Solid Structure, Appropriate Markup
Fri
3
OCT
2003
Friday Feast #61: Unwanted Comments
I was absolutely horrified when I read Phil Ringnalda’s comment spam alert story last year in which a Las Vegas real estate agent used a script to try to autogenerate comments to every single one of Phil’s entries, including links to the spammer’s real estate site. While most of us won’t get bombed like that we still have our hands full with unwanted comment spammers. Today’s Friday Feast provides some tips about what I do to help combat comment spam along with links to more helpful tips, plugins, scripts, and information.
One of the many reasons I switched to Movable Type was its comments capability. Comment spammers are increasingly trying to exploit this feature at weblogs, however, and I’m not alone in wanting to prevent spammers while keeping the feature easy to use for legitimate comments. Some site owners stave off comment spam by closing off older comments, using blacklists, using filters, just deleting them when they occur, or a combination of these. Below are some good possibilities along with my comments and thoughts about what I’ve implemented so far.
Block Zipcode URLs
As a result of Phil Ringnalda’s comment spamming by that real estate agent, Phil added a snippet of code to the MT Comments script to prevent zipcode URLs from adding comments to his site. He shared the code at his post, URLs Including Zipcode are Prohibited.
Filter Comments
Jay Allen has generously provided a new Movable Type template module to help prevent or at least slow down unwanted comments. Jay’s Killing Comment Spam Dead provides all the instructions for implementing it in your own site.
In a nutshell this new Movable Type template module will prevent unwanted comments from being posted in the first place based on filters. Like email filters, spammers will undoubtedly try to figure out ways around the filters, but it’s certainly a helpful approach. Jay has written instructions for novices and experts.
Besides being effective, Jay’s approach doesn’t involve hacking Movable Type source code, and it’s easy to implement.
I’ve implemented Jay’s template module at my site. I won’t publish my filters here for the spammers to see and work around, but I’ll email them to fellow webloggers upon request. Leave a comment here with a link to your weblog.
For MySQL and PHP Users
For those using MT 2.6 and above with MySQL and PHP, geeksblog.com has provided a close comments script to automatically close comments after a specified number of hours of days.
[hat tip: Ten Reasons Why]
Blacklisting
Last month Simon Willison wrote about Blacklisting Comment Spam, sharing his blacklist. See the section Preventing Comments Spam from my Friday Feast #58 last month for more on this and links to more on blacklisting comment spam.
Screen Your Comments
For those who don’t mind screening all comments before they’re posted, there are some scripts available:
- Comment Queue Script/MT Hack
This script by scriptygoddess requires the MySQL version of MT and PHP availability on your server. - Perl version of the Comment Queue hack by David Raynes. David created the scriptygoddess script as a Perl script for everyone not using the MySQL version of MT.
Prevention
Even without the use of the above plugins or template modules the volume of spam in our comments can be reduced by deleting them as soon as possible, not just because we delete them but because deleting them quickly means no benefit to spammers for search engines or visitors to their absurd websites.
I get email notification of all comments and trackbacks, and my email filters let me know immediately when spam has been posted. I delete those comments from my site right away. MailWasher Pro catches the spam for me but I’ve set it to show me the spam first rather than automatically deleting it. That way I can allow my comment spam notices to download to my email program, as I want to keep those.
Adam Kalsey provides some smart advice and insight in his post Spam begets spam. He also recommends deleting spam posts right away, and he found a pattern of Google referrers searching for links to the same spam sites, apparently trying to find sites with their links to add even more to them. Removing spam comments right away eliminates search engines from spidering those links and improving the spammers' search engine results.
Deleting Comments Quickly
Jakob Lange Skjerning has provided some helpful instructions in his post, Movable Type: Easier edit/removal of new comments. This approach adds some code to your MT Comments configuration.
I implemented this at my site a few weeks ago, and I love its convenience. Now that I’ve implemented Jay’s filters comment spam isn’t showing up at my site, but I still need to update the page to reflect the correct number of comments.
Speaking of Spammers...
Email spammers have generated incredible volumes of wasteful and unwanted email. As we’ve all seen, many spammers even hijack and forge other people’s email addresses, domain names, and IP addresses in an effort to get past people’s spam filters. Telemarketers won’t leave us alone in the privacy of our own homes even when we have unlisted phone numbers and have never agreed to allow their calls. Now comment spammers try to take advantage of our comment forms at our websites for their own gain despite site policies that don’t allow solicitors, certain words, and any advertising.
From their actions I have the strong impression that these people only care about money and that they don’t care about or even consider the negative impact of their actions on others, which segues to the final topic, punitive damages for spammers.
Going After Spammers
If you haven’t yet read the September 29th Wired News story about Andy Markley, you really need to do so: Spam: This Time It’s Personal. It’s gotten to be commonplace for spammers to forge email addresses and domain names to send out their spam. As a result of someone doing just that—forging email addresses and domain names—stealing Andy Markley’s email addresses and domain names damaged his income, his business, and his reputation. As Andy learned, his spammer was one of the worst spammers around, Eddy Marin. Unfortunately he’s not the only one who’s been so seriously impacted. So far all that’s happened to Eddy Marin is that his ISP canceled his subscription, and that only happened after Andy spent countless hours researching and tracking to find out who had done this.
It’s fairly common for a spammer’s ISP to cancel the spammers' account(s) once known. Little to nothing prevents these spammers from getting another ISP and continuing to spam people, though. It’s no wonder spam has become such a rampant problem.
Laws against forgery and stealing someone’s identity need to include forging and stealing others' identities via email addresses and domains, and these people need to be criminally prosecuted. It’s one thing to send unsolicited commercial advertising email, but it’s criminal behavior to steal online identities by forging email addresses, domains, and IPs.
California passed an anti-spam law to take effect January 1st (see California Passes Spam Ban). Even if the law stays on the books, though, it may do little or nothing to impact the spammers who steal identities to send their spam.
So what’s it going to take to stop these people who seem to stop at nothing themselves? Check out the following:
- Antispam 'blacklist' providers hit by online attacks, by Story by Todd R. Weiss for Computerworld.
- Marketers Warned Of Getting Caught In Fight Against Spam, by Antone Gonsalves, TechWeb News.
- Spam Attacks Claim Two More Victims, by Kevin Murphy for CBR Magazine.
[hat tip: Dougal Campbell, The War on Spam]
Related
See also Friday Feast #58: RSS Validator Update, Check Your Sites, Comments Spam, where you’ll find more recent information and resources.
More
05:49 pm, pdt
3 October, 2003 Comments, Trackbacks (19) ·
Categories: Friday Feast, Internet, Movable Type, Weblogs
Comments
Comments, Trackbacks: 19 so far. Add yours!
...to Shirley Kaiser's work because this is simply some of the best content in the world of weblogging for those...
05 Oct, 2003
Trackback from Rodent Regatta stopping comment spam
05 Oct, 2003
Trackback from Snapping Links II (The Revenge) My site is (as posted) www.kartooner.com. I got hit pretty hard yesterday with comment spamming and was interested in implementing Jay’s template module.
Thanks!
05:53 pm, pdt
5 October, 2003Comment by ErikErik, I’m so sorry to hear you got hit hard yesterday. I’m finding Jay’s approach quite effective.
I’ve only been using Jay’s filter approach since Thursday but it’s already prevented several major spam posts from showing up at my site. I still get the email notifications that includes exactly what these creeps tried to post along with their IPs.
So it’s quite effective at the moment. :-)
As I mentioned in my post, I suspect these creeps will figure out ways around the filters just like they try with email filters; however, it’s no big deal to add new filter information.
<rant>
Honest SEO people and web designers and developers would never try to spam weblog comments to fool Google or other search engines.I want these creeps to be criminally prosecuted for ripping off people, stealing domain names, email addresses, and IPs, and conducting business in misleading and dishonest ways. They need to be held accountable. I’m keeping the email notifications that I get from these creeps' absurd comments to turn them in to the appropriate agencies. They all use forged email addresses.
We could all do this and make it clear to the appropriate agencies that we’re dealing with serious and rampant problems that continue to grow and worsen. We have to keep bugging them until they go after and prosecute these people just like other crimes. An ISP voluntarily canceling the spammer’s account doesn’t stop what’s going on, although I appreciate the fact that they do that.
</rant>Well, enough of my rant. ;-)
07:11 pm, pdt
5 October, 2003Comment by Shirley KaiserFirst, and foremost Radiohead was one of the best concerts I've ever been to. They are simply amazing, and the outdoor amphitheatre made it alot of fun as well. Thom Yorke's performance was moving, funny, exciting, and hypnotic all at...
05 Oct, 2003
Trackback from //gtmcknight Would it work to require a commentor to enter a simple validation "code word" which is displayed as a gif or jpeg? I think I remember Paypal or some other service displaying a word as a partially blurry image, then requiring you to enter that word in a text box, which proved that you’re a human and not a spambot, since the bot can’t interpret the image as text.
11:57 am, pdt
6 October, 2003Comment by Christopher JChristopher,
That approach is used at some commercial sites, as you may have also seen; however, it’s problematic with accessibility, such as the blind, voice recognition software, or alternative devices that don’t display images.
So I’d rather not take that approach myself.
Your idea has been brought up at a few weblogs to help combat comment spam. If it didn’t have any accessibility issues I think people would be more inclined to that approach to prevent the comment spam bombing that Phil Ringnalda experienced, too, for example.
Thanks for your comment, Christopher. I think it’s good to discuss various possibilities.
02:41 pm, pdt
6 October, 2003Comment by Shirley KaiserWhat timing, I’ve just started getting hit about daily. If you’d share your filters, I’d really appreciate it!
08:37 am, pdt
7 October, 2003Comment by Miriamhttp://brainstormsandraves.com/ archives/2003/10/03/feast_61_unwanted_comments/ If you have a hate-on for comment spam you probably already have seen this, but Shirley Kaiser at brainstormsandraves.com has written a great post containing much of the co...
07 Oct, 2003
Trackback from EdTechPost Die spammers, die.
07 Oct, 2003
Trackback from Between Coffees It's a hot topic in the blogosphere lately. As well it should be, since so many of us are hit by it. I've been getting a few a week, which I suppose I should be grateful. There are some who...
08 Oct, 2003
Trackback from A View From Home I give up. The rate of blog comment spam to this site is bothersome, now with 10 banned IPs (which likely does very little), and going in to remove the comments manually is getting very old. The latest, unrelated, un-meaningful,...
08 Oct, 2003
Trackback from cogdogblog Unwanted Comments: Comment spam is becoming a bigger and bigger problem. Shirley has a good roundup of resources to help you fight it. "Some site owners stave off comment spam by closing off older comments, using blacklists, using filters, just...
08 Oct, 2003
Trackback from Gadgetopia As a designer, you may have heard a potential or existing client tell you that they'd like a new site design exactly like the XYZ site (fake name) and may suggest that you copy it. I've even had several potential clients ask me if I'd build their site...
10 Oct, 2003
Trackback from Brainstorms and Raves Around 5 years ago I found a great niche of combining my passion for music and graphics in a way to help others -- I began offering a line of linkware music graphics, eventually getting its own domain name as it grew. The benefits have been beyond my w...
10 Oct, 2003
Trackback from Brainstorms and Raves Can you share your blacklist with me? I am using Kellan’s MT-Spambad hack - Kellan’s MT-Spambad hack.
Thanks,
03:25 pm, pdt
10 October, 2003Comment by Geodoghier ein guter Überblick zu unterschiedlichen Ansätzen, was man gegen Kommentarspam tun kann (alelrdings nur für MT Nutzer) >>>...
13 Oct, 2003
Trackback from MEX Blog all the anti-spam resources I've gathered so far.
27 Oct, 2003
Trackback from Snapping Links II (The Revenge) I second this review of the MT-Blacklist plugin. It is very, very useful.
I have one quick suggestion, after you download the plugin, and have it working, you may want to change the name of the *.cgi file to something unpredictable.
Cheers,
Shanx09:42 pm, pst
14 November, 2003Comment by Shanx
This discussion has been closed. Thanks to all who participated.
