WPDude not only impressed me with his considerable technical prowess, but also with his integrity and commitment. He really is a pleasure to work with.
Continue Reading »
Your WordPress Coach
Client Testimonials
Ben White – itsfyionline.com
Thank you for making this such an easy experience to move to WordPress from TypePad. I found it much easier for you to get me going for a small fee than spend hours trying to go through the WordPress codex.
Continue Reading »Rich Usini – imwithrich.com
A couple of weeks ago, I was at my wits end. My blog posts were not showing up in Firefox and I needed help, more than you can imagine. None of the tech people that I know good provide me real assistance so, I used my good friend Google. I found WordPress Dude, Neil Matthews. [...]
Continue Reading »Jason Lane – housingcrashhub.com
Neil, I just wanted to say thanks for going above and beyond my expectations with our wordpress consultation the other day. You not only fixed my screw ups, but you also showed me where I was going wrong and how to properly operate the new blog template on a day-to day basis, as well as [...]
Continue Reading »Mike Bluestone – missionpossibledp.com
I must say that Neil AKA WP Dude is customer service oriented and commited to building a strong and honorable relationship with his clients. I’m far from tech savy and was in need of assistance with updating my version of word press. WP Dude went above and beyond the necessary, by updating all of my [...]
Continue Reading »Yvonne Kraft – www.designkitchenideas.com
After spending 3 months setting up my new site I was stuck on the last details to get the site up and running. I was thrilled to find Neil Matthews who took care of the technical stuff to make my site work better so I did not have to spend another 3 months learning things [...]
Continue Reading »
CASE STUDY: When Comment Spam Bots Kill
Gather round the camp fire kids, I have a scary tale to tell. It’s a story from a sci-fi nightmare of crazed bots running amok in the blogosphere. I call the story “When Comment Spam Bots Kill” .. da-da dahhhhh!
I was working with a client recently who’s WordPress blog was killed by comment spam. I thought I would write it up and give you some tips to stop this happening to other blogs.
The Problem
My clients database was stuffed full of comments, when I looked at the issue there were more than 140K comments in the moderation queue. This was exacerbated by a plugin called BAStats which was creating log entries for all activity, this table had over 1 million entries.
The blog was running on a standard hosting installation the database was just too big and cumbersome. As as result whenever anyone tried to access the front end, they were timed out, a database connection could not be made, and if anyone tried to access the backend dashboard the same happened, the blog was unreadable from the fron end and unmanageable from the back end, a pretty pickle to be in.
A review of the comments from the backend database showed them to be comment spam, someone was running a comment spam bot to inject huge numbers of spammy links into the system.
phpMyAdmin
I am going to talk about phpMyAdmin and modifying backend database a lot in this post, so I thought a quick note on phpMyAdmin was in order.
phpMyAdmin is a MYSQL admin tool which allows you to perform functions on your database. You will probably find this on your hosting control panel.
This is a GUI tool which allows you to tweak your database, it is not for the faint hearted, you can do real damage if you don’t know what you are doing, you have been warned!
The Solution
I disabled the BAstats plugin by renaming all of the php files , I could not do this from the back end because I could not log in. Using my ftp client I navigated to the plugin directory and manually renamed the php files so they were not called. This stopped the stats package from working and reduced load on the database a little giving me some breathing space.
The next step is a little radical, but it was all I could do, and that was to delete all comments in the moderation queue. First I made a backup of the table wp_{prefix}_comments, then ran the following SQL command from within phpMyAdmin.
delete from wp_{prefix}_comments where comment_approved=0
This is a radical approach which will delete all comments held in the moderation queue regardless of whether they are spam or ham (good comments). My client felt is best to start a-fresh with no comments held for moderation. The query removed all of the comments held for moderation.
As a final step I also disabled comments on the blog temporarily to prevent further comment injection.
Preventative Measures
That fixed the problem, the front and back end were now accessible, but I felt preventative measures were in order to stop the issue re-occuring. I delved into the backend.
The route cause of the problem was that spam capture was disabled. Akismet was not automatically deleting and spamming comments. I re-enabled this and ran the “check for spam” routine, another couple of hundred approved comments were spammed.
Do you remember I said that I disabled commenting, spam comments were still coming in! My client was running an old version of WP and I suspected that a spam bot script was pushing comments into a WordPress vulnerability or plugin loophole, my recommendation to my client was to upgrade to the latest stable version of WordPress and to download and reapply the plugins they used only from legitimate sources, in the hope of sealing teh vulnerability. This is in progress.
Your Reputation Is In Danger
There is a long term danger if you do not moderate your comments well, and that is loss of reputation through your page rank. Your site will be demoted and traffic may dry up.
A real life analogy is if you start hanging with the dangerous kids at school smoking, taking drugs and bullying kids, you will be marked as one of these type pf people. The same goes if you give out a link to a dodgy site, you are seen as giving them an endorsement and your site is marked down.
Wrapping Up
Moderate brutally, keep your comment spam plugins in place, tighten up your moderation policy and give my posts on comment spam a read: What is Comment Spam and How To Control Your WordPress Comment Spam
Leave a Reply
Trackback URL
http://wpdude.com/case-study-comment-spam-kill/trackback/
Great post and info! I think most people take action based on where they are now with little or no plan for scaling. As their blog grows, they usually forget to go back and fix the holes; your client is an example of what happens when that happens.
[Reply]