How to deal with comment spam.. Part 1

[11 Jul 2010 | By | 5 Comment(s) | 3,476 views ]

Spam 70th anniversary by dok1 on flickrIf you blog, you know all about Comment Spam.  It’s those lovely little comments whose sole purpose is to link back to and/or promote some totally unrelated product or website.  Honestly, I’m not sure what value the spammers even get out of it, but that doesn’t stop them from doing it.  And it’s a pain to deal with.

In my other life where I do web design, I’ve helped my blogger friends figure out how to best manage the deluge, and I figured the rest of you might like some of these insights too.  It’s tailored mostly to WordPress blogs/websites, but some of the tips are universal.  As I started writing it, I realized it was getting pretty long, so here’s Part 1… Part 2 will be coming later in the week!

Photo credit: Spam by dok1

We HATE Spam, but love our readers.

As a blogger, you want to make commenting on your posts as easy as possible for your ‘real’ readers.  But as hard as possible for spammers, and it’s a delicate balance.  On one end of the spectrum is registration only sites–sites where you have to sign up, and in some cases even be verified, prior to posting a comment.  Much less likely to get spammers, but you are likely losing out on valuable real people too.  I know I won’t generally go to the effort to comment on a site I have to sign up for.

On the other side of the coin, with no protections at all, it’s easy for your commenters to post, but spammers (both automated bots and humans) will have a field day.  I was working on a new website for a client once (it wasn’t live yet, but it was accessible on the web), and I hadn’t gotten around to installing any spam protection yet on the blog.  Overnight there were hundreds of automated comments on it, as some spam bot had somehow stumbled across it, and went to town.  I deleted them, no harm done, but if that had been a live active site, what a pain it would have been!

Those evil spam-bots

So, minimally you need protection from bots.  Many sites use some form of a Captcha (what is a captcha?), where the commenter must type in a phrase or something to prove they are a human.  Captcha isn’t perfect, and it can be a little bit of a pain to real users, but it’s pretty standard.  There are other methods too… for my WordPress based sites, like this one, I use a plugin called WP-CaptchaFree, which uses some technology tricks to attempt to identify spam bots and stop them.  I’ve been very happy with it.  There’s also Akismet, which tries to guess which comments are spam, and blocks spammers and is provided with WordPress, but I’ve never used it.

Those evil human comment spammers

Must harder to keep out are actual humans who have chosen to be paid to be spammers-usually from other (3rd world) countries where labor is cheap.  Conveniently, being humans they leave manageable amounts of spam, so cleanup is less of a pain that a bot attack.  But since they are human, they can get around captchas and other things that detect bots. They are quite easy for YOU to detect as spammers because their comment makes no sense or has nothing to do with the post!

So what to do about them? Read on…

Comment Moderation

This is particularly for WordPress blogs, but other blog platforms likely have similar settings.

Moderate Everything: Turning on comment moderation on your blog (in WP this is under the Discussion settings) means that every time someone posts a comment it has to be approved before it can be viewed.  While this will ensure you catch spam before it appears on your blog, it also means more work for you.  And you still have to deal with the spam, it just keeps your readers from seeing it.  Plus you have to approve all your good readers comments as well.  I find this more trouble than it’s worth.

Moderate Some Things: There’s a setting (“Before a Comment Appears” in WordPress) that you only send new commenters (ones which have not had a comment approved before) automatically to moderation.  Depending on how many new commenters you have–If most of your commenters are repeat commenters, this might be a helpful alternative.  But if you get lots of legit new commenters, then this may be more trouble that it’s worth to you.

Moderate Likely Spam only: The Comment Moderation section of your Discussion Settings will let you set which items to send to moderation.  For example, items with more than x number of links (I set mine to 2 or more) are automatically sent to moderation.  Also, you can also pick words that show up typically in spam and not typically in your comments.  You can see I few I have set below.  I just added ‘loan’ to the list, because where I can see that a comment could legitimately contain that word, 80% of my spam comments seem to have it these days!

How to set discussion settings in wordpress Comment Moderation

Comment Blacklist

Once you have a spammer post on your site, you can block their IP so they can’t do so again.  You don’t have to deal with it at all, once they are on the blacklist.  This is helpful because they often come back again and again, once they find your site.  In WordPress, this is also done in the Discussion Settings.

Get the IP of your spammer:  In the Comments section of your WP Dashboard, you can see all the details on your spammer. You’ll note in the example below, our scum has left two comments, under 2 different names, but the IP address is the same.  They left the second one a day after the first.  We don’t want to deal with this IP again, so copy it (it’s highlighted in yellow below).

Find the IP of your spammer in the comments section

You’ll need to add this IP to the Comment Blacklist section:

How to add IP to comment blacklist section in WordPress

Just add the IP to the list, and their comments will never appear, they’ll just go automatically to your Spam folder.  The only downside to this method is that you still may receive email notifications of the comment, even though it never appears on the site.

Coming in part 2…

  • Those evil (more educated) comment spammers who look almost real
  • De-linking a dubious comment
  • Blocking IPs using .htaccess, instead of WordPress settings
  • Stopping Trackback Spam

So stay tuned!

(Don’t want to miss anything? Get the RSS Feed)


How to deal with comment spam.. Part 1
This entry was posted in website design and tagged , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL. 3,476 views

5 Comment(s) »

  • FW- Dot Dorsner [] (elsewhere) discussed this :

    For my fellow bloggers out there: How to deal with comment spam.. Part 1 http://ow.ly/29SJt

  • Tammy [] :

    Thanks for the post. WordPress definitely has a hand up on Blogger’s comment spam tools – I can’t specify to moderate comments with links & I often have to delete those when they pop up. Not hard to do, but a little annoying.

  • Cobwebs [] :

    I can explain what value the spammers are getting out of it: They’re increasing their pagerank. The more places that link to a given site, the more popular search engines like Google assume that site is, and the higher the site will be in a list of search results.

    So if you can spam thousands of blogs with a link back to your site, the search engines simply read that as “thousands of sites are linking there” and will increase its pagerank accordingly. The goal is to get the site up in the first page or two of search results, where it’s more likely to be clicked on.

    Incidentally, even though it’s not being maintained by the author any more, I love Spam Karma 2 for WordPress. It’s really very good at recognizing spam comments, and you don’t have to authenticate against the WordPress site the way you do with Akismet.

  • Dot [] (author) :

    Yeah, I am actually aware of why they do it, Cobwebs (that was a bit of hyperbole), but most blogs these days automatically add ‘nofollow’ to any links in the comments. I know mine does, I would assume that’s pretty standard–I didn’t do anything to add it to mine.

    What the nofollow does is tell search engines not to follow (or score) the links in the comments. More here: http://en.wikipedia.org/wiki/Nofollow. It was created primarily for the purpose of addressing the comment spam issue.

    According to the wiki article, Google, yahoo, and bing all pay attention to this.

    So leaving comment spam SHOULD NOT help the spammer’s pagerank.

    So I’m back to what the heck are they getting out of it! :)

  • Dot [] (author) :

    And, out of curiosity, I just looked it up, and nofollow is standard on both wordpress and blogger blogs.