CASE STUDY: When Comment Spam Bots Kill

Gather round the camp fire kids, I have a scary tale to tell.  It’s a story from a sci-fi nightmare of crazed bots running amok in the blogosphere.  I call the story “When Comment Spam Bots Kill” .. da-da dahhhhh!

I was working with a client recently who’s WordPress blog was killed by comment spam.  I thought I would write it up and give you some tips to stop this happening to other blogs.

The Problem

My clients database was stuffed full of comments, when I looked at the issue there were more than 140K comments in the moderation queue.  This was exacerbated by a plugin called BAStats which was creating log entries for all activity, this table had over 1 million entries.

The blog was running on a standard hosting installation the database was just too big and cumbersome.  As as result whenever anyone tried to access the front end, they were timed out, a database connection could not be made, and if anyone tried to access the backend dashboard the same happened, the blog was unreadable from the fron end and unmanageable from the back end, a pretty pickle to be in.

A review of the comments from the backend database showed them to be comment spam, someone was running a comment spam bot to inject huge numbers of spammy links into the system.


I am going to talk about phpMyAdmin and modifying backend database a lot in this post, so I thought a quick note on phpMyAdmin was in order.

phpMyAdmin is a MYSQL admin tool which allows you to perform functions on your database.  You will probably find this on your hosting control panel.

This is a GUI tool which allows you to tweak your database, it is not for the faint hearted, you can do real damage if you don’t know what you are doing, you have been warned!

The Solution

I disabled the BAstats plugin by renaming all of the php files , I could not do this from the back end because I could not log in.  Using my ftp client I navigated to the plugin directory and manually renamed the php files so they were not called.   This stopped the stats package from working and reduced load on the database a little giving me some breathing space.

The next step is a little radical, but it was all I could do, and that was to delete all comments in the moderation queue.  First I made a backup of the table wp_{prefix}_comments, then ran the following SQL command from within phpMyAdmin.

delete from wp_{prefix}_comments where comment_approved=0

This is a radical approach which will delete all comments held in the moderation queue regardless of whether they are spam or ham (good comments).  My client felt is best to start a-fresh with no comments held for moderation.  The query removed all of the comments held for moderation.

As a final step I also disabled comments on the blog temporarily to prevent further comment injection.

Preventative Measures

That fixed the problem, the front and back end were now accessible, but I felt preventative measures were in order to stop the issue re-occuring.  I delved into the backend.

The route cause of the problem was that spam capture was disabled.  Akismet was not automatically deleting and spamming comments.  I re-enabled this and ran the “check for spam” routine, another couple of hundred approved comments were spammed.

Do you remember I said that I disabled commenting, spam comments were still coming in!  My client was running an old version of WP and I suspected that a spam bot script was pushing comments into a WordPress vulnerability or plugin loophole, my recommendation to my client was to upgrade to the latest stable version of WordPress and to download and reapply the plugins they used only from legitimate sources, in the hope of sealing teh vulnerability.  This is in progress.

Your Reputation Is In Danger

There is a long term danger if you do not moderate your comments well, and that is loss of reputation through your page rank.  Your site will be demoted and traffic may dry up.

A real life analogy is if you start hanging with the dangerous kids at school smoking, taking drugs and bullying kids, you will be marked as one of these type pf people.  The same goes if you give out a link to a dodgy site, you are seen as giving them an endorsement and your site is marked down.

Wrapping Up

Moderate brutally, keep your comment spam plugins in place, tighten up your moderation policy and give my posts on comment spam a read: What is Comment Spam and How To Control Your WordPress Comment Spam

Leave a Reply

Your email address will not be published. Required fields are marked *