You know you’ve hit the big time when you’re under a comment Spam attack. Luckily I had Akismet installed, which caught pretty much all of them.
The Symptoms
For the past few days, I’ve been unable to log in to my back-end. The front-end was fine, so I wasn’t too worried about it.
Finally, I was able to log in, but it was very sluggish. I took a look at my comments queue and gasped. There were over 48,000 spam comments sitting in there. I was like, “No wonder!”
To put things in perspective, here is a screenshot. Look at December’s stats compared to January.

Reasons for the spam?
I honestly have no idea where all this extra spam came from. I recently got re-upgraded to a Google PR6. I’m not sure if that had anything to do with it.
Also, I pissed off a few people in December by blocking their comments (perhaps some retaliation?).
When I say in my comment form to use your “Real Name”, I mean it. My spam tolerance is pretty much zero these days.
Tools to combat comment spam
Here are the three tools that got me through my spam attack with little effect on those visiting the main site:
- Akismet – Awesome at filtering out spammy comments
- NoSpamNX (German) – Great at stopping spam bots. I imagine I would’ve gotten much more spam without this plugin.
- Ajax Edit Comments – Yes, this is a plugin I wrote, but it has an awesome Blacklist feature that I use all the time.
16 thoughts on “Uber Spam Attack, Oh My!”
Hey Ronald,
48.000 Spam comments? That’s really bad!
I use NoSpamNX, too. I’m very successful
by *blocking* spam comments instead of declaring
them as spam.
If your referer check works fine (and I’ve got problems
only on WP MU installations), than try to block the
comments directly.
Good luck,
Dennis
Dennis,
I had blocking off, but I have since turned it on as of yesterday.
I also configured Akismet to automatically delete spam comments on posts older than 30 days.
It’s just crazy that this happened all of a sudden.
Oh, and 48,000 is just what I had sitting there at the moment. In all of January, I’ve received close to 200,000 spam comments. Compare that to December where I had about 20,000.
> I had blocking off, but I have since turned it on as of yesterday.
That will help a lot!
I have never seen a comment marked as spam by NoSpamNX which wasn’t spam. So I decided to turn the “blocking” on and the automatic spam was nearly gone. Even without activating Akismet.
But 200,000 spam comments in 3 weeks is really sick. Over 90% of emails are spam today. Maybe blog comments have reached a similar ratio now.
Btw, AFAIKs link is very interesting, too. Thanks.
Akismet is the tool for spammers
http://goo.gl/tmSsY
I learned that spam is pretty much a “roll of the dice” but once they have a IP or web address that seems to receive spam OK they really turn up the volume.
I also used akismet to block all those useless spam comment on my blog. And your correct, most people blocking their comments perhaps maybe of some retaliation.That is why all of my comments are all moderated as well
Gabriel,
I don’t mark people as spam just because they pissed me off. If that were the case, 90% of the comments on this site would be marked as spam 😀
If I think it’s spam, I mark it as spam. If it violates my comment policy, it’s marked as spam.
I also have comment moderation turned off here. I hate visiting sites where I leave a comment and have no idea if my comment has been (or will be) posted or not.
Akismet for me is a nice backup. But lately, as evidenced by the heavy influx of spam, it has been a literal blog saver. I can’t imagine manually deleting 200,000 comments, trying to figure out myself if they were spam or not.
Most of them would use an automated tool to do this but 48K of spam probably would bring my system down.
Wow that is an amazing amount of spam. No wonder you could not get into your backend. I have spent hours going through spam.
Wow! That is a lot of spam. I am a newbie in blogging and wordpress. I always delete akismet because I thought it’s useless just like ‘Hello Dolly’. I only use WP captcha anti-spam. Thanks for the write Ronalfy.
It’s crazy! My blog was so spammed, I had to close it becease of the bandwidth usage.
Yeah, luckily for me a friend of mine hosts this website and he didn’t scream at me too much 😀
Sorry to hear that. PR6 is definitively going to attract the spammer/crazy link builder abuser.
I wonder if you have been referenced on a ‘do follow’ directory or something like this.
Congrats on PR6 BTW 🙂
I always joke to myself that I know my blogs have been indexed when I start getting spam. 🙂 I use Akismet and it does a great job, but some get through anyways. I bet whats happened is that someone found your blog to be a PR6 and put it on some list.
Good Luck! Jen
I have been getting slammed lately too. Good thing for akismet