Updated February, 2007 - Version 1.5
Spam Nuker, a plugin for Wordpress released by Chris J. Davis and Scott Merill, has been providing great services to me over the last months. After recent spam surges I thought about additional features that would make my life even easier administering those comments automatically marked as SPAM (based on WP's Comment Blacklist feature).
This enhanced version of the plugin incorporates a few changes as well as new functionality. It now provides quicker access to comment specific information such as the comment text itself as well as the respective post title. Further, the plugin supports blocking of specific IPs (taken directly from SPAM comments) prohibiting those hosts from accessing your site again.
While banning specific IP addresses is certainly a controversial topic, if used carefully (!) it can be a very powerful tool. I've been basically spam free for almost a week now. Blocking an overall of 35 IPs and by the looks of it, those were the main culprits for the massive SPAM influx. I don't expect it to stay that way for too long, but I feel I have a much better control mechanism in place now.
The other benefit, although of probably less significance, is that those sites are not eating up your bandwidth anymore.
Oliver
Readme & Caveats
Before you use this plugin, you should be familiar with your web servers' access control mechanism based on the .htaccess file and what it does (read up on it here). "Breaking" it may render your blog/site temporarily inoperative, until you've restored a backup .htaccess file or have used the Wordpress admin panel to recreate one.
Also, please note that blocking specific IP addresses may prevent a larger audience from accessing your blog/site if it turns out that the denied IP belongs to a gateway/firewall/proxy server.
Install Notes
1. Download & extract plugin (defaults into plugins/smp/ !).
2. Upload to your wordpress plugins directory (/wp-content/plugins/)
3. Activate plugin from the Wordpress admin panel & configure it (configuration now via the UI)
Plugin Configuration and Other Tips
Before activating the plugin, please verify and adjust the File & Path settings to reflect your server configuration!
Also, you may want to setup a meaningful 403 server (error) message. I.e. let people know to contact you in the event they have accidentally been banned from your site. In addition to the above and to make a separate 403.html document work, add these lines to your .htaccess file:
ErrorDocument 403 /403.html
<Files 403.html>
Allow from all
</Files>
Finally, I also recommend to check your logfile stats every now and then for the 403 status code, which will tell you how many attempts were blocked.
Important Note
Now before you start, make a manual backup of your servers .htaccess file just to be on the safe side. After every .htaccess modification (blocking/unblocking of other sites) always verify the files' current content. If in doubt about proper operation of the plugin, you can always restore a backup version of the .htaccess file (for now you need to use your FTP client to do so!).
The plugin only supports complete IP addresses, no networks yet (such as "123.456.789") and I'm not sure it would make sense either.
Disclaimer
Please note that I'm not a full time programmer and this plugin doesn't claim state of the art programming principles. I'm not sure I've covered every possible exception, nor have I checked compatibility with the zillions of other plugins out there. With that said, use at your own risk.
This plugin has not been extensively QA'ed under the various Wordpress versions either, however anything 1.5x and up should be working just fine. If you do experience issues with releases 1.5x or above please let me know.
Support
Hopefully you won't experience any problems, but feel free to send an e-mail to blog @ deliciousdays.com, if you do.
History
VERSION 1.5
invalidates now "get recent comments" cache (if the plugin is installed), to make sure un-spammed comments are properly shown
"nuke all" now ONLY nukes displayed spam messages. this prevents erroneous deletion of caught but valid comments that arrived between calling the plugin page and deciding to nuke all
UI cleanup; efficiency increase
plugin versioning support
VERSION 1.0
WP2.1 enabled (really just cosmetic fixes & house keeping)
VERSION 0.8
select/deselect all functionality added
trapped spam can now also be moved back into the moderation queue to protect it from accidentally deleting it
VERSION 0.6
Selective comment removal
"Predefineable" keywords for auto selecting spam comments & admin UI for preselection
Note: The two new features should simply handling huge amounts of spam comments, with the occasional valid one "hidden" in the masses. The "nuke 'em all" button is still there but really isn't a good option once you hit 50+ spam comments. Now you can quickly identify absolute spam entries, get rid of them and double-check the rest (and find the good ones...)
VERSION 0.5
"Unspamming" comments now adjusts the total comment count. Previously the total was adjusted with the next legit comment.
VERSION 0.4
bug fix. if an .htaccess didn't have any "deny from..." entries to begin with, new entries would've been ignored.
VERSION 0.3
added stats for blocked IP (# revisits / access to comments/trackback)
minor UI cleanup
VERSION 0.2
added toggling of blocked IP status (active/inactive)
viewing, deleting and restoring of backups
a couple of UI changes
Download
[...] Better Spam Management and Prevention This plugin provides better ’spam’ management in WordPress 2.x (should work for 1.5x as well) and on top support “.htaccess” based IP access control. If someone feels like streamlining this code or cleaning it up, be my guest [...]