This blog is powered by WordPress and is using Akismet plugin to detect and block spam comments. I’ve used Spam Karma 2 (SK2) before which is probably outdated by now and it really slows the blog down. Then I switched to a paid plugin called Comment Guard Pro developed by Taragana which is lighter than SK2 but it’s pretty aggressive as well in combating against comment spam. What I didn’t like about it is if the user has entered the wrong CAPTCHA code, the comment that the user typed is all gone. The plugin is encrypted and there is no way I can make any changes other than requesting them for help. I finally ditched Comment Guard Pro and used the good old Akismet.
Akismet is very light and the detection is nearly perfect achieving over 99% of an overall accurate rate. This blog is being hit by an average of 1000 comment spams per day and it manage to block them from being posted in the first place. It misses a few spams and also sometimes wrongly flags a genuine comment as spam but its no big deal since I check the pending and spam comments every day. Recently this blog has been hit by Russian comment spammers and Akismet misses all of them.
I upgraded my Akismet API Key to a commercial one to have higher priority over free ones, service is faster and more reliable and no traffic limits or throttles. Sadly the Russian comment spams are not detected.
The Russian comment spam normally does not have any link on the message and the whole message are in Russian. The URL will be filled with a link to the site where they are trying to spam. I’ve done a reverse IP lookup using DomainTools and found that there are a few thousands of domains and hosted on different servers. So far I’ve recorded a total of 210 and the spams are still coming in. Blocking the URL is not good enough because I have only 210 and I know there are thousands of them which are not blocked.
I noticed that they are always using the .ru email address to post the comment. Instead of installing another anti-spamming plugin, I am trying to keep it simply by using the WordPress core to block the spams. Log in to your Woprdpress Admin, go to Settings > Discussion. At the Comment Blacklist, you can fill in any word and when a comment contains any of these words in its content, name, URL, e-mail, or IP, it will be marked as spam.
If you want to mark all russian emails as spam, simple enter “.ru” without the quotes in the comment blacklist and click Save Changes. I have analyzed their comment spams for a few weeks already and it seemed like they are always using the same email service such as qip, rambler, yandex… If you only want to block the Russian comment spammers, use the list below. That should auto move all the Russian comment spams into the Spam area.
@qip.ru
@list.ru
@rambler.ru
@ukr.net
@mail.ru
@yandex.ru
If you don’t mind making your readers typing captcha code, you might want to consider WP-reCAPTCHA plugin because it is hard to crack since the text are randomly distorted and the words are being scanned from old books which cannot be recognized by OCR.
The blocking of Russian domains could be a bit aggressive because some legitimate users that left a comment could be using one of the Russian emails. Make sure you remove the blacklist once you noticed that the spammers have gave up spamming your comment form.