Site has over 100 pages and 3 of them receiving rampant comment spam. Bizarre!

Support Forms & Blueprints
1

This is very strange, but within a day of my site going live, the comment form on three of the pages began receiving (and thus emailing) bursts of comment spam.

I then set up a recaptcha for the form (tested and works), but these same three pages still get hammered with comment spam.

I unpublished the three pages for 24 hours and all spam stopped. Not a single comment form was filled out for any of the other 100+ pages on the site. I then republished those three pages and within ONE MINUTE they started emailing spam again.

I have cleared the site cache and deleted and re-created the three problematic pages and this has not fixed the problem. I installed analytics software to try and catch an IP address and nothing is caught.

Every comment submitted looks something like this and they get sent out in bursts of 12 messages (meaning each of the three forms gets spammed 4 times all within a minute)…

Name: lJyIOuXSbWRDHa
Email: ross.studio3@gmail.com
Comment: mOgrRZos
: New Exhaust
: /new-exhaust

Name: RNKilLSgF
Email: shaunbinner@gmail.com
Comment: UMmXwWosrhZ
: New Exhaust -- Part 2
: /new-exhaust-part-2

Name: OwfUlkdMPpXKnQj
Email: garrett@usfca.edu
Comment: FHBQbuizTpGEwOLr
: Ball-Joint Exhaust Update
: /ball-joint-exhaust-update

I’ve compared the three pages with numerous other pages on the site and the format of the item.md file for everything is practically identical with only the content being changed.

NOW HERE’S THE REALLY BIZARRE PART!

What do these three pages have in common? They all have the word exhaust in the URL.

https://www.wittmantailwind.com/ball-joint-exhaust-update
https://www.wittmantailwind.com/new-exhaust
https://www.wittmantailwind.com/new-exhaust-part-2

If I change that word exhaust for something else such as XXYYZZ, the spamming has stopped.

FWIW, I’m still using the BetterComments plugin for the comment form at the bottom of every “post”.

2

@Alpha,

It seems the client of the spammer wants its message to be targeted at very specific content to reach a very specific audience…

I wondered what’s so specific about “exhaust” and did a query on Google. I won’t point you at the urban meaning I’ve found. Too graphic…

On a more serious note…

  • How do you know that reCaptcha is working?
  • In my experience, reCaptcha captures only max. 5% of spam, while the rest is caught by using a honeypot.
3

Perhaps, but if you look at the content of the message (above) it’s just random keystroke and no actual message.

There’s a tickbox that’s being displayed on the form so I assumed that means it’s working. There were no further instructions from google other than to insert a couple lines of secret code to install it. Do you have info/advice on improving it?

And FWIW, removing the word exhaust from the URL didn’t end up working. It stopped the spam for about six hours and then it restarted.

4

@Alpha,

Do you have info/advice on improving it?

reCaptcha is only one strategy to prevent spam. Unfortunately, there are more ways to dump spam in a form. A Honeypot is another strategy to prevent spam.

Try to add the honeypot to the form definition in the config file of BetterComments.

5

11 posts were split to a new topic: Adding honeypot to BetterComments crashed site

17

I just realized too that’s taken a new direction and would be better as a new topic.

18

A post was merged into an existing topic: Adding honeypot to BetterComments crashed site