Fahim

WPBlacklist does allow you to auto-delete the spam identified as comments – you just have to turn on the correct options … at least, if you are using the current version 2.6.x. As for receiving the e-mail about the spam even when you have comment e-mails turned off, do you have the moderation notification turned off as well? Otherwise, it might be the moderation notification you’re receiving instead of the comment notification.

Yes, you can delete wpblacklist-install.php if you want but it does no harm to keep it either since it’s not destructive. All it does when you run it is to create the blacklist table *if it does not exist* and do some upgrade routines.

It probably was caused either by a blank line (which problem is hopefully fixed in the latest release – WPBlacklist 2.6.1) or because somebody tested the comments blacklisting harvesting and had their own IP added to the blacklist. These are the most two common cases :p

A fairly effective method seems to be to change your wp-comments-post.php file name to something else (as well as change the comments form input names as well) and then change (I think two) core WP files to allow for the changes you made. Since I’ve done that, the amount of spam I get has been reduced drastically. Then of course, you can rely on a blacklist as your second line of defence. Which is what I do – but I’ve also put a spider trap in the middle to catch any spiders which still try to use the old wp-comments-post.php file and ban their IPs.

Oh yes, I’ve found the RBL feature in the new releases of WPBlacklist to be fairly effective. I have bl.spamcop.net and sbl-xbl.spamhaus.org added to my blacklist as RBL entries and they have caught quite a few comment spammers who escaped the other items on the blacklist. Hopefully, this helps some others too ??

Thanks for the mention podz ?? It should be https://sm.farook.org/files/WPBlacklist26.zip now though. There is one annoying bug in WPBlacklist 2.6 – I have a require line in the blacklist-install.php file which goes something like “require_once(‘/wp-include/wpblfunctions.php’);” and the first slash causes problems if your WP installation is not in the root folder of your site. So that should be changed to “require_once(‘wp-include/wpblfunctions.php’);”. A bug fix 2.6.1 release is on the way but it includes a few other changes as well and I haven’t had the time to test them yet ??

The error was probably due to an unescaped slash in a regular expression entered into the blacklist. This has been a problem which has been cropping on and off with WPBlacklist since I hadn’t totally plugged all the holes. Hopefully, WPBlacklist 2.6 solves the problem since I think I’ve covered all the places where an unescaped slash could be inserted into the blacklist.

Nope, the WPBlacklist 1.22 is an older version … the correct URL for 2.6 is https://sm.farook.org/files/WPBlacklist26.zip
As for people keeping on injecting spam, I don’t know what you mean by “injecting” – do you mean that he gets through the blacklists/moderation or just that he keeps on posting spam?

One option would be to use WPBlacklist (https://sm.farok.org/files/WPBlacklist26.zip) and enable auto-deletion of comments marked as spam and enable the spam info harvesting option as well. I’ve found this to work pretty well on my site since most of the poker stuff gets held anyway since it’s already in the blacklist and if the same guy comes back with something else later, his IP has been harvested and added to the blacklist and so he gets stopped again even if he used a different URL/comment. But then again, I’m biased when it comes to WPBlacklist :p

I write a tool which works with WordPress called Blog but I’m afraid it doesn’t support categories – but it does support posting to multiple blogs and it definitely supports WP because I have one WP blog to which I post daily using it. However, the release with WP support is not out publicly since it has one major bug for which I’m expecting the developer of one of the components that I’m using to release a fix any day now. As soon as that fix is out, the public release will be there ?? You can find more information on Bl0g at: https://www.farook.org/Blog.htm

Ugh … my bad! Sorry, forgot to include the readme file :p I’ve added it and have re-uploaded the file – thanks for catching that one and letting me know!

The instructions are in the included readme file inside the ZIP file :p

Or you can use a different blacklist option which doesn’t involve so much work in editing files if you aren’t up to it. A suggestion would be to use WPBlacklist – you can get the latest from here https://sm.farook.org/files/WPBlacklist122.zip :p

LOL. Yeah, I figured he probably does but it’s been probably a week since I e-mailed him and so I thought I’d post it here. The example code is actually in the latest release of my WPBlacklist plugin – or rather in the readme.txt file :p If somebody is interested, you can download the zip file from https://sm.farook.org/files/WPBlacklist122.zip to get at the readme. I didn’t know where else to post this since while I do development, I am not that involved in WP stuff. So didn’t even know about the hacker’s mailing list – guess I’d better go try to find it ??

Should have searched before I posted that one :p Yeah, it does look as if the spammers are all targeting WP now though, doesn’t it?