WordPress Plug-in Sought

I have a WordPress problem, and I’m hoping someone can point me at a plug-in that will help. If not, perhaps I’ll take a crack at it myself.

Like most bloggers, I use comment moderation to help prevent spam (along with Akismet, which does alot of the heavy lifting). I’m also using the option “Comment author must have a previously approved comment”. This option allows comments to bypass moderation if the commenter has a previously approved comment. In general, I prefer this approach – there are certainly some of you who comment here from time to time, and I’d rather your comments go live straightaway rather than wait on me to moderate. On the other hand, I’ve got about 10 comments right now awaiting moderation, because they aren’t really spam, but I don’t want to give the commenter a free pass to comment in the future. For example, my Ubuntu drive mounting tutorial draws a lot of thank-you comments, and many of them are very brief- they could be legit, or they could be someone trying to get me to approve one comment, so they can spam freely.

So what I want – I’d like an option on the Moderation Queue screen to approve a comment without “approving the commenter” so to speak. Anyone know of a plugin to accomplish this?

The Other Canned Meat

Back in June (when this site was still running on Blosxom), I disabled comments because of the amount of comment spam I was receiving. Over the course of several years I built a number of anti-spam measures into my Blosxom install, but without a moderation feature, I could only respond to spam that got past my tests by cleaning it up after the fact. Eventually, it was just too much.

When I switched to WordPress in late August, I reenabled comments, because WordPress offers comment moderation. I even added the following note to my comment form:

Hey Spammers! Comments are Moderated, so please save us both some time and move along. No matter how many you send, they’ll never show up. Really.

To the best of my knowledge, not a single spam has made it through- but not for a lack of trying. On an average day, I probably moderate 50 or so spam attempts. On an average day, I probably get <1 real comment.

Nearly three years ago, Mark Pilgrim posted a warning to those trying to develop anti-spam measures. Some folks criticized him for being too pessimistic, but he was dead on. From that post:

Spammers are smart and determined, and people are numerous and stupid, and spam pays. You can’t make it not pay. Going after their ISPs won’t help; they’ll auto-register somewhere else. (Already happening.) Going after their upstream provider won’t help; they’ll cut deals with the backbone providers and keep going. (Already happening.) Going after them in court won’t help; they’re already living under friendly governments. (Already happening.) You can’t stop them with Turing tests; they’ll hire child workers to read your images and manually register/post/ping/trackback/whatever. (Already happening.) Then they’ll attack you with the power of 100 million owned Windows boxes and knock you off the Internet. (Already happening.) They will keep coming and coming and coming until you give up, go home, cry uncle, take Prozac, get a regular day job to replace the one you quit when being an anti-spammer became your full-time job.

And they have kept coming and coming. I often get several copies of the same spam commented on the same post, each using a different method of encoding links: one with html <a> tags, one with wiki-like [brackets], and one with raw link text. Why bothering to figure out what kind of comment system you’re targeting when your automated spam-bot and cover every contingency, shotgun-style?

A couple of days ago, I got one that almost slipped past me. The following comment was left on this post about mounting an OS X partition from Ubuntu:

heyas all. my 40 gig drive is going to good use now. I have installed UBUNTU and have ordered KUBUNTU. I dont know how to install the driver for my ati radeon 9600xt. Actually i dont know if i am meant to be downloading and installing XFREE86 or the XORG version of the driver. I am downloading them both but i dont know how to do anything in Linux really. I dont know where I am meant to set up my modem or set up a net account. (no INETWIZ.EXE) So yeah, can someone help me out with getting my ATI driver installed? and does anyone know of a good long PDF file i can read and wrap my brain around. I’m still a Windows user, but I want to use Linux as much as possible. Thanks. :)

At first glance, it looks like a typical cry for free tech support, only tangentialy related to the topic at hand, as seen on many a help forum and blog comment feed. If it were legitimate, I’d allow it, even though I expect no one to help. But I’ve learned that not every spam contains a link in the body text, so I always check the link to the commenter’s web site. The site address was http://camera-digital.us, which looks like the kind of hokey “every variation on a theme” URLs that spammers and affiliate sites use. Even more curious, the authors email address was for the digital-camera.com domain- similar but different.

So I tried a google search for a line of text from the comment. The first three matches are blog posts with the exact same comment posted. In a couple cases, they actual comment was showing up in a Recent Comments list on the side of the page, but the original post that drew the comment was actually about Ubuntu.

So what’s the point of this post? None exactly- just like Mark’s post above, I don’t have a solution. I only know that the problem is getting worse.