Your Ad Here

Comment spam

3 Sep 2003

I’ve been getting a fair amount of comment spam recently. Some of it is outright spam with people using bots to post dozens of comments that look just like your typical email spam. Other comments contain only a short, generic message such as “very good” or “I like the site” but then have the spammer’s payload URL in the contact section of the post. I imagine that the point behind the later is to increase their incoming links to affect search engines like Google.

I’ve been deleting these as I come across them, but the volume has increased dramatically in the last few weeks. Instead of one every month or so, I’m getting comment spam almost every day now. In talking to Brad, he pointed out a scary scenario that would have bots crawling looking for sites to send spam trackback pings to.

I’m fed up and want your help in devising a solution that will curtail this. I’ve drawn upon features of BBSs, authentication systems, and forum software for ideas on how to stop this. Please add your feedback and additional ideas.

To prevent automated bots from flooding a site with comments, we could add posting limits to comment and trackback systems. The average person can’t submit more than one comment every few seconds, so comment systems could enforce a minimum time between comments. A single IP address could only post one comment every 30 seconds. If the commenter ignores the limit and keeps trying to post, it’s obviously a bot. So any IP address that tries to post 4 or more comments in 30 seconds is automatically banned for a short period of time. This would also work for TrackBack spam.

  • Allow flexible field names
    Comment systems could allow site owners to easily change field names for their comment forms. Since many of the automated bots are just crawling looking for certain form field names and submission addresses, this would be an easy way to thwart many of them.
  • Require an authentication token
    Each form submission would need to include an authentication token in a hidden field. The token would be the unique entry ID hashed with a secret key. When a comment comes in, take the entry id, hash it with the secret key, and only allow the comment if it matches. This would keep bots from submitting comments without using the actual comment form.
  • Make it easier to delete comments.
    When someone posts a comment, MT automatically sends me an email. That email should include a link to delete the comment and rebuild the entry. Then when a comment does slip through, it’s a simple matter to remove it.

What else could we do? And anyone want to jump in and implement some of this for popular systems?

Trackback from Wetware
November 7, 2003 9:08 AM

A New Way to Fight Blog Comment Spam

Excerpt: Spam in blog comments is quite different from email spam and can be fought in a much more direct manner.

Alfred Anderson
November 14, 2003 2:47 PM

You have excellent ideas represented in this BLOG. Many of them could be used by more than just blog but could migrate into email, web page comments, IM and other areas where spamming is frequent.

However, while select individual sites can be protected with such advance techniques, do we have an infrastructure that allows such protection to be available on a more global scale? Right now, I sense this is a grass-roots level for which support is needed (perhaps at the standards committee level). Is anyone lobbying the standards bodies for incorporation of such proven ideas? Will the best of these ideas be incorporated in commercial-ware? Unless these ideas reach the average consumer, they are falling far short of their potential.

So how can these ideas be marketed?

kaushal parikh
December 17, 2003 8:45 AM

The simple way to do it is to remove all url in comments.

No way to steal visitors = no reason to put comment spam on a page…

An other way to fight back: Build a link farm where you put a link to all the comment spammer’s websites. They will be soon penalysed by google and nobody will find them ;).

I like distributed/collaborative approaches to fight spam.

For weblog with few comment volume, pre approval of comments may be the answer. If you know that your comment will first be read by a moderator/blog owner, and that you know that it will never be approved why would you want to put a comment spam ? Pre approval via email turn a Comment Spam into a regular spam with smaller audience and regular email spam tool already available could be used…

kaushal parikh http://www.kaushalparikh.com

Trackback from WWWorker - Sascha Carlin
November 15, 2004 10:12 AM

Secret Tags - An alternative to Captchas?

Excerpt: [11/14/2004] Update: [Adam Kalsey has a piece][adam] from Sep 2003 that includes more or less what I call Secret Tags. Since it's from Sep 2003, the credit goes to him, even I discovered his piece just today. Adam, too, says...

Mark
January 9, 2006 6:14 PM

I agree very much with your point about spamming on comments. Why don’t you just make sure that the topic is really addressed honestly? If it is addressed legitimately, then you should allow the link. If it’s just a short and meaningless comment, then I would delete it. People should be rewarded for their honest interests in specific topics.

These are the last 15 comments. Read all 34 comments here.

This discussion has been closed.

Lijit Search

Best Of

  • Embrace the medium The Web is different than print, television, or any other medium. To be successful, designers must embrace those differences.
  • Let it go Netscape 4 is six years old.
  • Best of Newly Digital There have been dozens of Newly Digital entries from all over the world. Here are some of the best.
  • Movie marketing on a budget Mark Cuban's looking for more cost effective ways to market movies.
  • Comment Spam Manifesto Spammers are hereby put on notice. Your comments are not welcome. If the purpose behind your comment is to advertise yourself, your Web site, or a product that you are affiliated with, that comment is spam and will not be tolerated. We will hit you where it hurts by attacking your source of income.
  • More of the best »

Recently Read

Get More

Subscribe | Archives

Recently

Sprout Test (May 7)
A test post for Sprout widgets.
Product Leadership (May 3)
An anthology of product leadership writing.
Fighting Monster patent claims (Apr 16)
The patent bully picked on the wrong little guy.
Peavy's pine tar (Apr 6)
Jake Peavy's cheating
Bush and Morgan on inner city baseball (Mar 30)
Morgan and Bush discuss the role of baseball in the inner cities.
Not a fork (Mar 27)
We have no intention of forking Drupal. That would be nuts. So what are we doing then?
Eating our dogfood in the sausage factory (Mar 26)
Recursive development for the new Drupal powered community platform.

Subscribe to this site's feed.

Elsewhere

Feed Crier
Get alerted by IM when your favorite web sites and feeds are updated.
SacStarts
The Sacramento technology startup community.
Pinewood Freak
Pinewood Derby tips and tricks
Del.icio.us
My tagstream at del.icio.us.
Waddlespot
My son's Club Penguin community. News, blogs, tips, and tricks.

Contact

Adam Kalsey

Mobile: 916.600.2497

Email: adam AT kalsey.com

AIM or Skype: akalsey

Resume

PGP Key

©1999-2008 Adam Kalsey.
Content management by Movable Type.