Blog Spams and WordPress

Today I just realised that WordPress does not actually delete the incoming comment/trackback, but instead obliviously inserts them into the database with "approved" field marked as "spam". Yes - every single comment, that has been categorised as spam, is still stored inside my WordPress database, even though I have never received any notification, nor is there a way to revert them back to legitimate comments. And I am backing all of them up when I run the mysqldump in cron jobs everyday!! Aargh!

And looking at the comments stored, my signal-noise ratio is current at 1:7.2. That's right, by the time you typed up a comment to reply to this meaningless blog entry, 7.2 comment spams are blocked by the WordPress comment blacklist, which by default looks at

  1. Whether comment/author/url/etc contains character reference (&#<number>;), which is an often-used tactic by the spammers.
  2. Whether any blacklist word matches.
  3. Whether the client is listed as an open proxy by opm.blitzed.org.

The combination works pretty good so far, as I rarely receive comment spams. FOCUSer.net has a SNR of 1:14.9, but it still suffered badly as I have to manually update its blacklist everyday to catch the latest spam words. I guess MT is just more heavily attacked.