inexplicable commenrt spam

I’m going to guess that they’ve seen what a WP comment post looks like and are just forming their own page to lob ’em in at you. Probably scripted since they don’t look at the post to see that comments are turned off.

That’s my guess at any rate. But crafting up a simple form post is pretty straightforward.

The above response doesn’t seem to take into account the fact that I am only getting comment spam for *two* entries out of hundereds.
It’s not very helpful.

I am trying to remain as objective as possible about the support forums and support in general for work press, but the reality is that there are very few people here who know what they are talking about and even less who actually can be bothered to help.

Previous poster gave you correct hint, you just don’t bother to think carefully. They used your submit page directly

Well, as a guy who tries to stop by and help others every now and then, I reckon I’ve been put in my place!

Sorry, yaksox. Didn’t mean to let you down.

Look, I’m just saying, don’t assume me or others know all the technical terms. I don’t know what a submit page is. Is there another file I should delete from my WP-admin folder?

here I made an effort to explain something to a newbie in a clear, simple way. That’s really all I’m asking.

yaksox, what the people above mean, is the spammers are accessing the wp-comments-post.php form directly. It’s a classic tactic of spambots. They don’t go to your blog, they just use a crawler or whatever to find wordpress (or blogger, or MT, etc) blogs and trigger the comment forms.

Even though you have comments turned off and stripped the comments link, all the spammers need is the post-id, they trigger the wp-comments-post.php script with that id and it shows up in your moderation list.

One way to fool them for a while is to change the filename of wp-comments-post.php to something else, but they’ll eventually find the script anyway.

“…but they’ll eventually find the script anyway.”

actually they wont, in the op’s case, as he has comments turned off. Read.

One better is to just rename the file to wp-comments.php-jhkjh (in case you ever decide to re-enenable comments) or delete it all-together (if youre never going to alow comments, even then if you changed your mind, you could redownload the zip)

Doesn’t the fact that, they can access the file directly and insert their spam bother anyone but me? It certainly seems like an exploit to me, as it is bypassing the options in place on the site. Anyone know of a way to fix this directly without “renaming” files constantly, or disabling comments all together? And I don’t think disabling them does the trick either.