Dealing with Comment Spam, Part 2

Spam 70th anniversary by dok1 on flickrHere is part 2 on dealing with Comment Spam… the bane of a blogger’s existence.  In part 1 we talked about Comment Moderation and Blacklisting, so, to continue…

(If you missed it: How to deal with Comment Spam, Part 1)

Those evil (more educated) comment spammers who look almost real

Lately I’ve been noticing a trend of spammers who look like they have actually read your post, and respond with a somewhat intelligent comment, not full of spam links.  These can be almost more annoying, because they can slip by automated checks, and because they require more work.  Plus, sometimes you’re not even sure if they are really a spammer.  These will be notable by either a really odd name (like “Boys Birthday Cards” or “Best Home Loans”) which link back to their spam site, or they’ll have a normal name (like “Sue Smith” or “Jessica”) but their name links to something like myspammyloansite.com.

Photo credit: Spam by dok1

So what to do about them?  You can just delete them like normal spam.  But what if they’ve asked a relevant question that other people might want to know the answer to?  Or if other commenters have already responded to their comment?  Then I hate to just delete them.  So…

Well, if you have your comments links set to nofollow (more on that below) you could just leave them.  They aren’t getting any page rank juice out of the link anyway.  But (particularly if the name is suspect) I don’t like to look like I didn’t notice the spam, and I don’t want my readers to click on their name and give them any traffic.  Also, what if a real commenter has just a suspect website name, I’d hate to delete them.

If you’re using WordPress, you can delink them, and even change the name.

De-linking a dubious comment

In WordPress, click on the Comments section in your Dashboard Sidebar.  When you hover over the comment, you’ll see the Quick Edit option.

Click that, and the comment will open for editing.  Delete any suspect links in the URL field, and the comment remains, but is no longer linked to the spam site.  If you want, you can also change a suspect name (like “Cheap Home Loans”) to something like “possible spam, link removed”, but that may be going overboard.  I usually just delete those comments instead.

Delinking a Spammer in WordPress

A little about the nofollow attribute

In the comments for Part 1, we talked about what value spammers get out of leaving Comment Spam, and a commenter brought up that they are trying to get search engine page rank juice out of the comment.  Search engines crawling your site will follow the link and help the spammer move up in search engine rankings.

However, most blogs these days (WordPress and Blogger, at least) automatically add the nofollow attribute to any outgoing links in the comments.  The nofollow attribute tells the search engines not to follow or score the link.  More here: http://en.wikipedia.org/wiki/Nofollow. It was created primarily for the purpose of addressing the comment spam issue.

According to the wiki article, Google, Yahoo, and Bing all pay attention to this.  So leaving comment spam SHOULD NOT help the spammer’s pagerank.

So in theory, having the nofollow attribute enabled should cut down on Comment Spam, if the spammer is paying attention to that.  Unfortunately, spam is cheap, so spammers just hit as many sites as they can, without worrying about whether it’s helping them or not.

The problem with nofollow is that your real commenters don’t get any link juice either, so some sites disable this feature by using dofollow instead. There are pros and cons, and I haven’t really done the research to address it here.  If you’re interested, google is your friend.

But, the basic point is that unless you’ve bypassed nofollow, the spammer is basically not getting any value for his or her links.

Blocking IPs using .htaccess, instead of WordPress settings

The Blacklist feature we discussed in part 1 will stop known bad actors comments appear on your site.  The comments just go straight to Spam.  But that can still be a little annoying, if you have your comments emailed to you.  They still exist, so you’ll still be notified via email.  So once you have a nice little list of IPs in your Blacklist, you can block them from your site, period!

You can do this if you host your own blog and have access to the file structure (like most self-hosted WordPress blogs), and have an .htaccess file (I think if you’re running WP on Unix, you have one – it’s where your ‘Pretty Permalinks’ settings are).

Use your FTP program to locate your .htaccess file, in your main directory (may be www).  Save that file down (save an extra copy of the original- just in case you break something – if you have problems after trying this, just copy the original file back up).

Pull it up in a text editor and add something like the following:

order allow,deny
deny from 91.201.66.6
deny from 110.82.142.143
deny from 122.182.10.212
deny from 120.28.179.165
deny from 203.76.116.66
allow from all

Where each ‘deny from’ line is the IP address of your already identified spammer.

Copy your file back up to the server, and enjoy!

Stopping Trackback Spam

Trackbacks are a great way to see who’s linking to a particular post, and are very useful, but spammers have figured out that Trackbacks are useful to them too, and will create links to your blog just to add a trackback (along with lots of lovely spam links).  Some people turn off trackbacks because of this, and that’s a shame, because they are quite easy to stop, at least on WordPress, with a plugin.  I’m sure there are several out there, but I’ve been using Simple Trackback Validation for a while, and it seems to stop them 99% of the time.  (Simple Trackback Validation Plugin official site)

The settings I recommend:

(Click on the image to the right to see configuration screen with the settings I use for Foodwhirl.com)

How to deal with spam trackbacks: [x] Discard Trackback

(I never want to see the spam or deal with it.)

[x] Validate IP Address (yes)

[x] Validate URL (yes)

Strictness:

[x] Any link beginning with the following URL is allowed

(enter your site’s main URL)

[] Moderate in case of errors (no)

[x] Enable Log (yes)

(Since you’re sending all trackbacks that the plugin finds straight to the trash, it’s nice to have them logged.)

Conclusion

Hopefully these tips will help you manage your comment spam, so it’s less of a headache!  If you have tips or other recommended plug ins, leave them in the comments!

-dot