I agree, Bad Behavior isn’t perfect but nothing single technology really is. I still get comments through Akismet and Bad Behavior and legitimate comments get false positived (yeah, positived could be a word) by Akismet.

One thing I like about Bad Behavior is that it doesn’t actually stop bots from commenting directly; it stops bots from even seeing your blog (so they don’t even know about the comment form). To protect against false positives, a user being flagged as a bot, there’s a confirmation screen just in case. (I admit the confirmation scenario is pretty weak; but until I can come up with something more clever it’ll have to do.)

Before I installed the Bad Behavior plugin into my blog, I was getting around 30 spam comments a day. Almost half of my reported traffic was spam! Everyday I would log into my admin and have to scan every comment to see what was real and what wasn’t.

Even though this process only took a few minutes it was still disruptive to my day. Plus, you know, $Eric = ‘Lazy’ so I try to keep my mental load low. This was just too much to do every, single, day.

I had used Bad Behavior on a client site once, and was pretty happy with it’s results, so I installed the Bad Behavior WordPress plugin. My comment spam dropped to about 2 a week. I’m not exaggerating.

As to the IP issue; also not ideal but it’s not the sole criteria to block something. Bad Behavior also looks at the headers and stuff (stuff is the technical term) which are also pretty easy to manipulate.

You just have to keep in mind that programmers who work for spammers are usually the bottom of the barrel. Seriously, the good programmers get better jobs so the majority of the spammers are pretty bad and don’t implement the advanced techniques to hide their tracks.

I feel almost sorry for bloggers who have registration forms, because they probably lose a lot of comments that way, and commenting provides a good way for readers to stay interested in a blog.

At least there don’t seem to be many blogs around using captchas. I’ve started to get really fed up with captchas; there seems to be a new breed about which I find difficult to read. It’s one thing stopping bots, but if a human can’t use it then you’ve failed anyway.

I am tempted to install Bad Behaviour on my blog, but I’m not keen on the fact that it stops them from even commenting. What I like about Akismet is that I can check the spam to see if it caught something it shouldn’t, which it actually did to a pingback just last week. I find myself not being able to trust automated spam blockers to be 100% accurate. It’s fine if I can correct the mistake like with the pingback, but if I lost a reader because it mistook them to be a spammer, I’d be sad.

They’re being pretty lazy with that log set up. I’m still pretty new to wordpress, but other plugins seem to manage. They could at least have it write the logs to files and tell you how to convert it to database use.

*short interlude*

I just had a look at how they say it works. It’s an interesting approach to be sure, but it still doesn’t convince me. They use IP addresses, which can change and be re-used by other people (I think?). All I have to do to change my IP adress is re-connect my broadband. They also use header data etc, but from your poll exploit post http://blog.ericlamb.net/2009/04/how-to-exploit-an-online-poll/ it seems this info can be changed, which I’d have thought spammers would do as much as possible.

But, people use it and say it’s effective. Haha, I just don’t know what to think about this one I’m sure spammers could get around it if they wanted to though. Please let me know if I’m mistaken about any of this though. If my knowledge is flawed I must fix it ^_^