How to deal with comment spam.. Part 1

Spam 70th anniversary by dok1 on flickrIf you blog, you know all about Comment Spam.  It’s those lovely little comments whose sole purpose is to link back to and/or promote some totally unrelated product or website.  Honestly, I’m not sure what value the spammers even get out of it, but that doesn’t stop them from doing it.  And it’s a pain to deal with.

In my other life where I do web design, I’ve helped my blogger friends figure out how to best manage the deluge, and I figured the rest of you might like some of these insights too.  It’s tailored mostly to WordPress blogs/websites, but some of the tips are universal.  As I started writing it, I realized it was getting pretty long, so here’s Part 1… Part 2 will be coming later in the week!

Photo credit: Spam by dok1

We HATE Spam, but love our readers.

As a blogger, you want to make commenting on your posts as easy as possible for your ‘real’ readers.  But as hard as possible for spammers, and it’s a delicate balance.  On one end of the spectrum is registration only sites–sites where you have to sign up, and in some cases even be verified, prior to posting a comment.  Much less likely to get spammers, but you are likely losing out on valuable real people too.  I know I won’t generally go to the effort to comment on a site I have to sign up for.

On the other side of the coin, with no protections at all, it’s easy for your commenters to post, but spammers (both automated bots and humans) will have a field day.  I was working on a new website for a client once (it wasn’t live yet, but it was accessible on the web), and I hadn’t gotten around to installing any spam protection yet on the blog.  Overnight there were hundreds of automated comments on it, as some spam bot had somehow stumbled across it, and went to town.  I deleted them, no harm done, but if that had been a live active site, what a pain it would have been!

Those evil spam-bots

So, minimally you need protection from bots.  Many sites use some form of a Captcha (what is a captcha?), where the commenter must type in a phrase or something to prove they are a human.  Captcha isn’t perfect, and it can be a little bit of a pain to real users, but it’s pretty standard.  There are other methods too… for my WordPress based sites, like this one, I use a plugin called WP-CaptchaFree, which uses some technology tricks to attempt to identify spam bots and stop them.  I’ve been very happy with it.  There’s also Akismet, which tries to guess which comments are spam, and blocks spammers and is provided with WordPress, but I’ve never used it.

Those evil human comment spammers

Must harder to keep out are actual humans who have chosen to be paid to be spammers-usually from other (3rd world) countries where labor is cheap.  Conveniently, being humans they leave manageable amounts of spam, so cleanup is less of a pain that a bot attack.  But since they are human, they can get around captchas and other things that detect bots. They are quite easy for YOU to detect as spammers because their comment makes no sense or has nothing to do with the post!

So what to do about them? Read on…

Comment Moderation

This is particularly for WordPress blogs, but other blog platforms likely have similar settings.

Moderate Everything: Turning on comment moderation on your blog (in WP this is under the Discussion settings) means that every time someone posts a comment it has to be approved before it can be viewed.  While this will ensure you catch spam before it appears on your blog, it also means more work for you.  And you still have to deal with the spam, it just keeps your readers from seeing it.  Plus you have to approve all your good readers comments as well.  I find this more trouble than it’s worth.

Moderate Some Things: There’s a setting (“Before a Comment Appears” in WordPress) that you only send new commenters (ones which have not had a comment approved before) automatically to moderation.  Depending on how many new commenters you have–If most of your commenters are repeat commenters, this might be a helpful alternative.  But if you get lots of legit new commenters, then this may be more trouble that it’s worth to you.

Moderate Likely Spam only: The Comment Moderation section of your Discussion Settings will let you set which items to send to moderation.  For example, items with more than x number of links (I set mine to 2 or more) are automatically sent to moderation.  Also, you can also pick words that show up typically in spam and not typically in your comments.  You can see I few I have set below.  I just added ‘loan’ to the list, because where I can see that a comment could legitimately contain that word, 80% of my spam comments seem to have it these days!

How to set discussion settings in wordpress Comment Moderation

Comment Blacklist

Once you have a spammer post on your site, you can block their IP so they can’t do so again.  You don’t have to deal with it at all, once they are on the blacklist.  This is helpful because they often come back again and again, once they find your site.  In WordPress, this is also done in the Discussion Settings.

Get the IP of your spammer:  In the Comments section of your WP Dashboard, you can see all the details on your spammer. You’ll note in the example below, our scum has left two comments, under 2 different names, but the IP address is the same.  They left the second one a day after the first.  We don’t want to deal with this IP again, so copy it (it’s highlighted in yellow below).

Find the IP of your spammer in the comments section

You’ll need to add this IP to the Comment Blacklist section:

How to add IP to comment blacklist section in WordPress

Just add the IP to the list, and their comments will never appear, they’ll just go automatically to your Spam folder.  The only downside to this method is that you still may receive email notifications of the comment, even though it never appears on the site.

Coming in part 2…

  • Those evil (more educated) comment spammers who look almost real
  • De-linking a dubious comment
  • Blocking IPs using .htaccess, instead of WordPress settings
  • Stopping Trackback Spam

So stay tuned!

(Don’t want to miss anything? Get the RSS Feed)