During this latest sustained spam attack, this blog has been a little less responsive than I'd like. I'm thinking it's related to Akismet's need to talk to the mothership to verify each comment. As an experiment, I've switched back to Spam.module, disabling Bad Behavior and Akismet. It's a bit of a risk, switching spam blocking strategies in mid-attack, but whatever. That's what backups and phpMyAdmin are for.
Already, the site feels slightly less unresponsive. I've never been really happy relying on an active network connection to the Akismet Mothership to check each and every comment, and Spam.module is a completely self contained solution. It's closer to Spam Karma 2 - the best spam blocking plugin for WordPress. Bayesian voodoo checking the content. Link counting, IP checking, etc...
So far, only a few snuck through in the short time between disabling Bad Behavior and Akismet, and enabling and configuring Spam.module.
In poking through the spam log, it looks like one particularly persistant roach just won't get a clue. None of his crap has gotten through, but he just keeps coming back. Googling a portion of his automatically generated names turns up a list of 818,000 comments this person (or group) have flung onto the blogosphere. Almost a million spam comments. There's a brand new inner circle of hell opening up for this clown.
Of course, I'm setting myself up here. If Spam.module falls over, I'm wide open to potentially thousands of automated spam comments. This should be interesting. I'm debating requiring comment previews before submission, so Spam.module can kill spammers before anything touches the database, but I've never liked making anyone jump through any more hoops than absolutely necessary (no CAPTCHA, no confirmation words, etc...).
Update: Well, it hasn't been 100% bulletproof, but I only woke up to find 3 comment spams that needed removal. The sustained attack continues, though, so hundreds of other attempts were successfully blocked. Not bad. I may turn Bad Behavior back on to try the combo of BB+Spam.module...
Update 2: The spammers are getting frustrated. It looks like 2 separate attackers. One is using a single IP address, which was easily blocked via .htaccess. The other apparently commands a zombie network with an unknown number of computers from various networks. Hard to block via a simple htaccess deny access directive. But spam.module cleaned it out pretty quickly.
Now, they've resorted to simply salting the earth. If their links can't get onto this blog, they'll settle for just polluting it with as many garbage nonsense random ascii comment filler as possible. It's either to vandalize for vengeance, or to confuse the Bayesian magic that filters incoming comments. Either way, I had to spend half an hour manually nuking the garbage that got past the filters. What a waste of time.
The spam.module log database table currently has over 25,000 entries. And it's only been turned on for just over 24 hours.