Hey guys, I use Wordpress for my blog, and I get quite a bit of comment spam. WP has a system that will hold messages in queue before posting if they reek of spam, but I wanted to just block them from the get-go. There are many plug-ins around, but being the nerd I am, I wanted to create something of my own. So I just wrote some code that generates 2 random numbers then asks the person for the sum of those numbers. If there is not a correct answer, it's supposed to kill the program. It works fine when I test it myself but I see I'm still getting spam in my queue. What am I missing about spambots that allows them to bypass my required field? Incidentally, when I disable the queue, it allows them all to be posted without passing my random addition test.

Any thoughts?

Is it at all possible that a bot could possibly just do the math? 2+2=4
Is it posting to new or old entries - is it possible you are having remote posting issues?
Perhaps you might zing something into there to encode the math problem so that it's only readable to the visible eye...and, bots don't do javascript do they (you might toss in something with js to mix things up on them).

I close comments within 2 weeks and make sure that when they are closed nothing (remote post) can get through. Not ever allowing them to start is big. I haven't had a spam in my hacked together system in 1.5 years...fingers crossed. ;)

Don't use text. Use images for the numbers :)

Elizabeth: I'm feeling your pain on this one, lately. I just had to turn off commenting for now until I find a better spam module for Drupal, or have time to write my own :/

Wish I could help, but I'm in the same boat.

E: have you tried out Spam Karma? http://unknowngenius.com/blog/wordpress/spam-karma/

It's highly unlikely that the spam bot does anything vaguely intelligent. It probably found your wordpress installation by scanning, and probably doesn't check the form, just POSTs a known set of fields which will work on some installations.

Therefore, even checking a hidden field containing the word "banana" would fool it.

I suspect that you've put the hook in the wrong place - Wordpress is a steaming pile of cack when it comes to understanding how it works.

Mark

aksimet or askimet...whatever it's called...it's a spam filter thingy majobber that i've heard about that seems to be reliable. haven't used it though...

Noted the other day on PHP General that one blogger said that in every case of comment spam $_SERVER['REMOTE_ADDRESS'] was null. Dunno if that's actually the case, but if it's even close, you might be able to do something with that....

Noted the other day on PHP General that one blogger said that in every case of comment spam $_SERVER['REMOTE_ADDRESS'] was null. Dunno if that's actually the case, but if it's even close, you might be able to do something with that....

Having been in the trenches a couple times fighting off spam I can say that this isn't true...many of them have, it seems, dynamic IP spoofing.