On Comment Guard - WordPress Comment Spam Prevention Plugin

By Angsuman Chakraborty, Gaea News Network
Thursday, January 18, 2007

Yesterday I talked about developing a comment spam prevention plugin with zero false positives. I am currently using it on all of our blogs. Today I want to talk briefly about its origin and goals.

But first here are the stats from my Simple Thoughts blog:

1095 spam comments were blocked by Angsuman’s Comment Guard plugin in 23 hours 46 minutes. 99.094% of the comments you received during this time were spam.

Stats for Anaconda Theme blog:

1982 spam comments were blocked by Angsuman’s Comment Guard plugin in 3 days 10 hours 14 minutes. 99.748% of the comments you received during this time were spam.

As you can see it is quite effective. After I installed the Comment Guard plugin my Akismet queue is empty. I haven’t received any spam comments since. However I have received some valuable comments during this time. I have gained more time to answer to them as I do not have to anymore clean up spam from Moderation queue (used to get around 100 per day from Simple Thoughts blog alone; spams which passed through Akismet queue)

BTW: I did receive a comment in Chinese which was suspiciously small in length and so I suspected it to be spam. However on Google translation I realized it is a valid comment asking me when I would release the next version of Anaconda theme. I am impressed by how much you can write in little space in Chinese. See for yourself here.

Comment Guard is a labor of love more than anything else. It is born out of my strong experiences and pain with handling comment spam in several of my blogs. I respect my readers and will not take them through hoops to post a comment. However I could never find a clean way in numerous plugins I used to completely stop robot / program generated comment spam.

Anti-spam plugins adopt questionable techniques like checking RBL (and other such black hole lists) for identifying spam IP’s. This is plain wrong. Many people, for example, connect from countries like India where ISP’s primarily issue dynamic IP’s. Spam Karma 2 blocks them from posting comment in many cases because the RBL it uses blocks the whole dynamic IP ranges solely because they are dynamic and sometimes because someone from these IP’s have in the past spammed someone. This is something people do not have any control. The usual solutions suggested are contacting the IP to remove these addresses. It is easier said then done. In India ISP’s enjoy near-monopoly (like BSNL) and most often they do not care about their customers, let alone do something at their request. Nowadays some RBL’s have started charging fees for removal! In essence checking RBL is a bad policy. It is only acceptable if you do not care a bit about your readers and what they have to say.

Then there are checking for proxies. Again there are RBL’s which are used to check for open proxies and many of the anti-spam plugin decide to block them. This is a draconian policy. In many countries like China or even Iran people are forced to access web through proxy to get access to most content. Blocking proxies effectively blocks lots of valuable readers.

Plugins like SK 2 makes guesses about user behavior based on the author’s observation which in many cases are wrong. A case in point. I tried to contact a customer who was having problems. I wasn’t able to connect with him via email as it was getting bounced due to mail server error. So I tried posting a comment to his blog. The comment kept getting rejected , most likely because SK2 determines that comments can only be of certain size and no more! So I persisted and tried submitting, without success, with smaller and smaller size. After some attempts SK2 determined I was a spammer and informed me that I was reported to Akismet.

When you go down and dirty with the code you will find tons of such inane assumptions. I can go on whole night about them. The bottomline is I couldn’t trust my blog with SK2 or Bad Behaviour. Even Akismet has lots of false positive issues. However it is better of the three. Even then I was getting over 100 spams in moderation queue for this blog alone. I was going way over my bandwidth and people thought what was I doing all day.

Out of this frustration Comment Guard was born. I am very happy to say that so far it has given me 100% success rate . I am testing it on all my blogs and will continue to do so for about a month, or till I am confident that I have fully tamed the beast. I know that I will be fully happy with this plugin if all it does is stop 100% of spams on my sites only. I would however be happy to enroll beta testers after about a week. So if you would like to test it, let me know.

BTW: If you are a spammer, bring it on baby!

March 3, 2008: 9:11 pm

I am very happy to say that Comment Guard Pro has finally been released. It is feature rich and extremely accurate. Please check it out!

February 2, 2007: 4:48 am

This blog has been updated with the latest version and the problem you reported has been solved.

We will be sending the copies for beta testers soon.


January 24, 2007: 6:35 pm

I’d be happy to beta test it for you.

January 24, 2007: 2:00 pm

Yes, we have started working on it again, adding some features and fixing one bug. I am thinking of a beta release next week.

BTW: You are not the only one. Even James, a frequent commentator on this blog, was also caught by Akismet. These days I am seeing the true performance of Akismet and I am not impressed with its high rate of false positives.

January 24, 2007: 1:19 pm

Yes, I am surprised. I’m an Akismet user myself. AFAIK I’ve never been blocked by them before.

Are you planning to make this plugin available at some point?

January 23, 2007: 8:00 pm

Comment Guard says:

8447 spam comments were blocked by Angsuman’s Comment Guard plugin in 6 days 8 hours 6 minutes. 99.027% of the comments you received during this time were spam.

It looks like comment spammers are getting afraid of spamming me these days :)

January 23, 2007: 7:59 pm

Frankly I want to; but I don’t think it will be prudent at this time. I don’t want to give any information to spammers about a plugin that is so far giving me 100% protection.

The funny thing was that Akismet caught two comments as spam during this time, comments which passed through my plugin. Both of the comments were legit. You would be surprised to know your comment was one of them :)

January 23, 2007: 6:52 pm

Can you discuss the theory/algorithm behind your plugin?

January 21, 2007: 1:57 am

We are still seeing 100% accuracy.
In Comment Guard you too will be able to plug-in your modules.

January 21, 2007: 1:52 am

Found the reason, a simple one really.
We will very soon update the site with the fix. In the meantime you can just refresh the page.

January 21, 2007: 12:14 am

That bug was related to your plugin? It’s still not resolved… Faced it while writing this comment.

January 19, 2007: 9:11 am

Latest stats from this blog:

3134 spam comments were blocked by Angsuman’s Comment Guard plugin in 1 days 21 hours 17 minutes. 99.083% of the comments you received during this time were spam.

January 19, 2007: 8:36 am

Thanks Ajay & AJ. We found the bug too (the message Ajay and you mentioned) and we are working on it.

Thanks AJ for volunteering. I have added you to our list of beta testers.

January 19, 2007: 1:00 am

My blog is being hammered by spam comments of late too (though not as much as yours ;)). I currently use Akismet but it has let in a few comments get past which thankfully were caught in the moderation queue.

I would be glad to try out your plugin and beta test it if you need me to as well :)

Ps. I tried to comment once before this but I got the same error msg as Ajay above.

January 19, 2007: 12:07 am

I got this twice:

Your comment couldn’t be received at this time. You may go back and try to submit the comment again. You may also want to contact the webmaster by email and mention the problem along with few information like your browser and it’s version, your operating system and it’s version, if you are using a firewall or proxy server, and anything else you think is relevant. Thanks.

while commenting.

Regarding Connected Internet, when did you face this problem. He was earlier running Akismet and even I landed in the bin, until I made it switch over to SK2.

The only problem I faced with SK2 so far was too many comments in too short a while. But, I guess the RBL must have kicked in for you.

Anyway, since you’re plugin works even before that it is really good.
Look forward to it :)

January 18, 2007: 10:48 pm

Thanks BigDog for the offer to beta test. I have added you to the list.

January 18, 2007: 10:39 pm

> Are you sure it was SK2 blocking you
Yes. It was on connectedinternet.co.uk server as far as I can remember. SK 2 uses RBL.

Some RBL’s actually blacklist all dynamic IP’s!
RBL’s have truly become a draconian and authoritarian system as some had predicted in their early days.

> Btw, will you plugin be free or paid?
I haven’t decided yet. I will decide it based on the amount of effort we put in. Most of my plugins are free. At this stage of development I can release it for free, however with source code obscured to hinder spammers. However if I decide to include more capabilities to provide more comprehensive coverage from live human spammers, then I may charge a nominal fee.

January 18, 2007: 10:16 pm

Let me know if and when you need testers.

January 18, 2007: 9:38 pm

Are you sure it was SK2 blocking you. I’ve faced no problem with SK2 and RBL. However, I have faced a problem with Bad Behavior and RBL lists.

BSNL is not the only one. All the major and minor ISPs have blacklisted IPs.

Btw, will you plugin be free or paid?

will not be displayed