Are you updating the built-in antispam blacklist?

Assuming you keep your antispam table up to date another good trick is to rename your htsrv folder. It's probably the easiest antispam hack out there. Do a forum search for 'rename htsrv' with the username 'whoo' to find it, and don't forget to check the "search for all terms" button. Basically you'll have to change ONE file in your conf folder and the name of the folder on your server.

i'll try the search. thanks.

updating the spamlist doesnt really help.

It does help. It's blocking spam that you never see, so if you weren't updating, then it would be a lot worse. You also need to make sure it's really up to date. Keep clicking the update link until it doesn't get any new results. It can take several clicks sometimes. You can add to the usefulness of the blacklist by getting [url=http://wonderwinds.com/hackblog.php/2005/09/18/antispam_rechecking_dawn]EdB's Antispam Rechecker hack[/url]. It lets you remove spam that's already on your blog and matches the blacklist. I use it with a little modification that let's me update and recheck automatically with a cron job.

The latest release in spam, is spam with no links and no URl
and the only message in the comment is 'Nice site, keep up the good work'

For that kind of spam, the anti-spam list is not working, is it ?

I've had some spam like that. No, the blacklist won't catch it, but that kind of spam doesn't benefit the spammer in any way, either. I suspect that it's like a test run for them. They spam you with the useless stuff, then come back in a week and see if it's still there. If so, they know that you don't keep spam removed, so they hit you with the real thing. I'm guessing here. So, it's worth it to remove that stuff manually.

Offcourse we remove it manually.
because who wants 30 of those comments a day on there blog ?
It's in the way for the real comment.

It means also, that you have to read your own blog at least 3 times a day to keep it comment-spam clean...

personman wrote:

I suspect that it's like a test run for them. They spam you with the useless stuff, then come back in a week and see if it's still there.

rather useless.. why not using the real stuff directly ??
at least then there is 1 time that the link was in it...

Topanga wrote:

rather useless.. why not using the real stuff directly ??

No one ever said these guys were smart. If they were they would get real jobs and quit bugging us.

;)

I'm still hoping for "comment moderation" or whatever -- so comments stay in draft, unpublished form until approved. I'm visualizing the B2Evo gods creating this feature at this very moment. BZZZZZTTT.

Well, nothing yet. Guess I'll go back to bed. (which I just got out of because my Blackberry announced that my blogs were getting comment spammed, which just plain pisses me off!)
William

I've also been hit by this. It's not picked up by the blacklist (which is picking up thousands, I know), as there is no URL. A fairly simple, automated technique to reduce this would be to delete comments by email/and or comment. Usually a whole whack of them from 'bob@mail.com', or something like that, come in, and I have to delete them each manually. Being able to delete the whole lot at once, as with normal spam, would really help.

So, put simply, I suggest:

- ability to search comments by email, and delete en masse
- abiity to search comments by comment text, and delete en masse

I should also mention that I do change the name of the htsrv directory (have done so twice recently), but it looks like the new bots are picking this up automatically.

greenman wrote:

I should also mention that I do change the name of the htsrv directory (have done so twice recently), but it looks like the new bots are picking this up automatically.

Chage it daily. Same here. I even introduced a minimum length of 12 words (as some days ago these URL-less spamcomments were very short. Now all of a sudden, they have 14 words:

It's a very good site !! Very nice work, admin :) Good luck !

Maybe I should try Captcha...

This stuff is killing me lately - I have been getting 10 - 20 per day. I made all of the suggested changes on Saturday and got hammered again last night.

Is it a consolation if I say 'you are not alone' ?

I had a hack for comment moderation that would put comments in draft mode. I think it's available in the plugins section, but maybe it's not a good hack after all? Dunno: I don't use it. When I get those spams I pretend they're real and congratulate myself for having a great blog :roll:

There were two methods: one simply required a user to register. The other did the draft mode thing. I think the second one might not be as nice as it sounds because most of my hacks end up having enough holes to make them be kinda not so good.

Officially having a comment moderation method as part of b2evolution would be way cool.

Agreed - It would be great if the comment moderation/registration option was rolled into the core package, along with the automatic antispam update feature.

I've been trying to hold off on hacks 'till 1.6 goes final & we see what's in it. I've got a 9.0.12, 9.1, and a 1.6alpha that I need to spam-proof sometime soon.

EdB: do you know if the antispam update & comment moderation hacks work in 1.6?

Gotta say, 1.6 is looking awesome!

I've got a (very basic) comment moderation hack running in 1.6cvs, it doesn't do anything to stop the spam ( I get 200 > 400 a day), it just stops the comments being published to the world. Personally I'm going to be removing the hack and trying a different set of tactics.

¥

*edit*

When I get those spams I pretend they're real and congratulate myself for having a great blog :roll:

Lol, yeah, looks great when my front page says "200 unique visitors have made 500 comments with 4,500 words" :p

Ohhh yeah, and my G/F says to tell you that yer beards soft ....... dunno what the hell she's on about, but I get the feeling that I'm glad I don't have a daughter :|

I also am being hit by these one line compliment comment spams. It started about a month ago. It doesn't matter if I change my htsrv, an hour later I'm under attack again.

It doesn't make any sense, these spams just say something like “nice site, keep up the good work!!!”.

There is one thing I wonder about. This all started after someone emailed me with something to post on my blog. He asked me if I could put a link on my blog that would link to his blog. The idea is to create more traffic for him, so he can get a higher google search rank. I went to his site and found a link he named “linkswopping”, I clicked on it and it took me to..."blogLinker.com - the automatic link swapper and traffic generator ".

This got me to thinking that maybe this spam is for generating traffic? Ether for me or to try to get a google spider to find his link on my site?

Anyway as a side note, I have checked google to see if it knew about my blog, and it had not. That is it had not until the day after I put the post and the link on my blog. A few days latter I tried a simple one word google search. Not only did the search find my blog, but it was at the top of the list!?

Another strange thing is that about 99% of these compliment spams are comments to his post?

So for the last month I have just been deleting them, but it is becoming a real pain.

I have two questions? First is there anyway to make it so only subscribers can post, and is there any kind of a walk through, that can tell me where to get, and how to install a “captcha” into B2 ?

My comment moderation hacks don't work in phoenix and I don't plan on going there until we have an official public release to play with. Alpha Beta Finally seems to be the order, with phoenix being alpha.

I had a thought on this that kev touched on. I wonder how many people can also identify the one or two posts that the spammers target? I've got this funny feeling they end up with a list of posts on blogs - not just blogs - that they feed their spam-bots with. IF that's the case then going in to the targetted post and changing comments to CLOSED will stem the tide for a while. If on the other hand you're getting hit on a multitude of posts then you're being hit by a different spam-bot than me.

For me the unlinked comments stopped after a short fashion and I don't recall doing anything to stop them. I still get the occasional spam-with-link, but even they've faded lately.

In my blog, the spammers target around ten posts but the most of them don't get through.

I received my last unlinked comment spam around 40 hours ago.

Before I've started renaming the htrsv-folder I've received around 500 direct hits within ca 14 days on the comment.php

EdB wrote:

I wonder how many people can also identify the one or two posts that the spammers target? I've got this funny feeling they end up with a list of posts on blogs - not just blogs - that they feed their spam-bots with. IF that's the case then going in to the targetted post and changing comments to CLOSED will stem the tide for a while.

There are a couple (dozen) of posts that get hit a zillion times.
Every post that get hit, is set on 'comment closed' (offcourse)
but the next day, they find another post...
Lucky for me, only one on hundred posts is in english (only my english posts got comment spam, the dutch one not... only the english blog is pinged on weblogs.com and b2evolution.net.. the others not.... !!!

I think we're going to have to move to a captcha system. I tired an experiment over the weekend where I added a hidden "spam key" field to the comment form that changed daily and which was checked once the comment was submitted to ensure users were using the web form and not just sending out HTTP POST commands. The spammers seem to have gotten around this no problem. As we speak I'm upgrading my operational blog to 1.6 Alpha. Once that is complete and working I'm going to spend some time on getting the hn_captcha PHP class to work with b2evolution, This is a much better and more advanced captcha generator than the one that has been mentioned before in the forums and should provide a less hackable solution.

As a plugin: cool. As a core feature: no way. As soon as a blog app makes it part of the core spammers will break it, but humans will have to put up with the visual trickery. Please be aware that captcha has already been broken several times, so it will NOT stop spammers who know you are using it.

http://www.google.com/search?hl=en&q=break+captcha&btnG=Google+Search

Agree, captcha looks necessary. I haven't got any more unlinked comment spams today (but lots more with links), so hopefully that was just the bot developers trying to get it right. With no other motivation for unlinked spam, I had visions of this being an attempt to bring down b2evolution, jealous rival bloggers perhaps. Glad that seems to have been deluded paranoia brought on by excessive deleting.

EdB wrote:

Please be aware that captcha has already been broken several times, so it will NOT stop spammers who know you are using it.

They certainly are breakable but when implemented correctly it can be very difficult. Main benefites of the captcha class I chose are support for mixing multiple fonts and random captcha length, character rotation and a noised background which combined make it much more difficult to defeat than some of the others in use.

PS: I'll probably hack it in and provide that information, leaving it up to someone else to write a plugin...I hate coding...

Has anyone tried step three from [url=http://forums.b2evolution.net/viewtopic.php?t=3764]this post[/url]?

EdB wrote:

Has anyone tried step three from [url=http://forums.b2evolution.net/viewtopic.php?t=3764]this post[/url]?

All that does is check the referer for the comment post and make sure it is your site. My logs show the spammers are automagically sending the correct referer so this no longer works. My current research shows the spammers are now routinely downloading your comment form and then resubmitting it with all information and the correct referer.

OK, getting seriously pissed off now after the 20th batch of spam today >:-<

So, even though it's 2 in the morning, I got hacking. The spammers are attempting to falsify the referer. Instead of using an .htaccess, which is clunky, or $_SERVER['http_referer'], which is not reliable, how about adding this at the very top of comment_post.php:

//////IAN's HACKS///
$host=apache_request_headers();
if(!eregi('greenman.co.za',$host[Referer])){
  echo 'piss off';
  exit;
}
//// END IAN's HACKS////

I'm too tired to think this through more carefully right now, see what's falsifiable or not (I think it's harder to falsify), but I'll let you all know tomorrow if this has had any impact.

Does anyone know what the sql would be to set all the post comments that are older than a certain date to "closed"?

I haven't snooped around in the tables yet, but I imagine it's not a really difficult bit of code to write.

Nate wrote:

Does anyone know what the sql would be to set all the post comments that are older than a certain date to "closed"?

I haven't snooped around in the tables yet, but I imagine it's not a really difficult bit of code to write.

I don't have the SQL offhand but this is a feature [url=http://forums.b2evolution.net/viewtopic.php?t=1915]I asked for a year and a half ago[/url] to no avail. The SQL should be trivial, it's a matter of getting someone to code it as a plugin for widespread consumption.

Well, closing older comments has been hacked up by EdB (naturally) and can be pursued here: http://forums.b2evolution.net/viewtopic.php?t=4906. It's not a plugin, but it's a start. :D

Nate wrote:

It's not a plugin, but it's a start. :D

The trick is that if you're going to do it right you should be able to set independant expiration times for each post. You amy want to have comments on some topics longer than others. A hard limit is a bit difficult to swallow. I do like the idea of different limits for registered and unregistered users though.

By the way, since the other forum post describing the hack has been locked, I'll post a change here.

In defining the auto_close_comments function "post_issue_date" apparently does not exist in Dawn (1.6). I chose "post_datecreated" as a substitute and it seems to have a similar effect. I'm pretty sure if you write a lot of posts in advance using the timestamp feature then your results may vary, but this was good enough for me.

Oh well, the hack I mentioned above had no effect (5 batches of spam since then) :). I also got hit with more unlinked comments, which required individual deletion.

I like the idea of keeping comments on indefinitely, just as I like the idea of allowing people to post comments without registering. However, looks like until I or someone else gets down to some more serious coding, I'll have to get used to devoting a substantial part of the day to deleting spam if I want to keep comments open.

greenman, as a side note to:

- ability to search comments by email, and delete en masse
- abiity to search comments by comment text, and delete en masse

You can "abuse" the "Antispam" tab for that. Just be sure to not report those keywords then (uncheck the boxes).

Greenman,

We also believe in open public commenting and even (shh) allow the <a href> tag.

You might be interested in this: I've modified a PERL script, which we run as a cron job. It randomly renames the HTSRV directory (at a time interval we set). It makes our HTSRV directory a moving target to spammers. ;) We get precious little comment or trackback SPAM. Give it a try!

You can read about the other (easy) techniques we employ and obtain the script [url=http://randsco.com/index.php/2005/11/18/anti_spam_script]HERE[/url]

There's a internal switch that you can set so that it runs either pre-Phoenix (v0.9.1 "Dawn" or earlier versions) or post-Phoenix (v1.6 "Alpha" or higher).

Hope this helps.

stk wrote:

Greenman,
You might be interested in this: I've modified a PERL script, which we run as a cron job. It randomly renames the HTSRV directory (at a time interval we set). It makes our HTSRV directory a moving target to spammers. ;) We get precious little comment or trackback SPAM. Give it a try!

This used to work for me but even with the htsrv directory moving the spammers are still getting though immediately. I think they're using a regex to pull the htsrv folder out now. Warning everyone to be prepared because my blog usually gets hit with the new spamming technology a few months before everyone else.

I've finished writing the captcha class for b2 and I'm waiting for some plugin event handlers so I can make it a neat plugin instead of an ugly hack.

Damn! You mean spammers actually hunt out your pagerank FOUR blog to test new technologies on?? Thats absolutely amazing. God knows no-one else here has ever said they were still hit by spam using the "rename the htsrv" trick. uh, yeah.

... so I can make it a neat plugin instead of an ugly hack.

wow, classy remark there. I appreciate you too, Ben.

BenFranske wrote:

This used to work for me but even with the htsrv directory moving the spammers are still getting though immediately.

Am I correct in assuming then, that you've deployed this script? You say it "used to work", but I'm curious ... what time interval did you set for changing the HTSRV name? How "immediate" was the corresponding SPAM?

I find it difficult to believe that spammers would continually benefit by manually entering SPAM (assuming that you've denied automated comment/trackback spam using the .htaccess techniques in the same article) for a site whose HTSRV folder name changed constanly and every few hours. If it were me, I'd be focusing on an automated attack on a site with an unchanging HTSRV and one which allowed remote comments.

Of course ... that said .. changing HTSRV isn't 100%. We've been hit by manual spam since we deployed the script. But usually a "report to the blacklist", delete and an HTSRV filename change is enuff to keep that one spammer at bay.

It's a struggle for sure, but from what you describe, it almost sounds like someone has a grudge.

almost sounds like crap to me.

every blog is hit by spam, it seems these days. Im getting hit by referer spam like mad -- I dont think im a test case for any other blog site though. Fact is referer spam is about the only way they can get to me, so fine.

My trackback urls are unique.

Any comment made to my site by someone that hasnt already had an aprroved comment goes into moderation. From there, the comment is checked to see if it contains more than 3 urls or ANY words I have designated as blacklisted. If the unapproved comment matches it goes to /dev/null. if the comment passes that test, its flagged as needing to be approved.

---

I cannot help but comment on what sounds like incredible arrogance in your post, Ben.

stk wrote:

Am I correct in assuming then, that you've deployed this script? You say it "used to work", but I'm curious ... what time interval did you set for changing the HTSRV name? How "immediate" was the corresponding SPAM?

Yes, and it worked REALLY well for about two months. I'm changing the HTSRV value once a day, unless I notice a spam attack in which case I manually force the script to run immediately. I have had it happen like this:
1) receive spam attack (20+ spams)
2) manually run htsrv directory changing script
3) in about 10-15 minutes get hit with a second spam attack (20+ spams)

To me this clearly demonstrates that they are using regex to read the htsrv folder name and continuing the attack. The spams are too close together to be manually entered.

stk wrote:

(assuming that you've denied automated comment/trackback spam using the .htaccess techniques in the same article)

I am indeed blocking offsite referers to the comment post via a .htaccess but that has not stopped automated spam attacks. I'm pretty sure that they're just supplying a false referer to the webserver. Obviously, referers are reported by the client posting to the form which means they're trivial to fake. It would be but a small programming excercise to falsify them, if you're going to go though the trouble of breaking simple captcha's and auto-spamming why not put in the extra few lines of code to fake the referer?

whoo wrote:

almost sounds like crap to me.

Whoo, I know you think I'm an alarmist and you disagree with my antispam techniques...but really...what do I have to gain my lying about this? Perhaps I'm not a testbed for the spammers but then I'm the only one complaining about it. I was one of the first to complain and do something about the amount of bandwidth referer spammers were sucking off my site (see my earlier blacklist .htaccess generator). If I'm not a testbed then there are just a lot of people who don't know they're taking on so much spam or are ignoring it, of course this may be the case.

What I'm really trying to prevent here is a combination of database bloat and loosing the needles on information within a haystack of spam.

Interesting.

Well, for one, perhaps lessen the HTSRV-renaming interval to something like every hour, for the next little while.

If it is indeed, automated spam, as you suspect, with a made-up referrer, two things come to mind. (1) That they would exist in your Apache logs and you could find the offending IP address and (2) I doubt this represents the majority of the spamming population.

As such ... an IP denial in .htaccess and a report of the offending spammers (thus banning that url from your site - and for every other b2evo user that prudently updates their blacklist) should (within a short time period) make your blog more difficult to hit than the 10's of thousands (millions?) of other blogs out there.

Whoo's commenting plan seems like Fort Knox ... I'd do some sucking up to her and see if she'd share her techniques. (She's an ace at .htacess, server logs and SPAM ... in fact, it was from her that I obtained many of the techniques we employ, including the remote commenting and IP denial).

Good luck, mate.

EDIT ... PS ... Yer my "satanic post" ... #666 ... congratulations ;)

Completely off-topic:

Whoo, I know you think I'm an alarmist and you disagree with my antispam techniques

do you know that? I dont think you do. Sounds like you have not read much of what Ive posted on the subject of spam, outside of that "ugly" hack you refered to.

I reccommend checking your ego a bit, Ben.

whoo wrote:

BenFranske wrote:

... so I can make it a neat plugin instead of an ugly hack.

wow, classy remark there. I appreciate you too, Ben.

It's not and I don't.

Tell ya what BenFranske: go back in time and make yourself a neat little plugin to automagically turn off comments for an application that doesn't do plugins for anything other than post renderers and doesn't do them without hacking, and do it nice and neat too. Then come back and tell us all how cool you are.

EdB wrote:

Tell ya what BenFranske: go back in time and make yourself a neat little plugin to automagically turn off comments for an application that doesn't do plugins for anything other than post renderers and doesn't do them without hacking, and do it nice and neat too. Then come back and tell us all how cool you are.

Look, I never intended to offend anyone. I took what I read about plugins by Francois to heart. It seemed to me that he is trying to steer away from hacks and encourage plugins instead. It also makes the program a lot easier to use for the average user who has no programming experience. I'm certainly greatful for all the hacks that people have done but if you are writing something from scratch like what I'm doing here it makes sense to go through a little extra work to set it up as a plugin doesn't it? I get complaints from people all the time that simply uploading a script to a site is too much work there is no way to get these people to hack their installation but they might be able to install a plugin.

Think about what blogging has done for the internet. It has made it realistic for the average internet user to have a webpage that gets updated frequently. Think about what that user is missing out on because they are unwilling or unable to install code hacks. Blogging and tools like b2evolution are about enabling people to use technology without understanding the back end and as such a primary feature of such software is usability. As an advanced community anything we can do to improve usability is of benefit to the community at large.

Again, thank you to everyone who has done hacks in the past. Without you the community would never have sustained growth. Early adopters are an important part of any technology but success over the long run is in making that technology accessable to the average user.

Sorry dude. Long work day, heavy stress at the end, and I tend to check the forums frequently. Saw that and got, well, offended.

No worries! The code back then was pretty unfriendly. "good" hacks were ones that were documented ;) Personally I'm looking forward to what skilled people can do with the plugin system when we get an official release.

My apologies for venting at ya!

Has anybody here (with more coding skills than me) ever taken a look at http://akismet.com ?
I'm hosting 20+ blogs on b2evolution and they get hit by comment spam all the time at the moment it would seem, but my Wordpress blogs seem to be doing fine, with just a few a day which are taken care of by Akismet automagically.
There are already a few [url=http://akismet.com/development/]implementations[/url] for other systems, so maybe a plugin for b2evolution would be possible as well?

I took a quick look at what they're doing. The big problem I see is that it's a closed system which they could start charging for at any time should they choose to do so and because of this you are required to have one API key for each and every blog which would be a pain to get if you had multiple blogs. Having support for multiple blogs from one installation of b2evo makes this even more complicated.

From a technology perspective it looks like they're doing bayesian filtering of spam comments (much like the email spam filtering programs SpamAssassin and DSPAM) which is a prooven technology and probably would work. It also looks like all the smarts of the system sit on their server which means if they go down no one can post comments to your blog, again not something I'm keen on. I would be more interested in seeing a bayesian filter you could run locally OR a server side bayesian system like this excpet where the code to the server was freely availible so you could run your own server if you so choose.

I use the same key on several blogs, no problem at all. And I doubt they'll start charging everyone any time soon seeing as Matt would lose a lot of cred if he suddenly changed things around, being Mr. Wordpress and all.
imho the big advantage IS that they're running it and so can centrally update it and have a big anti-spam database.

Just in the last couple weeks, I'm getting 20+ comments a day just like everyone else. Is there a way we can somehow get reports on how they're doing this? Generec comment text but then a long specific URL which looks to be for SEO.

http://forums.b2evolution.net/viewtopic.php?t=3764 - is the link for whoo's thread.

I've supplied a working fix for this in the other Comment Spam thread.

http://forums.b2evolution.net/viewtopic.php?p=33876#33876

Pretty simple implementation. I just happened to notice that the blacklist was filtering everything but the URL that the spammers were spamming.

forgive me if i sound harsh - but the ability of spam bots appears to outweigh the usefullness of programs like b2evo. i've been using b2evo for about 6 months. i've been following these threads on spam and the only real solution that seems to come up time and time again is ... update your site "daily" to keep the spammers out.

when i started a blog - it was not because i wanted to be in playing catch-me-if-you-can games with spammers on a daily basis. it's ridiculous to have a program that is as vulnerable to spam as b2evo is.

can anyone suggest a blog program that is not so suceptable to spam-bots and the like? i would hope that it would be able to import/convert my current b2evo database.

i have to admit that i am simply done using b2evo as it is just TOO fragile. i just want to post a few thoughts every now and again ... i am not at all interested in changing file and directory names every few hours to keep these spam idiots from messing up a [u]simple[/u] blog site.

i am a network tech and own my own hosting company - so i'm not lazy or uneducated on these topics ... i'm just tired of playing catch-me-if-you-can and getting beat every 12 to 24 hours after making suggested updates to my site. i really do have better things to do, as i would imagine many of you reading this do also.

please know - i understand how open source software works, and i'm not complaining about the faults of a "free" program. my question is an honest one -- what blog program can i use that is fairly spam-proof? is there such a thing...?

tia
--kevin

I doubt if there is something like this. But WordPress has comment moderation which might be the best solution to the comment spam problem. But I suppose this is integrated into the newest version of b2evo. I remeber there's a hack for it as well, I will have to try it.

I'll be surprise if you find such a thing. These days just about ANY web program that allows user commenting/posting is suceptable to spam. phpBB, Drupal, Wordpress, Blogger, LiveJournal, b2evolution, Movable Type and all the rest have all had problems with spammers.

The only way to truly stop the spamming without any regular intervention on your part is to disable commenting altogether. Obviously this works with b2evolution as well as any of the others. If you want a "hands off" blog it's going to be a one-way thing. If you're willing to do a little bit of work you can allow comments from registered users, so long as you manually approve each user registration. If you don't manually approve the users the spam bots will just register themselves automatically.

1) where do i go in version 0.9.1 to remove unwanted comments?

2) i run a forum using VBulletin and must say they've done a good job preventing comment spam. we get absolutely *none*. that's been true for the year and a half that i've been running it.

3) BenFranske - you mentioned user moderation ... where in the software does this option exist?

If I knew of a better blogging program than b2evolution, I would probably be using it and not spending so much time around here.

It is possible to set up a cron job that updates the antispam blacklist and removes any matching comments, automatically. I'm running it four times a day right now. Lately there have been more comments than usual, but still not unbearable for me.

I don't think you'll be happy with comment moderation. It will still be just as much work for you. Actually, it will be more, because you'll have to remove all of the spam AND manually approve good comments. Moderation is only available now as a hack. It's not a feature by default.

Your best bet is probably just to disable comments altogether. Rename or delete the htsrv/comment_post.php file.

good info ... thanks personman :)

personman wrote:

It is possible to set up a cron job that updates the antispam blacklist and removes any matching comments, automatically. I'm running it four times a day right now.

Good idea! Which method do you use? I checked this thread here http://forums.b2evolution.net//viewtopic.php?t=3350&highlight=cron+antispam+blacklist but I'm not sure since the whole list (2MB) might be downloaded each time

Here's how I do it.

1. Download and install [url=http://wonderwinds.com/hackblog.php/2005/09/18/p598#more598]EdB's antispam recheck[/url] hack for 0.9.1.

2. Look in the first comment on that post and download and install the script linked therein.

3. Set up a cron job to wget that file.

After step 2 you should be able to hit that script with your browser and see a plain text page showing you the results. It will NOT display the whole blacklist, so it won't be a big page. That alone makes it a lot easier to update the list and clear off spam. If you need help with step three, the best bet is to check with your web host. You might be able to do it through cPanel or something like that.

Thanks! It seems that I have to upgrade to 0.9.1 first. I still use 0.9.12. because I've four blogs with customized skins, so I hesitated, wanted to wait until Phoenix is out... But maybe it's better not to wait?

The main reason 0.9.1 was released was for antispam improvemtns, so YES, do upgrade.

Yes, I will do it shortly. Although the blocking is really effective, considering that only few spam comments come through. During the last week, I received more than 1000 hits on the .../comment.php daily!! They're all originating from IPs without reverse DNS-entry