Reiner Saddey’s Place

Why WP-Cache and Spam Preventers like Spam Karma 2.2 will never work in harmony

Posted on February 15th, 2007 by Reiner.
Categories: English, Computers.

WP-Cache and Spam Karma both implement strategies that are contradictory by their very nature. Let’s see why.  

In the past, I got along with a remarkably short comment blacklist (hand**b, pi**ing, tran****ual, b**bs) , that was able to block over 5000 spam attempts during the last year, but still allowed too many false nagatives to slip through for manual approval to be avoided. Personally, I don’t like having to approve - or being approved, for that matter

When upgrading to WordPress 2.1, I was looking for a better way to prevent spam. I soon ruled out Akismet, because Akismet requires a key and I was unable to find the right kind of key within a reasonable amount of time. My blog is both a private one and non-commercial, but still runs on my own server (10 feet from my bed, see Small is beautiful - WordPress in a Handbag).

When leaving a comment at Kelson’s Updated to WordPress 2.1, I was quite impressed by a challenge popup, that I could trace back to Spam Karma 2.2. Wow, that’s cool - I must have this.

Within minutes, I downloaded, installed - and donated to - Spam Karma 2.2.

Due to my CPU’s inferior processing power, I’m using WP-Cache (with expire time set to 60 days) in order to speed up page display. To my dismay, WP-Cache caused new comments not to be displayed at all. Everton’s article at How To Fix WP-Cache And Spam Karma 2 (SK2) Issues led me to Priv’s SK2-WP-Cache-Compatibility plugin which sucessfully fixed the case of the missing comments. So far, so good.

Everything ought to be in perfect harmony by now.
But is it really?

The answer may be no, and here’s why:

WP-Cache works very much like a camera. It lets WordPress generate the HTML for a page, which is then captured and resent by WP-Cache on all subsequent request for the same page. That’s the secret to its stunning performance. A page, once cached, is returned just as fast as if it were plain static HTML. WP-Cache is quite smart about building the key for a cached page. Keys include your WordPress cookies so as to avoid disclosure of private pages. There’s even a hack that enables WP-Cache to properly snapshot gzipped pages as well, thus avoiding the computational expense of compressing identical contents more than once (see WP-Cache 2.1 revisited: Compression)

Spam Karma contains quite a number of advanced features, some of which can easily be revealed by looking the HTML of a page. Three of those may not work as designed when used in conjunction with WP-Cache: 

• The stopwatch plugin injects the current time when the page was requested into the HTML of the page and then monitors the time, it takes a visitor to read your article before hitting the comment button.
• The encrypted payload plugin injects unique data into the HTML that is checked for by Spam Karma when hitting the comment button. The actual data changes on a regular interval schedule so as not to be avoided by smart spamming applets.

These two techniques very much rely on Spam Karma being able to prepare individual output for each and every particular page request. This is defeated by WP-Cache returning static content that may have been prepared hours or days ago in response to another request for the same page, eventually causing Spam Karma to no longer accept or misinterpret the values returned.

It’ll be an interesting challenge as to how these conflicting goals can be met at the same time:

• Always return the same static image for a particular page. 
• Return different contents for each request.

7 comments.