Archives

Categories

comment spam

The war on comment-spam has now begun. It appears that Blogger might have some anti-spam measures of which I was unaware. Otherwise it’s a strange coincidence that I get a huge number of comment spams for extremely hard-core porn from the Ukraine so soon after starting a WordPress blog.

About 24 hours before the spam attack there was a strange blog comment that linked to google (with no offensive or spammy content). It appears that leaving it online was my mistake, when I left that online for a day the spammer decided that I might also leave porn spam online. I arrived home this evening to find almost 100 spams in the form of comments and track-backs, and more arriving by the minute. So I used iptables to block a /20 related to the spam and things are quiet now.

The moral of the story is to delete anything unusual ASAP in case it encourages the idiots.

I’ve also tightened the anti-spam measures on my blog too.

Update:

From now on any short comment that does not add significant meaning will not be accepted on my blog. To the person who submitted many dozens of comments with variants of “nice site” with the idea that the URL listed for the comment author will be visited by readers of my site – nice try. If you genuinely want to send me a message saying “nice blog” then email will work.

In the future I may remove the display of URLs for the comment authors entirely.

Several comments suggested using Akismet to block comment spam. Akismet is free for non-commercial use and charges for commercial use (a suggested threshold being $500 per month in blog revenue).

For the moment I am going to moderate all comments, the number of genuine comments is quite small and this is no great effort for me. I check the moderation list at least twice a day so there shouldn’t be an excessive delay either.

7 comments to comment spam

  • At the very least you need to use Akismet, I’d also strongly suggest using Rich Boakes very useful Most Wanted plugin which processes the Akismet matches and lets you automatically add “Deny from” lines to your .htaccess file blocking those IP’s in future.

    I find them both to be very useful, though occasionally I need to add in Deny lines by hand for harvesters that think they can grab everything from my blog at once. :-(

    You may also want to look at helping out the anti-spam folks at Project Honeypot who are working on various ways to track down address harvesters and spammers.

  • Just using the Akismet plugin should be enough for dealing with most comment spam.

    What’s with the ‘index.php’ up there?

  • Shannon

    But Russ I thought you liked Ukrainian porn… ;P

  • etbe

    Not since your “holiday” in the Ukraine Shannon… ;)

  • Here’s how you fix it:

    1. Set WordPress to require you to moderate comments. Even though it’s “too late”, better late than never.

    2. Install SpamKarma2. I get ZERO comment spam that gets through on my blog and legitimate comments post immediately without requiring me to moderate. There was one comment it wasn’t sure about (turned out to be a false positive, so I allowed it), but that was months ago.

    3. Sit back and let WordPress handle the rest for you. :)

  • The worst form of spam protection from my point of view, is the kind that
    requires the user to type characters that appear in an image. (This is
    obviously a problem if the user can’t see, and supplying an appropriate ALT
    attribute defeats the purpose of the measure).

    Blogs on sun.com ask questions in elementary arithmetic instead, which anyone
    who completed primary school should be able to answer. How long will it be
    before spammers write scripts that can parse and respond to those questions,
    however?

    In _Ending Spam_, Jonathan A. Zdziarski mounts an impressive argument that
    statistical filtering will turn out to be the single most effective anti-spam
    measure (though he certainly does not discount the value of other approaches).

  • etbe

    Apart from the use by visually impaired users CAPTCHAs are quite good.

    One thing I have been considering is devising a set of questions that involve general knowledge and knowledge of history. Range from “which agency trained Osama bin Laden” to “name the capital city of X”. Nothing that can’t be answered with a quick google search or that couldn’t be answered from memory by someone with a good general knowledge.

    Such questions about the history of the middle-east might reduce the number of comments from neo-cons too… ;)