In addition to blocking the comment spam bots that don’t include a HTTP_REFERER header indicating the request came from your web site, as indicated in a previous posting Fight Back Against WordPress Comment Spam with a HTTP_REFERER Check, additional steps can be taken to combat comment spam. This post will discuss the addition of a nonce field to your comment form that verifies the request came from your web site and not from somewhere else.
There are many search bots, spiders, and content scrapers out in the internet. Some are completely legitimate like Google and Bing; however, there are also many that are overly aggressive or are simply out to scrape content or email addresses from your web site. Analyzing my own web site access log files led me to discover that there are several extremely aggressive bots that are hitting my web site frequently all day, that seem to have no true origin or search engine use and they were causing me some concern.
Do you ever get in the middle of development, or attempting to diagnose a problem on a server, and wish you could just clear out the logs without having to stop your server? I do all the time! As a result, I created a simple jython script that allows me to force a log file rollover on WebSphere Application Server effectively clearing out the current log file, and allowing me to start with a new, fresh log file.
For those that use WordPress, comment spam is a huge problem. There are lot of good ways to combat comment spam, and many plugins that help with the issue; however, they don’t always stop the spammer before they submit the comment, and generally rely on categorization into appropriate areas for further moderation or removal. I decided to leverage the following Apache rewrite directives that take advantage of the HTTP_REFERER header to ensure that comment submissions are actually originating from my web site.
One of the great features that WordPress has to offer its users is revision management. WordPress will automatically create a new revision every time you save a post, or whenever you preview it. For most WordPress installations, controlling revisions will not be required, and they won’t require maintenance. For larger sites, or sites that are very space constrained, you can limit or disable the revision management functionality of WordPress.
