Spam Comment Blocked Count

Hey marcbkk,

I’ll be happy to help you out and answer your question.

No matter the capabilities of the bots, every spam attempt that gets blocked is counted by the plugin.

There’s a good chance that since you’ve been blocking those countries for awhile via .htaccess that they are no longer targeting you…for now. Some spammers track if their spam gets through, and if it does, they hit those sites even harder. When they get shut down consistently they go elsewhere. It could also be that it just goes in waves, and there will be some future increases in attempts. It’s likely that whatever the scenario you’re just at a quiet period in spam attempts right now, hence only 17 spam attempts in 24 hours.

As far as what gets counted, WP-SpamShield counts all spam attempts, including spam comments, spam trackbacks/pingbacks, spam contact form submissions, and spam user registrations. I just added a new FAQ about this earlier today that you may want to check out.

If you’d like to track this and see exactly what has been blocked, feel free to turn on “Blocked Comment Logging Mode” and check out the log after the counter goes up. If you want to see all items logged, included the ones that aren’t blocked, then choose the option “Log All Comments”. More info in the relevant FAQ here.

I hope that helps answer your question.

Thanks! I’m glad you’ve been getting to see what it’s like to have WordPress site without spam. ??

– Scott

All good Scott and thank you for your fast feedback. You are right, maybe I am off the radar for the bots for the moment, maybe it was just the slower bot traffic on the weekend, or maybe just the regular ebs and flows of bot activity. But since the plug-in logs everything it blocks then I should start seeing increased logging numbers from the plug-in in the future. I am surprised the bots didn’t stop targeting me though long before I started blocking countries because even then no spam ever actually made it onto the site. But maybe the spammers just look at successful submissions and never bother to check to see if their garbage actually got onto the site.

Yes, being spam free is a wonderful thing. Spam is so pesky for a site admin. Actually, none of the spam ever really got through, as it was ALL blocked by Akismet and spam boxed anyway, but it just wastes database resources on the site as you know and occasionally as an admin one is tempted to waste some time looking through it all to make sure there aren’t any false positives in the spam box. Now I don’t have to bother with any of that anymore. What a relief. You’ve really made my day.

Also, to be rid of those pesky captchas now that only inconvenience the user experience, and not the bots they are intended for, are all gone now too. So maybe I will also get more real comments now as a result without the captchas.

I am surprised that more people don’t use this plugin and get rid of all their spam and their captchas too, but I guess it is a matter of people knowing about it.

You’re welcome. ??

The spammers can check a few ways…they could check and see if they get an error message (meaning failure) or if they get a comment moderated message, of it just gets accepted and shows up right away.

I hear you…spam is a real pain. Yes, I completely agree…letting spam into the database even to place it in a queue can really bloat the database. That’s one main reason why I didn’t even want to let a comment into the DB until it’s already been checked for spam. I’m glad to help!

Yes, agreed, CAPTCHAS are definitely unfriendly to users. Multiple studies have been done that show they can really hurt your business/site. I’m sure you will get more comments now.

Maybe you can help spread the word by letting your friends know about it! ??

Let me know if you ever need help again. Take care.

Thank you Scott. I agree, better not to let the comment into the database at all until it has already been prechecked for spam. I saw one reviewer on the plug-in complained and only gave it 4 stars as he would still like to see the spam placed in his spam box first instead of it being deleted so that he could check it himself. But doing it that way it goes into the database, which is what Akismet already does and not ideal as we discussed in terms of the database. Especially if you are getting 500-800 per day as I was until recently. So if that is what he wants, then better he stick to Akismet instead.

Anyway, you provide a log file if one wants it, which is good enough. So one could still read the spam that way if they really want to. As for me, I rather not see it at all.

Anyway, I left you a 5 star rating on the plugin with positive feedback. I hope that helps. Best wishes, Marc
https://www.marcschultz.com/blog

Hey Marc,

You’re welcome. I saw that review too. To each their own, I guess. ?? Yes, haha I know right…I had the same thought that they were asking for an Akismet clone. Exactly right on having mass spam submissions. One thing people don’t realize is that, besides having a bloated database slowing down a site, spam can be used as a DDOS attack, so keeping it out of the database is really important.

Thanks so much…I really appreciate the positive feedback and rating.

Take care, and please let me know if you ever need help again.

– Scott

Well do, thanks, much appreciated Scott.

Just as an aside, what are all these spam bots trying to achieve? Just posting links to sell something?

And are the people running these bot scripts get paid by web sites to post this spam? Or are the spammers doing it generally to promote their own sites?

I could never quite work out why these spammers go to so much effort to spam sites with such meaningless garbage.

You got it.

There is a LOT of money in spam. There are a number of reasons why they do it…here are a few of the main ones:

1. To get links to a client site to help them rank better in Google. Although in theory this would only work on sites that use “follow” links instead of the default of “nofollow”. Sites that uses “Dofollow” plugins get hit hard. (There may be a tiny amount of SEO value in “nofollow” links, but not much.) This is done by very low-quality SEO companies. (I hesitate to even call them SEO companies…they’re scammers.) Sometimes it’s not even to actually get better results in Google…it’s just to get a certain number of new inbound links to a site so that when they report to their client each month, they can wow them that they are fulfilling their obligations. If a client doesn’t’ know anything about SEO they will fall for it and think they are actually getting value when they are not. (Then they will wonder after a while why they aren’t doing any better.)
2. To get eyeballs on a webpage for their clients. Even when there isn’t SEO value, there is always value in getting clicks to a page, and getting people to see it, and to potentially purchase whatever product or service is being advertised.
3. SQL Injections on 3rd party sites. There is a fairly new genre of hacks that use a link from your site combined with a search engine crawler (like Google’s) to hack a third site. It involves posting a specially crafted link in a submitted comment. If it gets accepted to the page, when Google (or Yahoo, Bing, etc) crawls the site, and goes to the site in the link, it activates the SQL injection hack (if the site is vulnerable) and then there is no evidence of who actually did it, other than the search engine crawler.

Thank you for explaining further Scott. That is all good info.

What is interesting though is that I have now had the plugin installed for about 3 days and it has only blocked a total of 48 spam messages.

I used to get an average of 500-700 per day as I mentioned.

Do you think this is because of the way in which the plugin works and most spam bots are not even getting through at all now to be able to even post a spam message?

Of course I don’t miss the spam, but just interesting how it has all disappeared.

I guess I could disable the plugin for a day and see what happens as a test too.

You’re welcome.

That would indicate that the spam attempts have gone down.

The way the plugin works would not prevent the spambots from making a spam attempt at all…There’s no “pre-filter” so to speak. It does stop the spam earlier in the comment submission process than a filter like Akismet (ie before it gets to the database), but the comment (or trackback/contact form/registration) attempt does have to be posted to the site for it to process it in the first place.

The only way to stop the spam attempts from even being made is via .htaccess (but as you’ve noticed, there’s a good chance you can limit real users by doing this if you’re not careful), so if you have removed that, then spammers are free to submit. If they get submitted, they get tracked by the plugin, and therefore counted when blocked.

Sure, doing an experiment where you turn it off is the only real way to see how the numbers match up. It’s important to realize that numbers can change daily too.

Thank you Scott. I just decided to disable it for a few days just out of curiosity to see if there is any change and if all the hundreds of spam comments per day do come back for some reason. No harm because Akismet will catch the garbage for the time being. Either way, I will reactivate WP-SpamShield after a few days. Just an experiment.

By the way, I think I read about on spam plugin that adds a hidden checkbox to the comment form which only bots can see and automatically they will check the box when depositing their spam. Since that checkbox doesn’t appear around the comment area for real users when they are leaving a comment, then you can never get a false positive with something like that it seems. So all the bots check the box and the comment gets spammed and removed automatically and the real users are never bothered at all. Pretty neat idea too I thought as it is another way of removing spam behind the scenes without bothering the real site visitor. Are you familiar with that one?

Cheers…

Sounds good. I look forward to hearing about your results.

Yes, I’m very familiar with that concept. In fact, WP-SpamShield incorporates something similar (but a bit more advanced) as one of the many anti-spam techniques it uses.

Thanks Scott. I certainly will let you know in a few days if anything changes. I don’t expect it will, but tests are always fun. Especially when they can cause no harm.

Hey Mark…when you get a chance, I’m curious how your test went.

Sorry for the late reply Scott. The test went fine. The amount of spam didn’t increase when I disabled the plug-in. It kept coming in, but at the same pace. It never went back to 500-700 a day like I was having before. So after a few days I just turned the plug-in back on and all is great again. When I had the plug-in off a few comments were able to get through Akismet, but with your plug-in on nothing every gets through. Outstanding!

No worries. Life gets busy. That sounds about how I guessed it would go…but only way to know for sure is to test it out. ?? Excellent…Thanks for the great feedback!