconds removing the comment *and* auto-banning their IP/URL *and* auto-submiting them to an RBL server where they will be served to every other SK2 users…
So really, they are doing us all a favour by making it much easier to pinpoint them.
Hey Dave, is beta 4 the official release?
A quick question:
I am using your excellent Spam Karma 2 plug-in. On my blog most of my commenters are polite and easygoing but one is a pain in the ass. He is not picked up by SK2 because he’s not spamming or using rude words.
Is it possible to program SK2 that whenever this guy posts, it is immediately sent to the moderation queue?
getting this error
Fatal error: Cannot redeclare sk2_add_options() in /home/user/domains/domain.com/public_html/blog/wp-content/plugins/SK2/spam_karma_2_plugin.php on line 32
Just perfect. SK2 beta 2 worked first time, caught bad comments and just kept going.
Upgrade to beta 4 was a breeze.
Highly recommended.
stop referer spam:
http://www.aaronlogan.com/downloads/htaccess.php
I reallllllly don’t like spam so I block with keywords like ‘poker’ and ‘viagra’. I’m not too worried if an ‘innocent’ person is trapped with those referer keywords
Hello. I just migrated a spam-infested PostNuke installation to WordPress. I estimate that there are some 8000+ spam comments in the database. Is there any way to run a fast-track “despam” option in SK 2? Otherwise it will be very, very slow for me.
Excellent plugin! Thanks Dr. Dave!
I’ve been getting this for a couple of weeks when I check my Spam caught list:
Can’t fetch comments.
SQL error: Server shutdown in progress
What’s up?
I just downloaded and installed the final release of SK2. Thank you for making it so easy and painless. What a breath of fresh air. Today you are the wind beneath my wings. Thanks!
I noticed a few bugs in the SK2 admin page. I’m running the final version and when I go to Manage > Spam Karma 2 the SK2 tabs at the top need to be dropped down a line. They run right up against the WP tabs.
Second, you said that once SK2 went final you would remove the log dumps at the bottom of each page. Is that still going to happen?
Finally, could you just choose one page to have the SK2 page on. I prefer it in Manage as that’s where the rest of the comment pages are.
Thanks for making a great plugin!
First let me say this is an excellent plugin. I have been using it since I started using wordpress. I just upgraded to 2.0 final R2, and I noticed that the admin portions shows up under “manage” as you indicated it would, but it also still shows under the options section. Is this just unique to me?
Cheers!
When I want to rescue 2 commments, I got this message:
Failed to downgrade blacklist scores. Query: UPDATE `sk2_blacklist` SET `score` = 0, `last_used` = NOW() WHERE `id` IN (Array, Array)
SQL error: Unknown column ‘Array’ in ‘where clause’
I am using SK 2 final r2 and MySQL 4.0.24-standard. Those 2 comments are restored.
Can I suggest that Spam Karma’s author date his entries so his users will know whether there’s an upgrade after they’ve installed theirs. I installed SK2 in May/June & it looks like this version is a subsequent one since the first comment in this thread is from July. But I’m not sure & don’t know whether to upgrade or not.
Is there another way I can tell whether or not I have the latest upgrade/version?
IF SK flags a comment as spam, AFTER earlier comments from the same IP or URL were successfully posted, it is possible for SK to then delete or put into some sort of moderator mode the previous comments that were successfully posted prior to the flagging?
Thanks.
SK2 is running great on my blog and proteckin’ me from SPAM. Thanks for such a superb plugin.
However, I have a problem with the emails that SK2 sends me. When I try to click on the link to look the “Comments in Moderation,” I get back:
And when I click on the link to “Rescue comment from spam,” I get back:
Again, I can work in the Options | Spam Karma2 interface just fine. It’s getting to things through that email that causes problems.
Let me know if there’s help. Thank you!
I have a stalker who leaves the same comment over & over again once I delete the previous one. All of his IPs start 69.234… He uses the same e mail for ea. comment and the text of his comment is the same ea. time.
I’m not sure I used the blacklist correctly (& tell me if I did something wrong) but I added a text phrase from the comment using Regex Content (/jewisly uneducated/ did I do that right?). Can one add the stalkers e mail address to Regex Content as well? What should it look like?
After I did this, SK2 forced the next comment into moderation. So far so good. I left the comment in moderation. The next day, the stalker published the same comment again & this time SK2 allowed it to get through.
Do you have to dump a moderated blacklist comment for it to get caught the next time it’s sent? If not, would anyone know why SK2 missed the comment the second time?
Jaya: this sounds like an old issue that should have been fixed by now. Please upgrade, try again and let me know if the issue keeps happening.
Richard Silverstein: Regarding the update info. I do better than dating my upgrades, I number them!
Whenever a new upgrade is out, all you have to do is compare the version to the one indicated in SK2′s admin screen (on top of the main option page) and upgrade if they differ. Furthermore, with SK2′s new notification option, you shouldn’t really have to worry about it: an update notice would appear whenever a new version is available.
Regarding this regex, it looks ok, but there are many ways somebody could extremely easily work around it (as it is, it wouldn’t even catch a capitalized variation of the same sentence). Regex are powerful and can be made to catch this sort of stuff, but they aren’t really user-friendly, so I would recommend sticking with IP or URL blacklisting if you aren’t used to them. The reason SK2 didn’t catch that comment the second time is probably that he didn’t use the same formulation. You can see SK2′s logs for each comments to see what happened.
Ian: SK2 automatically “retro-spank” older comments when it notices many attempts by a known spammer. This won’t happen before a certain threshold though. You could also manually go and moderate these in SK2′s control pages.
Tri: it sounds like you may need to upgrade SK2. If that doesn’t solve it, Westi (linked from SK2′s plugin option screen) is the one to contact about Digest plugin issues…
Thanks for yr. reply, Dr.
My stalker uses diff. IPs ea. time he leaves a comment so that wouldn’t work. He also doesn’t use a URL so that tool isn’t useful either. He does use the same e mail address & I did enter that in Regex Content Blacklist (was that the right choice?).
As for why it got through the 2nd time…as far as I can tell after reviewing both comments there was absolutely nothing diff. bet. them except IP address. Text the same, e mail the same, etc.
I’m in touch w. Westi & he’s going to try to create a plugin that forces all new comments into moderation (none of my WP comment settings are presently working). I assume that as long as I delete all old comments fr. my stalker that SK2 will consider his upcoming comments as “new?” Am I right?
Richard:
Hmn… unless your stalker has *heaps* of time on his hands and a fairly good knowledge of the internet, chances are he won’t be able to endlessly change IPs… Whichever pool he has access to (anonymizer, office computers) will eventually run out. I would advise trying to blacklist his IPs for a while (you don’t have to enter them manually, SK2 does it for you when you select a spam and click on ‘moderate’) and see if new ones keep coming.
As I said, SK2 doesn’t really look at email addresses, as they are generally meaningless for comment spam. Indeed, SK2 overrides regular WP spam settings since they would be redundant. Westi has offered to enhance his current SK2 add-on to include all WP fields. Drop him all a note if you are interested.
Hi Dave, I am running Spam Karma 2 final and also having the “Failed to downgrade blacklist scores.” mentioned above. Please help…
I have a new install of SK-2 and am thrilled with it! It’s knocking off a couple thousand spam comments a week.
There’s some leakage though, from “anonymous” commenters dropping nonsense comments with no links and bogus e-mail addresses. Since these are running between 100-200/day, I’m pretty sure they’re not being hard-entered.
Could you suggest a means to simply prohibit “anonymous” entries?
Too, I’d love to find some documentation about all the various settings available in SK, but can’t seem to find any. I’d deeply appreciate a pointer.
Thanks for a fabulously helpful product.
Thanks Dr. for letting me know about the automated IP banning happening through forcing moderation. I didn’t know about this until you mentioned it. That’s a helpful pointer. I’ve just been going to WP’s comment screen & deleting the comments fr. there.
My stalker keeps coming at me from the 69.234 IP string. It’s heartening to know that he’ll run out after a while.
Westi & I got in touch a wk. or 2 ago & he’s generously offered to put something together along the lines you mention. It will be most useful to me & others I believe.
I find it interesting that I am considered a spam blogger when this is only the second blog ever in my over 25 years of bbs and internet experience that I have ever tried to post too and it was not spam. Apparently your filters need some serious work. I wouldn’t reccomend this filter to anyone if it can’t even tell the difference between a true comment and an ad or spam, especially considering there was no link in my post.
Hmm.. after installing SK2 Final, it seems to have killed anything on the Manage-> Menu that comes after it (Like WP Theme Manager & WP Plugin Manager).
The last item on the Manage menu is now SK2, whereas before I had an additional 3 options. I’ve tried deactivating & reactivating the plugins, but no go.
Whoa, Diana–slow down a bit. First, of course it’s a drag to be flagged as a spammer by SK2 so I feel for you there. But to throw the entire baby out with the bath water because of a single false positive? You’re going overboard. You’ve got to look at the overall utility of the plugin compared to its errors. It’s not going to be perfect since a human created it. But it comes closer than most other such tools I know.
So instead of denouncing SK2 & telling us you hate it & will never touch it w. a 10 ft. pole, why don’t you ask Dr. Dave & the rest of us some questions about what happened & try to find out what might’ve gone wrong? Whenever SK2′s failed for me that’s what I do & I learn valuable things from this.
Dr Dave: Do you mean that SK2 overrides things like blacklisted keywords? Or do you think SK2 could override ALL WP comment settings? The reason I ask is that all of my comment moderation settings do not work. They used to work, but sometime after installing SK2 (& I don’t know for a fact that SK2 is the cause of this) I could no longer force moderation for new comments. For that matter, I couldn’t use ANY of the WP comment settings.
It’s a total mystery to me as to what happened. Would SK2 override all WP settings? If so, I wish there was some way that SK2 would do its anti-spam thing, but also allow WP to go through its comment settings. One important reason is that when I get a hate comment, SK2 won’t catch it since it’s not bot generated. But if it was a new comment, then my WP settings would force it into moderation (which it no longer does).
I left a couple of comments elsewhere on the issue of SP2 overriding WordPress’ comment moderation capabilities. Dr Dave seems puzzled by this and that anyone would care. Richard Silverstein in his August 16, 2005 comment at 06:03 pm starts off with
“Dr. Dave wrote:
SK2 overrides regular WP spam settings since they would be redundant.”
Now that’s the mark of programming hubris, that your program is so good that you don’t need to use the base program’s own capabilities. The behavior of SP2 so far with my blog shows that it’s actually approving comments that are a form of spam.
SP2′s program logic should be to throw any comments it thinks are not spam into WordPress’ comment moderation queue, and let the blog owner decide whether the comment should be approved.
That said, even though I like the power of SP2, I have no choice but to stop using it until this design flaw is fixed.
All right, I have already answered in many different places (including this comment section), regarding the issue of SK2 (and btw, mind the ‘K’ please: this is not “SP2″) and WP built-in options.
SK2 does override (ignore, to be more exact) WP’s settings such as “spam words” and “always moderate”… There are many reasons for that, and not all of them “programming hubris”:
1) Because it is rather inconvenient, and not trivial at all to make WP cooperate with any other form of spam filtering in a clean efficient way (that is, without having WP override in turn SK2′s own filters). It is doable, just more effort than I considered worth when coding (see below why).
2) Considering SK2 does it job better than WP’s built-in protection is not hubris, it’s mere common sense: a chain is only as strong as its weakest link. In this case, WP’s protection is that weakest link. Spam Words are completely useless, more prone to generate false positive than anything else, and pretty much always redundant with SK2′s advanced blacklist options. Also, I fail to see the point of running any advanced form of spam filtering if you are going to moderate all comments. SK2′s essence is to make commenting transparent for both admin and commenter. If you consider it acceptable to have comment delayed until approval, you may want to consider a more straightforward plugin for skimming with a lower efficiency rate, but also a lower chance of false positives.
3) It is actually possible to make SK2 compatible with WP’s options. SK2 API makes it very easy to do so, without touching the core, and with minimal programming effort. The point of this API is to allow people to extend SK2 in way they see fit, without me having to spend years of coding to cover everybody’s specific needs. Westi wrote a plugin that does this in part, and proposed to extend it to cover all options. If there are people interested (and it seems there are), they should definitely communicate him their interest and I’m sure he’ll be happy to go through with it (and I might end up bundling it with the standard install after testing).
4) SK2 is slowly but surely reaching the point of 0% spam. You may have seen (or will see soon) in SK2′s admin screen, an announcement for a new module based on Javascript. It is still a beta version and therefore entirely optional, but I believe it should add a good 90% efficiency on top of SK2′s current results. Also realize that SK2 learns from your actions: when a spam makes it through, do not delete it through WP’s email links (tempting, I know), but instead, use SK2′s “moderate” button, and you will notice that it becomes increasingly good at stopping spam.
5) If overall, you want a behaviour similar (but still better) to the “always moderate” option, I would advise you tinker with the general “leniency” setting, and set SK2 to be “cautious” by default: this will still let a fair share of commenters through, but will stop practically anybody (including legit commenters) by default and either give them a captcha or send them to moderation.
If anybody still has any question, please do not hesitate to post them.
Cheers
Dave -
I’ve started to receive the following error in my SK2 logs. I believe it’s been since the upgrade, but I honestly can’t track it well:
Cannot load news from URL: http://wp-plugins.net/sk2/sk2_news.php?sk2_version=0&sk2_release=final
What is the code that we need to add so that a user is redirected to the post they just commented on after the thank you page?
SK2 is wonderful except for this flaw. It really doesn’t look good for a site to just leave a user on a thank you page and require them to edit the URL or use the back button a few times to get back to the blog.
Dr Dave: I don’t feel at all as doctrinnaire as David Mattison about this issue. The term “hubris” was probably too strong. But I do think you’re missing something of David’s & my argument which is worth taking into acct. in terms of future development decisions for SK2. You yourself say that SK2 is not designed to catch human generated spam. Nor would it catch trolls, stalkers, etc. This is a serious problem for some of us whose blog’s deal w. controversial topics (or in Mattison’s case who get a good deal of human-generated spam).
For example, you once wrote to me that SK2 isn’t designed to monitor e mail addresses in its Blacklist. But the fact is that I’ve sometimes had stalkers who’ve used the same e mail address multiple times to leave harrassing comments. In this case, either having SK2 recognize blacklisted e mails OR allowing SK2 approved comments to be sent through the WP comment settings would prevent such comments fr. being published.
Also, I get multiple instances of first time commenters leaving abusive comments. Of course, SK2 is not designed to catch this type of thing nor do I expect it to. But by not sending such comments through the WP settings, I can’t stop such first-timers fr. getting their comments published whereas I could do this is SK2 cooperated w. the WP settings.
You say there’s no point in running SK2 if you want to moderate all comments. I do NOT want to moderate all comments. I basically only want to moderate first time comments AND any blacklist items that SK2 does not pick up which WP might. That’s why SK2 is still extraordinarily useful to me & I wouldn’t consider NOT using it.
As you say, Westi has expressed willingness to amplify SK2 so that it will allow send comments through WP settings. I’ve told him how useful this would be & how interested in it I am. But it’s been a few wks. now & I still haven’t heard anything (he mentioned he’d been sick for a few days). So I’m not sure where that leaves development on Westi’s proposed plugin. But I’ll be very eager to know when it’s available.
I don’t know why but when I clicked on recover for a comment caught in the “spam harvest” section by a person who posts regularly on my blog, all of his comments disappeared from my blog. Is there anyway to recover them?
I was talking out my a$$ with my earlier post — I was getting confused between the Manage & Options sections. My bad. So sorry. SK2 is the best thing since sliced bread.
DrDave, just a note to say thank you (again!) for a fantastic plugin. I now have 0 spam, and I don’t have to worry about being inundated by spam if I go offline for a few days at a time.
As I’ve mentioned here, I sometimes get assaulted with abusive comments when my site is linked at various forum sites.
After rooting around for answers & not being able to implement php script or .htaccess solutions I hit upon an idea to ban domain referrals that should work: using SK2′s domain black/greylist. What I want to do is prevent anyone coming to my site from the blacklisted domain fr. commenting at my blog.
But let me understand something: If I add the domain to the greylist that will put it in moderation, right? BUt if I use the blacklist that will automatically mark it as spam? Is that right?
Any other ideas I should be aware of in trying to use this solution?
Oh, I just thought of another question. The would-be commenters coming fr. blacklisted domains–I don’t want them to be able to use captcha to prove they’re not “spam” & thus get their comment through. Any way to prevent them fr. doing so?
Just thought of a reason this prob. won’t work. I don’t want to ban the domain of the visitor. I want to ban the domain of the referrer (since I can’t know in advance what the visitor’s domain will be but I CAN know the domain that will refer him/her to my site since other abusive commenters to my blog will have preceded the visitor coming fr. the referrer domain).
Does that make sense? Can someone confirm for me whether or not SK2 will work for me in this scenario.
Great stuff! Get Spam Karma 2
I asked this in #122 but didn’t see a reply. Spam Karma 2 is great. The only improvement that we could really use is the code to add so that a user is redirected to the post they just commented on after the thank you page after a Captcha test.
Any help?
I added this domain to my greylist, solomon2.blogspot.com. The next day someone fr. the same domain succeeded in getting a comment immediately published. Does the greylist have a problem picking up a domain formulated as xxx.xxx.com? Is there another way I should’ve entered this domain to get it moderated?
Great plugin.
Feature Request: Can we have a redirect back to the site or post after the captcha test? Leaving a vistor on a blank page with a thank you is not ideal.
Hi,I have used this plugin,but I wonder if it can add the function that it returns to the orginal comment page after someone post a comment.
Dr Dave,
Spam Karma 2.0 is working well, thank you!
I don’t know what yoy think of
how it somtimes assignes good karma of 0.5 to bad spam.
here is example with it nailing one spam
wit h high negative karma, and nailing the other but with slight positive score.
[removed SK2 logs to avoid clogging the comment section]
be well. I love the plug-in and have PayPal’d ya.
(Is that a verb?)
-ron jeffries
Richard
I am afraid you misunderstood the use of Greylist (I think I discussed it before, but it appears that comment was on the beta page… wiki badly needs updating, unfortunately I really don’t have time for it now):
- Greylist forces SK2 to ignore a domain. Meaning it will neither whitelist nor blacklist it. In effect, it disables the URL filter for this domain (but will still look at other triggers). This was particularly done for major blog services such as blogspot, which often used to have spammers on them, yet should probably not end up on a blacklist.
- domain Blacklist (or blacklist regex) is what you want to use.
Domain black/white/grey-list only apply to domains. That is: the tld (e.g.: .uk, .co.uk, .com, .net, .org etc.) and one level down (e.g.: foobar.com, foobar.co.uk but NOT blah.foobar.com). General idea is that, except for the few greylist items cited above, most spammers go by full domains: it’s unlikely a domain used by a spammer may be otherwise legit, and blacklisting subdomains is a neverending game, since it takes 2 seconds to create a new subdomain (and doesn’t cost anything, obviously).
I agree that the case where a blogspot user may be spamming is a problem, but in effect, such spam never really last more than a day or two: blogspot will quite rapidly shut-down the account. As of late, increased anti-spam measures on these hosted blog domains means even less chance of spam from such sub-domain.
If one really wanted to blacklist a subdomain, then best is to use a regex, but these are somewhat complicated and require a very good knowledge of what you are doing. Do not attempt to use otherwise, as you may easily block every commenters.
Ron
The short answer is: SK2 is not perfect. Nor is it magical
The long answer:
SK2 uses a rather complex set of heuristics to determine spam from ham. Voluntarily it comes with a near-empty blacklist (pre-set blacklist go outdated the minute they are released, pattern-based blacklists tend to generate way too many false-positives).
However, it quickly learns from spam attempts, by filling the blacklist and using Real-Time Blacklist, among other things. It also looks at the “commenting patterns” of your visitors, so as to spot suspicious activity (e.g. an unknown person posting 10 comments all of a sudden).
This means that, on one hand, SK2 becomes better as it goes, on the other hand, there will always be a small fraction of unstopped spam (although it will tend toward zero). Make sure you flag these spams within SK2 (using the “moderate” button) and not WP’s built-in screens, so as to train SK2 on them, and you will notice a quick improvement…
Also make sure you keep up with updates and new filters for SK2: each one tend to improve spam protection by a notch (thinking of SK2 JS filter, among other things).
kelet and everybody else requesting a return to the post after filling a captcha: this is on the map. Probably will be added to SK 2.1, released sometime in late September, time permitting…
Cheers everybody
what’s up with this?
Failed to purge comment spam entries.
Query: DELETE `wp_comments`, `wp_sk2_spams` FROM `wp_comments` LEFT JOIN `wp_sk2_spams` ON `wp_sk2_spams`.`comment_ID` = `wp_comments`.`comment_ID` WHERE (`wp_comments`.`comment_approved` = ’0′ OR `wp_comments`.`comment_approved` = ‘spam’) AND `wp_comments`.`comment_date_gmt`
Dr. Dave: Thanks for the update on the redirect after the captcha. We look forward to it. You are the best.
Mobius: There are two essential requirements for SK2 to work correctly (listed in the entry above). Chances are high you install doesn’t meet one of the two. Please check.
Cheers.
Dave: thanks for clarifying about what domain greylist does. I did indeed misunderstand.
The Solomon2.blogspot.com domain is not a spammer per se. It’s a real person. I wanted to force all his comments to be moderated since he sometimes publishes useful comments on my blog & sometimes publishes rubbish. I don’t want to put his domain/subdomain into the blacklist since some of his comments are fine. I just wanted to force all his comments into moderation so I could choose which ones to publish.
It looks like what you’re telling me is I can’t do this (at least until Westi comes up w. that plugin that activates WP comment settings).
[...] You’ve probably noticed the nasty spam trackbacks and comments that keep popping up on the site. I can assure you that for every one that you see, I’ve deleted about 150. Enter Spam Karma 2. [...]
[...] Spam Karma 2 – Reloaded [...]
[...] that people actually read this site instead of just spam ‘bots. I have my doubts. » Permalink94 words in thispost [...]
[...] I’m about to install (finally) Spam Karma 2. I’ve been using Spam Karma 1 for some time now. Please email me if you have any problems posting comments. And, you’re not, you know, evil — evil in a bad way that is. [...]
[...] Spam Karma 2 – Reloaded [...]
[...] I’ve installed the spam filter on this blog its called “Spam Karma 2.0″ you can download it from here: Hopefully that should prevent any large amount of spam in my comments . [...]
[...] Ich habe meinen Spamfilter ausgetauscht. Statt SpamKarma setze ich nun BadBehavior ein. SpamKarma ist ein toller Spamfilter und hat bei mir eine Erfolgsquote von 99% erreicht. Warum dann der Wechsel? SpamKarma läßt die Kommentare und Trackbacks durch um sie prüfen und bei Spam werden sie einfach gelöscht. Das schlägt sich in der Serverstatistik wieder wenn ich 35% aller Zugriffe nur durch Spambots habe. Auch die Refererstatistik wird durch die ganzen Spamlinks völlig unbrauchbar. [...]
[...] Spam Karma 2 (SK2) 是由 Dr Dave 编写的一个防止你的博客被 Spam 的插件. 你可一从Dr Dave 下载最新版本的SK2, 要运行SK2你需要将WordPress升级到1.5.1版本以上, 而且MySQL不可以低于4.0版本. 安装相对来说简单一些, 下载 – 解压缩 – 上传到wp-content/plugins/中, 这样一来安装的工作已经结束了, 打开管理界面进行必要的配置
[...] Spam Karma 2 – Reloaded [...]
Cleaned up
I’ve managed to clear out all the comment and trackback spam. I installed Dr. Dave’s Spam Karma 2, which helped with the clean up. I’ve had comments turned off while I’ve been sorting my web-host server problems, but am going to…
[...] Τέλος πάντων. Αυτό που έβαλα, είναι ένα τρίτο plugin, το λεγόμενο Spam Karma 2. Γενικά με εντυπωσίασε με τα features του, και ελπίζω να είναι όσο καλό στη πράξη όσο φαίνεται. Ουσιαστικά είναι ένα βαρύ anti-spam plugin, το οποίο βαθμολογεί το κάθε post, βγάζοντας ένα karma value για το καθένα. Βαθμολογεί πολλά πράγματα, από το αν ο συνδιασμός IP-name-email-page έχει πολλά pre-approved comments, το αν ο ίδιος συνδιασμός φαίνεται να σπαμάρει το blog με πολλά σχόλια, αν κάνει σχόλια σε παλιά posts, κτλ κτλ. [...]
[...] Just a quick post to say a public thank you to the unknown genius who came up with the greatest WordPress plugins I have ever used. I am talking about Spam Karma and Refer Karma. [...]
[...] WordPress has been upgraded to the latest version. I’ve also installed Spam Karma 2, which is a mean spam guard, and Spam Karma 2 Stats, a nifty counter thing (at the bottom of the page), to show how much spam is “sent to hell”. [...]
Trackback etiquette and trackback spam
Anyone with a blog has noticed that trackback spam is on the rise. The usual PPC spammers have figured out how to send trackbacks and bypass many blogs’ spam filters. But there’s a new kind of trackback spam out there.
…
[...] {update 2] Well, I’ve not played with any code, but as per some advice from IO ERROR (via a small text box on his home page), I’ve now installed Spam Karma 2 (and retaining Bad Behaviour). [...]
[...] To make this blog even more secure than it already is, I added yet another spam killer. I’ve seen it recommended to install Spam Karma alongside Bad Behavior to fill in any gaps. I’ve installed the fourth beta version of SK2. It’s packed with options and can be set anywhere from very paranoid to very forgiving. I’ve set it somewhere in the middle. In some cases, if you leave a comment you may be asked to fill in a “captcha” security form. This is an image that contains random characters which you must verify before you comment is posted. It’s unlikely that this will happen, but I wanted to make sure people are aware of this. [...]
[...] Since I needed to test out the new chair and the desk arrangement — can’t have things distracting me while I’m writing, ya know — I decided to take care of a few blog-related matters… starting with the deletion of 789 spam comments. I guess it was kismet that led me to Spam Karma 2.0. And Paged Comment Editing is pretty nifty, too. [...]
[...] Das war nicht so gedacht. Meine erste WordPress -Version (1.2) machte ganz normale Links. Ab V1.5 nicht mehr, WP fügt externen Links den Zusatz rel=’nofollow’ hinzu. (für die Spider). Habe das nie bemerkt bis mich Sandro in seinem Kommentar darauf hingewiesen hat.
Der Link zum Plugin ist aber flasch und darum durchgestrichen, das Plugin fügt “nofollow hinzu, dann steht es doppelt im Quelltext [...]
[...] Hm. Ja.. Det tycks som att mitt sommartema inte funkat så bra ihop med Spam Karma. Alla som kommenterat de senaste två veckorna har fått en Spam Karma på minst -20 för att temat saknade raden . Oh, well. Nu är det åtgärdat och det ska gå bra att kommentera här igen! spamkarma [...]
[...] Sedan jag installerade Spam Karma så slipper nästan ingen kommentars- eller trackbackspam igenom. Men jag är lite trött på att allehanda spambottar hamrar på min blogg. Det är ändå lite stört att min Spam Karma rapporterar att den har stoppat 381985 spaminlägg när det knappast rör sig om en välbesökt eller ofta kommenterad blogg. [...]
[...] I finally got hit by spambots spamming the comments with their usual poker casino cialis viagra crap. Never used to happen until now. I’d hate to have to turn on mandatory site registration again (because i’d like for everyone to be able to just jump in and leave a comment anytime, without having to register) so i’ve installed the Spam Karma 2.0 and Bad Behavior plugins. [...]
[...] Estoy realmente impresionado (en lo positivo, claro). Ayer me instalé el plugin Spam Karma 2 (SK2), asunto que tenía pendiente desde que actualicé mi WordPress a la versión 1.5.1.3, ya que el Spam Karma 1.x con el que venía trabajando me daba algunos problemillas que no lograba controlar: me censuraba comentarios válidos y me dejaba pasar algunos que no lo eran. Con todo, su trabajo era impresionante, ya que la relación entre censura de spam-censura de comentarios válidos era como de 100 a 1, y además casi siempre podía recuperar los mensajes correctos censurados. [...]
[...] Web Oficial | SK2 [...]
[...] Qualche giorno fa ho installato l’ultima versione di Spam Karma, ultimamente mi veniva segnalato un errore nell’aggiornamento della blacklist ed è stato solo per caso che ho scoperto che era uscita la versione 2.o, non ho idea da quanto tempo sia stata rilasciata. Per chi usa ancora la vecchia versione consiglio vivamente di passare a quella successiva, è migliorata notevolmente, per esempio ora se un commento è marcato come spam, viene tenuto in una lista di moderazione e non c’è possibilità che venga cancellato, se non manualmente. [...]
[...] A minor update to the SK2 Digest Plugin has been released to fix the following feature – “Link at top of email to spam section of SK2 pages doesn’t work” – current version is 0.951 and is available for download from the SK2 Digest Plugin page. I’m sure DrDave will pull this in to the next Spam Karma 2 release. « This entry is part of a series read the rest: 1, 2, 3, 4 » Comment on this post [...]
Hlelo tereh!
…schreibt mir jemand namens Backwater P. Supercharger per E-Mail, um mich dann über die neuesten Entwicklungen auf dem Potenzmittelmarkt zu informieren. Wer daran genauso wenig Interesse hat wie ich, kann mit etwas Umsicht und mit guten Spamfil…
SK2 y chao al Spam
El spam es siempre un problema con un blog, y hay diferentes maneras de controlarlo, aunque algunas con resultados realmente malos. En este sentido un buen plugin antispam es Spam Karma 2, disponible para WP, y que combina una serie de mecanismos de co…
[...] I’ve been getting hit by about 200 comment spam a day. If this still doesn’t help, I’m going to install spam-karma… Tags: wordpress, spam-karma Filed under: /internet, /me — aadis @ late at night [...]
[...] To fight this, today I installed the WordPress plug-in “Spam Karma.” [...]
[...] [...]
[...] I was checking out the new Spam Karma 2 info today, and noticed that I’m in the credits. Thanks for the nod Dr. Dave! I was/ am more than happy to contribute to your Spam killing cause [...]
[...] Spam Karma 2 apparently gives a -20 score to any comments which don’t include the “Encrypted Payload” from the comment form. This Encrypted Payload is, naturally, not mentioned in the upgrade guide, nor is it present in my current theme. [...]
[...] Remember when I said I installed a plugin for WordPress called Spam Karma 2? I’ve got one word: [...]
[...] Fortunately, a little bit of .htaccess coding and the Spam Karma 2 – Reloaded plugin have all but eliminated the Comment and TrackBack spam. Of course, there are occasional false-positives with SK2, but since it provides a “Second Chance” to avoid being blacklisted, the occasional blockage is usually short-lived. [...]
Upgrade WordPress und SpamKarma
Mein Notizbuch läuft mit neuem Unterboden
…
[...] There is also a button stating “SK2 Protected.” I installed a plugin on WordPress that filters all my spam and such forth. Now, if you leave a comment with more than 5 (can be changed to anything) links, it will take that comment as spam and remove it. It has much more abilities like, blacklisting IP, domain names, etc. That’s what I had to do to one of my readers. (nasty comment, and I don’t know him.) [...]
[...] Seit Spam Karma auf meiner Seite läuft (sogar Spam Karma 2) muss ich mir keine Gedanken mehr um dumme Spam-Kommentare machen. Und noch besser: Ich muss nicht mal eines moderieren. SK2 regelt alles automatisch und macht einen Super-Job dabei. [...]
[...] El�rkezett az id�, hogy az 1.5beta1-es WordPress-t lecser�ljem az 1.5.1.3-ra. Beizz�tottam a Spam Karamba nev� alkalmaz�s. R�g�ta szeretn�m magyaros�tani az admin fel�letet is. A probl�ma ott kezd�d�tt, hogy az �kezetes bet�k helyett “?” jelentek meg. �rtam a ford�t�nak S�veg G�bornak. Sajnos seg�teni nem tudott �rdemben. �rtam a sr�cnak aki karbantartja a szervert (egy�bk�nt FreeBSD), h�tha valami locale probl�ma, amin a kiwi.hu megy, de � sem tudott seg�teni. Most belefutottam egy �j ford�t�sba, gondoltam majd ezzel. De ezzel sem megy. Most egy nagyon egyszer� m�dszert eszeltem ki. A ford�t�sba a “po” fileban kicser�lem az �kezetes karaktereket �kezet n�lk�lire… Tudom h�lyegyerek m�dszer, de m�k�dik. [...]
[...] There is also a button stating “SK2 Protected.” I installed a plugin on WordPress that filters all my spam and such forth. Now, if you leave a comment with more than 5 (can be changed to anything) links, it will take that comment as spam and remove it. It has much more abilities like, blacklisting IP, domain names, etc. [...]
[...] nervously i am turning comments back on. spam karma 2 has been catching all the trackback spam, so i’m going to try it out on the regular comment spam. crossing fingers, knocking wood, and steadfastly refusing to walk in front of my black cat. [...]
[...] stupid spammers. [...]
[...] Instead, I’ve installed a new-fangled WordPress plugin called Spam Karma 2. It’s an extremely complex, but hopefully effective, spam management solution. I’ve already seen it eat several dozen spams, so I know it works. One of the things that sold me is that the author claims the program throws virtually no false-positives. We’ll see about that. Let me know if your comment gets eaten. [...]
[...] Okay, die Trackback-Spammer haben neue Scripte, die nun auch bei WP 1.5x wirken. Da ich (wegen des Pflegeaufwands) kein Freund von Blacklisten bin und auch nicht Systemdateien umbenennen möchte (wegen künftiger Upgrades), habe ich mich nach einem Plugin umgeschaut, das sich schon auf die neuen Spam-Scripts eingestellt hat – TB Spam Blocker 1.1.0 könnte die Lösung sein. Mal schauen [...]
[...] De paso he aprovechado para limpiar un poco las bases de datos y actualizar el Spam Karma (0 clics) que alcanza su versión 2.0 final. Tengo pensado mirar el tema de reactivar el wp-caché pero no me quiero arriesgar por los múltiples problemas que me puede dar. Investigaré un poco. [...]
[...] Sorry. Bloody vikings. At any rate, I have two completely invaluable tools to thank for this happy state of affairs: Spam Karma 2.0 and , both created by Dr. Dave. If you use WordPress, absolutely MUST install these two utilities at your earliest convenience – this means you, Tommy. When I first installed it, I used to get near daily e-mails telling me what spammers had attempted to post on my site. It caught them, and saved them for me to peruse at my leisure, so I could decide whether to keep them or dump them. [...]
Spam Karma 2 Final Released!
Woe to comment spammers everywhere—Dr Dave has released Spam Karma 2 final.
…
[...] After being flooded with 3,000 comment spams while I was away for my father in law’s funeral, I installed Spam Karma 2 (thanks, Kate). So far it seems to be working on my end. Drop me a line if anything strange happens. [...]
[...] If you’re running WordPress, run – don’t walk – and install Spam Karma 2. Best spam killer I’ve ever seen. And it’s transparent – no captcha’s or false-turing-test-attempts involved at all. It’s a work of art. Shared blacklists. Regular expression matching for blocked comments/trackbacks. And way more. [...]
[...] Know more about the creator of Spam Karma and the plugin itself, go here! [...]
[...] Last night we went out to Shinjuku to meet with Ritsu’s old school friend Utako and with Dave, an online pal who wrote the spamfilter I am using for this blog, which also got him into the Fiji Times. [...]