22 May 2006

My battle with Comment Spam, and my latest solution.

People trying to comment spam on my blog.

…..Can’t you comment spammers work harder to identify blogs that aren’t being used to spam on instead of active blogs? Ya know, I actually read every comment that is posted (or tries to get posted).

If someone really wants a link, I’ve made it pretty easy to give you a link…I mean I’ve got the old "introduce yourself" page (link at the top of every page)….I’ve had plenty of other opportunities like the "how do I help my teething baby" or "SEO recipes" where any human can easily post something of some intelligence and get their link to boot….

It’s the ones I get with the name of "Online Gambling" with a comment of "Gambling Online widgets for green phrase random for the Great Site bla" crap one that I get that really annoy me.

A few weeks ago I was getting hammered with spam so I made people register in order to comment….and it was no surprise that my comments went down. I then got another round of major spam since someone was able to bypass the registering and was trying to post over 300 comments each day…..none went through because they also included a link in their comment, and any comment that has a link in it has to be approved by me before it goes live….also I’ve got a filter with all the special words that if a comment includes any of those words, it has to be approved by me first (gambling, debt, insurance, sex, etc)….so nothing went through….but it was a bitch to delete these every day (and how were they getting through when they weren’t registered??)

My solution: I removed the ability to post comments or trackbacks on post that are over 2 weeks old….that was where 98% of the comment spam was going….so I figure that 95% of comments or trackbacks will happen within the first 2 weeks of a post, so that should remove 98% of the comment spam. I then removed the option for people to have to be "signed in" to post to make it easier to post, but after 2 or 3 weeks I stop the ability to comment on a post.

That’s what I did….good idea? How would you have done it?

Comments

  1. St0n3y May 22, 2006 at 5:44 PM

    A two-week rule! Good idea. Interestingly, 98% of my comment spam occurs for just two posts, one that mentions Google Guidelines and another that mentions Jagger. Both are several months, if not years, old.

  2. Simon Heseltine May 22, 2006 at 6:17 PM

    Funny, I just started getting a bunch of spam on my blog for secret shopper sites, all because I mentioned that the missus was doing that on the side. So now the comment posting procedure has changed (not like I have anyone outside of family, friends and co-workers reading it anyway) 😉

  3. Greg May 22, 2006 at 6:58 PM

    glad to see the mods made in your commenting – i hated having to be “signed in” to comment. i understand the dilemna, but as a user, i appreciate being able to comment easily.

  4. Brendon May 22, 2006 at 7:24 PM

    I have one site in particular that gets a ton of comment spam (never figured how they get past the filters) – have just implemented a few more based on your strategies.

    I don’t want to turn off the comments because often they’re extremely valuable to readers.

    I just shake my head and think how much better off long term the spammers would be if they generated legitimate links for their business.

  5. IncrediBILL May 22, 2006 at 8:22 PM

    Can you say CAPTCHA? I knew you could…

    When I turned on the CAPTCHA the comment spam vaporized.

    I still get valid comments weeks later from people that didn’t know my blog existed so I’m not willing to cut them off from commenting at this time.

    However, I’m willing to make them type in 6 letters to complete a post!

  6. Brett May 22, 2006 at 8:51 PM

    I agree… CAPTCHA is the way to go. If you don’t already have the plug-in you can go to http://www.boriel.com/files/captcha.zip to download it.

  7. graywolf May 22, 2006 at 8:56 PM

    akismet has caught almost 10,000 spam comments for my blog

  8. Jim May 23, 2006 at 12:39 AM

    Thanks Guys….I’ve sent this thread to my blog designer….if we need more help, I’ll definately ask one of you….I highly appreciate the advice guys!

  9. Georgi May 23, 2006 at 1:08 AM

    “and how were they getting through when they weren’t registered??”

    I bet the bot had a registration. And that particular bot is smart enough to use sessions, or handle cookies or whatever your authentication relies on.

    It’s not the first such bot I encounter, though. I have some 30 registrations a day in one of my forums which allows posting from registered users only. And before I started requiring email authentication those registered bots just kept posting…

  10. IncrediBILL May 23, 2006 at 1:38 AM

    Many bots handle cookies and sessions, but random captchas (rotate several types) seem to throw them a curve ball. Yes, they can try the captcha blow-thru, but unless there’s a human at the helm answering captchas it typically thwarts them.

    Hell, captchas are how I stop scrapers, let along spammers, it works quite well.

  11. Jim May 23, 2006 at 2:09 AM

    Bill – if I hand you the keys, and you help me out? I’ll return a favor.

  12. IncrediBILL May 23, 2006 at 2:15 AM

    Jim, be careful handing me the keys, your bourbon will be the first to go. Email me and let me know what you have in mind and I’ll tell you what I’d recommend.

  13. bigcrags May 23, 2006 at 4:44 AM

    I’m relying on Akismet just now and though a few spams have got through, most have been caught. Just wish there was a plugin to get more real comments.

  14. Brian Turner May 23, 2006 at 6:02 AM

    Had a big problem with a chunk of domains all spamming my blog over the weekend, even after blocking 125 IPs – all the domains looked very similar so ran a few WHOIS checks and tracks them down to all being hosted at Moniker. Sent a complaint to the CEO, and the spam is now stopped:
    http://www.platinax.co.uk/blogs/brian/21-05-2006/moniker-vs-platinax/

    Spam it’s a problem I expect to have to deal with in my comments – it comes with the territory – but normal spammers seem to hit in small amounts, then move on – but a couple of times you get some moron who wants hundreds of links to their domains on every one of their pages. That’s when I do a WHOIS to see if I can stop it at the host.

  15. Lea May 23, 2006 at 7:22 AM

    I don’t like captchas specifically, as there is a huge accessibility problem there (do you have any blind readers? How would you know? 🙁 ), but I do like testing the user.
    Simple stuff like ‘whats {small number} + {small number}?’ or a half a dozen revolving questions like ‘Whats Jim’s first name?’ have worked for me in the past.
    The trick is to have an independant implementation, because most of the spammers don’t actually view your site, they only look at it through their software.
    I wish they would go away!

  16. Greg Hartnett » Blog Archive » Trackback Spam Attack May 23, 2006 at 11:24 AM

    […] Jim Boykin’s Spam Problems Scoble’s Trackback Spam – a bunch of people in the comments report of similar issues […]

  17. Todd May 23, 2006 at 11:52 AM

    I’d second Akismet…it’s been quite helpful, an probably got rid of 98% of my comment spam with no false positives in the few months I’ve had it installed.

  18. IncrediBILL May 23, 2006 at 2:06 PM

    Lea, what you’re describing is also a CAPTCHA, captcha’s can take on many forms but they are all intended to pose a problem that only a human can solve.

    One of my classicly BLONDE captcha’s is a form that just says:

    “Sometimes we have to make sure you’re a human and not an automatic crawler stealing our content, sorry for the interruption”

    With a big “CLICK HERE TO CONTINUE” button in the middle.

    The trick is, the form had no information in it that a bot could pick up, the CLICK TO CONTINUE executed Javascript to continue to the next page, which stopped most bots without any goofy graphics, nothing.

  19. Lea May 23, 2006 at 4:49 PM

    Fair enough 🙂 But if you say ‘captcha’ to most people, they will think of the word-in-an-image implementation 🙂
    (Psssttt…. Jim – draw lines on the booze bottles before you give Bill the keys! I’ve heard stories about him ;))

  20. Vincent May 24, 2006 at 6:26 AM

    Hi
    This is interesting and I’m glad this thread is started. I would like to know how I can turn off the ability to post in anything older than a month. Lately I have been hit hard by spam on older post, it’s a nuisance. It’s not ‘live humans’ doing this but ‘spam bots’ I can tell, I delete one link and another is back real soon and it goes though phases of these bots recognising patterns in human-user-behaviour.

    If any could enlighten me how to set this to stop comments on older psot, I would be grateful.

  21. Jim May 24, 2006 at 11:18 AM

    I actually did it by hand….opening up just about 250 posts, and unchecking 2 boxes “Allow for comments” and “Allow for trackbacks” – then saving. It took close to 2 hours….but at least I’ve only been blogging for 6 months..

    FYI, me blog designer is working on this issue via your imputs here. We should have a new “solution” soon….but I doubt that I’ll take the additional 2 hours to recheck them damn boxes again…dunno.

Comments closed

Sorry, the comment form is closed at this time.