Tag Archives: spam

Do Follow

I decided to join the Do Follow movement, which is… the opposite of the No Follow movement. The nofollow attribute was intended to discourage comment spammers by telling search engines not to trust links posted by visitors in blogs and forums. However, the spam problem has not gotten any better.

Despite the relentless efforts by spammers to pollute my blog, spam comments are not getting posted here. It is thanks to my triple threat spam fighting strategy. Since the bad links aren’t getting posted in my blog, and the good ones are, I might as well disable nofollow.

I do believe that Do Follow is not for everybody, though. I think it would be best to have nofollow implemented by default in applications that are vulnerable to comment spam. If people aren’t going to protect their sites from spam, they might not bother implementing nofollow manually and consequently not all of their user-contributed links should be trusted.

There are a lot of plugins to remove nofollow from links. I did some research for ones that would fit my needs. What I really wanted was to be able to have the option to add nofollow on a case by case basis for non-spam yet cr@ppy links. I found one that was even called that but it didn’t work… perhaps because it was tested through versions up to and including 2.2 and I’m using 2.3. I decided upon NoFollow Free because it almost does what I want. I can’t nofollow based on urls, but I can do it based on a couple of criteria.

I reserve the right to edit, delete or mark as spam any comments that are intended solely to get links from my blog, and basically abuse my trust, and consequently the trust of my visitors.

I don’t know if people request to be on those do follow sites lists, but I would appreciate not being on such lists since it could end up directing comment spammers to my blog. I won’t object to regular links, though. :)

Fighting Comment Spam with Bad Behavior, Akismet, Spam Karma

I’ve been using Akismet since I started using WordPress in early 2006. It does a tremendous job of detecting spam. However, it’s not perfect and a few messages gets past its filter each week. Since I enforced moderation on new posters, this kept the spam from showing up on the blog. However, that measure prevented legitimate posters’ comments from appearing without a delay.

I learned about Bad Behavior as a way to fend off bad bots so they can’t even access my blog, let alone create spam comments. From BB’s Benefits page:

Bad Behavior is designed to integrate into your PHP-based Web site, running as early as possible to throw out spam bots before they have the opportunity to vandalize your site with their junk, or even to scrape your pages for e-mail addresses and forms to fill out.

Not only does Bad Behavior block actual vandalism to your site, it also blocks many e-mail address harvesters, resulting in less e-mail spam, and many automated Web site cracking tools, helping to improve your Web site’s security.

I also added Spam Karma to supplement Akismet. With its default settings, it seems to be more lenient than Akismet. I had Spam Karma process the spam that Akismet had already filtered. SK approved some of the spam, which resulted in the comments showing up in the blog, and added some of them to the moderation queue. Note that Akismet had already treated the comments as spam. So I had to train SK to recognize those messages as spam.

SK also instructed to use its moderation interface to moderate comments, instead of the default. This meant that I would be unable to train Akismet. The solution was the Akismet plugin for Spam Karma. This way, if I mark a comment as spam, it trains both SK and Akismet. An unadvertised benefit of using this plugin is that it makes SK factor in Akismet’s judgment on a comment in computing the karma. Thus, spam comments that got low spam scores before will get higher spam scores because Akismet had already detected them as such. This counteracts the leniency that I observed. It also reduces the number of obvious (according to Akismet) spam comments that I would have to moderate.

Another thing I like about Spam Karma is that it gives the user a second chance to submit the comment if it is unsure whether it is spam or ham. This immediate feedback is more helpful to real users than having their comment going to a moderation queue.

It hasn’t been a long time that I have implemented all three comment-spam fighting measures. I hope it makes it easier on real users to add comments, while preventing spam from showing up in my blog.

Things I learned:

  • Don’t reprocess processed comments. It will duplicate the karma scoring if it received a particular comment previously.
  • Don’t reprocess previously approved comments (from pre-SK usage). I cannot prove for sure, but it seems that in reprocessing already approved comments, some of the really old ones got marked as spam. That’s because one of the indicators of spam is replying to old posts.

Most realistic spam comment I’ve seen

In addition to using Akismet to do the bulk of the filtering of comment spam, I moderate comments from new users. The past few days, several comments have made it through Akismet’s filters and I was notified to moderate them. Today, I saw one that seemed genuine:

I always have terrible trouble with comment-related plugins that require me to put some line in the comment loop; I can never seem to find the right spot. Can anyone tell me where I should put the php line in my comments loop? I haven not modified anything much, and I would be very grateful. Thanks!

Then, I looked at the url they listed. It was a tramadol subdomain on a free host. :P So I marked that comment as spam.

If you’re using Akismet, please make sure to check the url, too. No matter what the text says, you can discern the intention of the comment by looking at the url, because they’re trying to gain back links. We really need everyone who is using Akismet to be aware of this so that the filters don’t get tainted and let these comments through.

Update: I searched for the comment and it was a real one that showed up in February 2005: http://inner.geek.nz/archives/2005/01/12/wp-plugin-official-comments/

Man, how low will they go?

No more spam, please

It’s really disheartening the amount of work that we webmasters have to put in to protect our websites from comment spammers, and now hackers. Since I have a site with various ways for users to provide input, I have had to spend a lot of time and effort on protecting and modifying those scripts.

The easiest solution is not allowing user input. That’s no fun. I really like to hear from visitors. Fortunately, a lot of the scripts these days have built-in spam prevention. If you look in the sidebar, you can see that Akismet has blocked out over 15 thousand attempts to spam my blog. Imagine if I used no protection, like many other site owners. I have been to some unprotected sites that had so many comment spam entries on one page that it would hang my browser.

Recently, a lot of sites at my webhost had gotten hacked, and hidden porn links were injected on home pages. Now, I have to check my websites to ensure that they haven’t gotten hacked.

I know this is futile, but I want to plead to the spammers and hackers: please leave our sites alone. We haven’t done anything to you. What you’re doing will only hurt the internet in the long run as site owners give up having sites due to the toll spam has taken. Also, hacking is illegal. One day, you are going to hack the wrong site and you will find yourself in jail. Then you’ll experience first hand some of the porno keywords you’re trying to rank for. I’m sure you wouldn’t want that.

PS. Please don’t hack my site. I asked you nicely.

My first comment spam

My reborn blog has been up for about a week and I already got comment spam. Word travels fast. :P

But I won’t get mad; I get glad… to report the sites of the spammers to Google’s spam report form.

Silly spammers: Your comments won’t see the light of day since I use comment moderation. Also, WordPress uses nofollow attribute on comment links. :roll:

Update: I did some research on how to fight comment spam. Learned that CAPTCHAs are big no-nos due to inaccessibility issues. Then found out about akismet, which is already included as a plugin with my WP installation. All I had to do was activate the plugin, then enter the API key I got from registering for an account at wordpress.org. Let’s hope this helps.