Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
1. 1
Beating Spam On Your WordPress SiteBeating Spam On Your WordPress Site
Vladimir Lasky
http://wpexpert.com.au/
WordCamp Melbourne 2013
2. 2
What is Spam?What is Spam?
Unsolicited and often untargeted electronic
communication
Persistent phenomena due to the extremely low
marginal cost of sending it over the Internet
Even a minuscule response rate from targets
makes it profitable
3. 3
What Do Spammers Want?What Do Spammers Want?
To get recipients of spam emails to purchase
products and services. Common examples:
– “Get Rich Quick” schemes
– Products to enhance reproductive organs or
reproduction process
– Weight loss
To take advantage of the ranking/popularity of
your site to promote theirs
– If your site gets many visitors and/or ranks highly in
search engines, they will receive a portion of your
traffic
4. 4
Why is Spam Evil?Why is Spam Evil?
A parasitic phenomenon
Wastes owners time in dealing with emails and
moderating comments
comments and discussion boards less useful to
website visitors
Search Engines lower the rank of websites that
link to spamblogs and low quality sites
Increases load on web servers and eats through
data transfer and storage quotas
5. 5
Types of SpamTypes of Spam
Types of spam that WordPress site
owners often encounter include:
– WordPress Comment spam
– Trackback spam
– Contact form spam
– Email spam
8. 8
100% Surefire Plan To Prevent Website Spam100% Surefire Plan To Prevent Website Spam
1. Don’t publish your email address
2. Don’t have a contact form on your website
3. Don’t let visitors comment on posts
4. Disable trackbacks/pingbacks
9. 9
Our More Practical Spam Reduction PlanOur More Practical Spam Reduction Plan
Promoting visitor engagement by making it
easy to communicate, comment or provide
feedback
Preventing and Detecting attempts to leave
spam to the best of our ability using free
automated tools wherever possible
10. 10
Know Your EnemyKnow Your Enemy
Spambots
– Automated computer programs running on
servers that trawl the internet and post spam
– The vast bulk of today’s spam
Human Spammers
– People who manually post spam, often are paid to
do this
11. 11
Spambots (Machine-Generated Spam)Spambots (Machine-Generated Spam)
Strengths
– Very fast, can bombard lots of websites in a given
period of time
Weaknesses
– Only can do what they are programmed to do
– Can only adapt to countermeasures by being
reprogrammed
12. 12
Human Spammers (Human-Generated Spam)Human Spammers (Human-Generated Spam)
Strengths
– Humans can adapt and work around many anti-spam
measures
Weaknesses
– Slow – usually must visit websites in a browser
– Expensive for spammers to employ humans
– People employed to spam often have a limited education
and can be tricked using intellectual means
13. 13
Email SpamEmail Spam
Problem:
– Email harvesting robots trawl the net scanning websites for
email addresses, which are then sent spam emails
Common Mitigation:
– Not publishing email address, relying on contact form
Side Effects:
– Not having a visible email address on your website lowers
response rates
14. 14
Comment Form SpamComment Form Spam
Problem:
– Spammers leave comments on posts
Common Mitigation:
1. Not have comments
2. Require comments to be approved before publication
3. Use a CAPTCHA
Side Effects:
1. No participation
2. Reduces participation
3. Moderation time
15. 15
What is a CAPTCHA?What is a CAPTCHA?
A test designed to distinguish between a human visitor
and a bot (computer program).
– E.g. Asking the user to type a distorted randomly picked phrase
contained within an image, difficult for a computer to extract
When used on a web page, normally placed at the
bottom of a form, before the submit button.
16. 16
Should You Use CAPTCHAs?Should You Use CAPTCHAs?
No longer recommend
Legitimate visitors often find image-based
CAPTCHAs hard to read and annoying
Increase hesitation and site abandonment
These types are less annoying:
– Math CAPTCHAs
– Classification CAPTCHAs
17. 17
Pingback/Trackback SpamPingback/Trackback Spam
Pingbacks/Trackbacks are sent to your blog by others that have
linked to one of your posts. These are listed in the comments and
contain the URL of the referring site.
Problem:
– You may receive trackbacks from spam blogs, or even fake
trackbacks that point to an arbitrary website
Common Mitigation:
– Disable Pingbacks/Trackbacks
Side Effects:
– Reduces SEO from legitimate sites
– Lose information about readership of your posts
18. 18
List of Free Anti-Spam WordPress PluginsList of Free Anti-Spam WordPress Plugins
1. Cookies for Comments
2. Bad Behavior
3. Jetpack Comments (part of Jetpack)
4. Simple Trackback Validation with Topsy Blocker
5. Minimum Comment Length
6. Email Address Encoder
19. 19
What About the Akismet Plugin?What About the Akismet Plugin?
Good, but only free for non-commercial sites
20. 20
Plugin: Cookies for CommentsPlugin: Cookies for Comments
Action:
– Reduces comment spam
Mechanism:
1. Each visitor to your site will be issued with a tracking
cookie
2. If they try to leave a comment without having the cookie, it
will be blocked. Most spambots do not accept cookies
3. Option setting: If an attempt is made to leave a comment
without having spent some time on your site, it will be
blocked
21. 21
Plugin: Bad Behavior - IPlugin: Bad Behavior - I
Action:
– Reduces all types of spam
Mechanism (in standalone mode):
– Uses various indicators (e.g. User agent, HTTP headers, contents
of URL) to identify requests from clients that are known to be or
likely to be spambots
– These visitors will receive a 403 Forbidden error message and
won’t be able to see your site
Limitations
– Plugin may not be aware of newly created spambots and could
inadvertently block legitimate search engines on occasion
– Updates should address these issues
22. 22
Plugin: Bad Behavior - IIPlugin: Bad Behavior - II
Mechanism (combined with Project Honey Pot):
1. Project Honey Pot operates a network of websites designed to attract
spammers, in order to record their IP addresses
2. WordPress owner obtains a free http:BL key from Project Honeypot and
configures Bad Behavior to use it
3. Every website visitor will be checked against Project Honey Pot’s
database to see if significant amount of spam has been detected from
their IP
4. If so, Bad Behavior will block them
Limitations:
– Small overhead when checking Honey Pot database
– Spammer must have already spammed the Honey Pot websites
23. 23
Plugin: Jetpack Comments - IPlugin: Jetpack Comments - I
Action
– Indirectly reduces comment spam from spambots
Mechanism
– Replaces your existing comment form with one hosted on
WordPress.com, embedded within HTML iframe
– Most spambots will not find a comment form on your site
24. 24
Plugin: Jetpack Comments - IIPlugin: Jetpack Comments - II
Limitations
– Requires a modern theme that calls the comment_form() function
(introduced in WordPress 3.0)
– Incompatible themes require modification by a PHP developer
– Will change the look of your comment form
Configuration Note
– If using this together with the Bad Behaviour plugin, enable the
Bad Behavior setting:
• Security->Allow form postings from other web sites
25. 25
Plugin: Minimum Comment LengthPlugin: Minimum Comment Length
Action
– Indirectly reduces comment spam
Mechanism
– Rejects comments that are shorter than a specified minimum
length, e.g. 15 characters
– Many spambots/spammers leave a token comment with a URL of
their website
Limitations
– Antispam benefit is small, but also discourages humans from
leaving useless comments like “Great Post!” or “I agree”
26. 26
Plugin: Simple Trackback Validation w/Topsy BlockerPlugin: Simple Trackback Validation w/Topsy Blocker
Action
– Reduces Trackback Spam
Mechanism
– Confirms that the IP address of trackback sender matches
the IP address of the site the trackback URL points to
– Accesses the trackback URL and confirms that the content
contains a link to your post
Limitations
– Some trackback spam will still pass both those tests
27. 27
Plugin: Email Address EncoderPlugin: Email Address Encoder
Action
– Reduces Email Spam
Mechanism
– Encodes email addresses in your WordPress site content
and widgets and into decimal and hexadecimal HTML
entities, foiling the majority of email harvesting spambots
Limitation
– It is possible for a spambot to be developed that can deal
with this sort of encoding
29. 29
Disable User RegistrationsDisable User Registrations
Only authors or members should have accounts on
your site.
In WordPress admin, uncheck the following:
– Settings->General->Anyone can register
30. 30
Authenticate CommentersAuthenticate Commenters
Jetpack Comments and other plugins allow commenters to
authenticate using their facebook, twitter and other social
sharing accounts without requiring an account on your
WordPress site
31. 31
Comment Moderation TipsComment Moderation Tips
Recommend approving comments before they’re
published (if you have the time)
If you have a crowd of regular fans/commenters,
enabling the following will save you time:
– In Settings->Discussion Settings->Before a Comment
appears, check the box “Comment author must have a
previously approved comment”
32. 32
To Disable Pingbacks & TrackbacksTo Disable Pingbacks & Trackbacks
In Settings->Discussion->Default article settings,
unselect the following:
– Allow link notifications from other blogs (pingbacks and
trackbacks)
33. 33
Dealing with Human Email/Contact SpamDealing with Human Email/Contact Spam
Most common human-generated spam is for Search
Engine Optimisation services.
If these are a problem, try the following:
– Publish an email address for SEO and Ranking enquiries
– Have an “SEO/Ranking” department on contact forms
This may help separate those enquiries from all
others
34. 34
ConclusionConclusion
Project Honey Pot:
– http://www.projecthoneypot.org/
– Provides http:BL key to use with Bad Behaviour plugin
– You can also contribute by joining their network of honey pots
Questions and Comments:
– http://wpexpert.com.au/contact-us/