BlackHat video: Xrumer, the forum spamming software

Ever wanted to see how one of the many available (PMBlaster, Zunker, Xrumer etc.) forum spamming software looks and runs like ?

See Xrumer in action.

What’s interesting to see in the video above, from the WhiteHat point of view, is how the program works. The procedures, the checklists, the options, so you can build your own anti-spam blockade.

Some of you guys, will be amazed to see how captchas and/or math spam questions are like so … 1945.

Important: Please be aware that I do NOT endorse, NOR do I recommend the use of such spamming software, except for your own, personal and private use, to see how the program functions. As one user says in this WP article about Xrumer, you have to know the enemy and the weapons used by the enemy before you can defend against them.

No more WordPress comment SPAM

So until today I was getting about 20 to 30 spam comments per day. It really annoyed me, so I started looking for a spam keyword list for WordPress (or just a damn plain word list to copy/paste in WordPress).
So just tumpling to my WordPress admin, in Options/Discussions, I came upon the Common spam words link. I must say a decent list resides there, but … almoust useless. To small for all the spam words used today.

In the same page (on website), I found a reference to a certain module for WordPress, named Akismet. I must say it’s amazing.

Just a single php file (akismet.php), that you need to upload in your WordPress path at the /wp-content/plugins/ directory. Then make an account at and get an API key (sent in your mail after you confirm the account and your e-mail).

Then just activate your module, and enter the sent API key.

What this plugin does, is that it actually learnes from you. You mark what comment you want, as spam, and the plugin learns from the words and user information in that comment.

After just 10 or 15 marked comments by me, with vi.gra, tra.adol, ci.lis, diaz.pam, blo.job and other spam keywords, it actually scannes and finds 100% of spam comments.

It’s a GREAT addition to every moderatly/heavy commented blog, and it saved me lots of usefull minutes each day.

Akismet checks your comments against the Akismet web serivce to see if they look like spam or not. You need a API key to use this service. You can review the spam it catches under “Manage” and it automatically deletes old spam after 15 days.

For many people, Akismet will greatly reduce or even completely eliminate the comment and trackback spam you get on your site. If one does happen to get through, simply mark it as “spam” on the moderation screen and Akismet will learn from the mistakes. If you don’t have a account yet, you can get one at