Fahim

They don’t look for posts or rather published posts – some of the bots seems to just start at post ID 1 and continue on … so they got your draft posts because they were within the correct ID range :p These bots do not access an entry page and somehow fill in the comment fields and hit the submit button – they send the comment information directly to the WP script which processes the comment information. Which is why there doesn’t have to be a published comment for them to spam it – just as long as the comment is in the database, it is enough …

Maybe a silly question but are you sure these are posts and not comments?

They aren’t actually auto-filling the form :p They are sending a POST command with the correct variable names and the values for those variables to the script specified in the comments form to handle form input. Renaming the script file (and changing the two WP core files which also called the same file) and changing variable names seemed to work fine for a while. But all of yesterday, I kept on getting spam comments at the rate of like 1 a minute – so either somebody has written a new, smarter script or somebody sat down and figured out my changes manually just for me :p

onethumb: WPBlacklist doesn’t depend just on IP banning to stop spammers -it depends on a list of URLs and regular expressions. These are the key even more so than IPs. While a spammer can spam from many different IPs, the content (or at least the URLs) in his spam has to remain the same – at least for each particular brand of spam. So you keep on building a list of URLs – like online-poker.com and so on and that is how you stop the spam.

davezor: That sounds extremely weird. Do you want to mail me off-list with your site URL (my e-mail addy is at the top of my site – which can be accessed by clicking on my name on the right) so that I can take a look?

davezor: Does your blacklist include the poker guy’s URL? If it does and you still get comments from him, then you either haven’t activated WPBlacklist or you have things going to the moderation queue and you think that comments have been posted when they are only in the moderation queue – the ones in the moderation queue are in a slightly different colour ??

The error is due to a URL or something which probably had gotten into your blacklist which has a / in it and is not escaped by a preceding \ to make it regex safe. This is a problem which has plagued WPBlacklist for a while. The latest release, WPBlacklist 2.61 hopefully has taken care of these problems finally. You will need to go through your blacklist table and get rid of the offending entry manually or drop all your entries in the blacklist table and reimport them from Jay Allen’s central list before the errors would go away though.

Are you by any chance trying to install WPBlacklist 2.6? If so, that is a known error in that distribution. A fix for that problem (and a few others) is included in the WPBlacklist 2.61 release. Please try the new release and you should be fine.

The reason I left 1 and 2 vague was because I didn’t know your level of competency with PHP. If you don’t know PHP enough, you probably shouldn’t mess with it since now, you at least have a working system – and the spam can be gotten rid of in other ways … such as following step 4 ??
If you install WPBlacklist, it gives you several options – one of which is to search your existing comments based on your blacklist. Once you do that, you can select the comments which are spam from the ones the plugin pulls up based on the search and delete them. You can also set WPBlacklist to automatically delete comments and to e-mail you with a copy of the comments it deleted if you are not comfortable with not knowing what was automatically deleted. Hope some of that at least, helps ??

Petri: Most spambots are dumb but not all :p I’ve been using a renamed wp-comments-post.php file for weeks now and I still do get some spam – even from the dreaded poker spammer. The trick is to use a combination of methods so that you are covered on one front even if they get through on another ….

Brian: Install WPBlacklist 2.61 – it allows you to specify which type of comments that get on the moderation queue should be automatically deleted – just those matching the comment author’s IP or e-mail or site URL or those match anything in the comment body. Heck, you can even tell the plugin to delete comments put into moderation by an external source – like the WP core for having more than a specific number of links in the comment body. You can get the plugin from https://sm.farook.org/files/WPBlacklist261.zip

The renaming trick works for most of the spam robots – as long as you remember to delete wp-comments-post.php off your server too as somebody mentioned :p There are however, a few robots out there which seem to parse the entire index.php file to find what the comments file name is, I’ve also changed the comment form variables but still a few get through probably because the robot parses the comments form and gets the variable names too. So, as somebody mentioned, this is like the cold war where you have to adapt to constantly keep ahead of the spammers. A combination of methods is the best way to go – I mentioned the combination I use in a different thread here: https://www.ads-software.com/support/3/15232

There is no way to not make it worse since the spam itself is not under your contorl :p As most of us have found it, the spam does keep on coming but you can do a few things to make it being an annoyance. Some of these things however will depend on your level of competency with PHP and server-side mucking around …
1. Change the variable names used for the comment post form in wp-comments-post.php and modify any other relevant files which use those variables.
2. Change the name of the wp-comments-post.php file and modify the two other core WP files which point to this file to use the new name.
3. Implement a spider trap as mentioned in this blog entry so that any spider looking for wp-comments-post.php (which should be renamed by now – if not, don’t do this) gets banned.
4. Install WPBlacklist and set it to automatically delete comments which get marked as spam.
Once you do all of the above, you’ll find that while you’ll continue to get spam, it is no longer as much of a nuisance since it is all taken care of by the system :p

Bhanu, the spammers look for sites which are highly ranked on search engines etc. Since your site caters, as you say, to a niche market, it probably ranks very highly on certain search engines for particular terms. This might be why they keep on hitting your site. And these are not people but automated robot scripts which when they find a good site, keep on hammering that site with spam comments. The only thing you can do is add effective preventive measures – this is a problem you face with almost any popular blogging software that many people use and is open sourced.
One sugestion that I have for you is to use the WPBlacklist plugin. It will automatically delete comments identified as spam and at the same time, add the details from those comments, so updating your blacklist and making it more effective. However, you will need to do some work before you can get a plugin working effectively. If you want to download it, you can get it from https://sm.farook.org/files/WPBlacklist261.zip

Are you by any chance running an older version of WPBlacklist (like 1.2 or 1.21) or another blacklisting plugin as well? The old WPBlacklist had a bug in that it wouldn’t notice a “hold” on a comment made by the WP core and would approve it if the comment passed the blacklist. If you are using WPBlacklist, then get the latest one from here: https://sm.farook.org/files/WPBlacklist261.zip