This is the blog of Adam Kalsey. Unusual depth and complexity. Rich, full body with a hint of nutty earthiness.
Freshness Warning
This blog post is over 20 years old. It's possible that the information you read below isn't current and the links no longer work.
3 Sep 2003
I’ve been getting a fair amount of comment spam recently. Some of it is outright spam with people using bots to post dozens of comments that look just like your typical email spam. Other comments contain only a short, generic message such as “very good” or “I like the site” but then have the spammer’s payload URL in the contact section of the post. I imagine that the point behind the later is to increase their incoming links to affect search engines like Google.
I’ve been deleting these as I come across them, but the volume has increased dramatically in the last few weeks. Instead of one every month or so, I’m getting comment spam almost every day now. In talking to Brad, he pointed out a scary scenario that would have bots crawling looking for sites to send spam trackback pings to.
I’m fed up and want your help in devising a solution that will curtail this. I’ve drawn upon features of BBSs, authentication systems, and forum software for ideas on how to stop this. Please add your feedback and additional ideas.
To prevent automated bots from flooding a site with comments, we could add posting limits to comment and trackback systems. The average person can’t submit more than one comment every few seconds, so comment systems could enforce a minimum time between comments. A single IP address could only post one comment every 30 seconds. If the commenter ignores the limit and keeps trying to post, it’s obviously a bot. So any IP address that tries to post 4 or more comments in 30 seconds is automatically banned for a short period of time. This would also work for TrackBack spam.
What else could we do? And anyone want to jump in and implement some of this for popular systems?
Excerpt: In the past month or so, the blog has become the target of polite comments that seem to have not
Excerpt: I now have a working captcha thanks to James Seng. I really don't care how much of a pain it is on the accessibility front, the spammers have driven me to finding a working solution. The don't allow comments from google searches hack also makes first t...
Excerpt: I've been struck with comment spam three times in the last week. I don't know if this means that, suddenly, my blog has hit the radar screens of whatever search engine spammers use, or if I'm just lucky. Regardless, the first time is was mild, the seco...
Excerpt: There's a thread over at Making Light about a specific comment spammer who has been posting ads for what is allegedly child pornography. This guy is really obnoxious - one blogger reports having it show up on 89 posts so...
Excerpt: it's probably a good thing that TypePad embeds comments and TrackBack pings within the individual entry page. On the other hand, they should expect trackback spam to join the current comment spam. They need to address this before the cure becomes worse...
I've started to implement tools to prevent comment spam on my site. So far I've only gone down the blacklist route. I also like the idea of preventing repeat posts within a certain time period - this would also prevent accidental multiple-posting. I figured that you could recognise a repeat post in three ways: 1) same name, email, url 2) same IP address 3) same session ID Could a PHP session ID prevent robot attacks? Or would a robot always get assigned a session ID anyway? I'm thinking no session ID - no comment.
Jay Allen has an excellent Movable Type plugin for stopping comment spam: MT-Blacklist (http://www.jayallen.org/projects/mt-blacklist/). The plugin hits comment spammers where they live: in the URLs they leave behind. Comment spam is actually a little easier to filter than email spam, because it has to point to a specific URL in order to boost that URL's page ranking in search engines. MT-Blacklist looks for known spam URLs (and comes with a default blacklist of over 450), and adding new ones is as easy as clicking a link in MT's new comment notification mail.
convert URLS to a link pointing to ur server which in turns, redirects the link to the orig URL. defeating the purpose of ranking high in search engines
That's an idea that's often floated about. The problem is that spammers would still leave spam, not knowing that your system wasn't giving them Google juice. And this (and Jay Allen's) solution also relies on the concept that spammers leave comment spam solely to increase PageRank. That will change. Spammers will start leaving spam for other reasons as well.
Excerpt: Spam in blog comments is quite different from email spam and can be fought in a much more direct manner.
You have excellent ideas represented in this BLOG. Many of them could be used by more than just blog but could migrate into email, web page comments, IM and other areas where spamming is frequent. However, while select individual sites can be protected with such advance techniques, do we have an infrastructure that allows such protection to be available on a more global scale? Right now, I sense this is a grass-roots level for which support is needed (perhaps at the standards committee level). Is anyone lobbying the standards bodies for incorporation of such proven ideas? Will the best of these ideas be incorporated in commercial-ware? Unless these ideas reach the average consumer, they are falling far short of their potential. So how can these ideas be marketed?
The simple way to do it is to remove all url in comments. No way to steal visitors = no reason to put comment spam on a page... An other way to fight back: Build a link farm where you put a link to all the comment spammer's websites. They will be soon penalysed by google and nobody will find them ;). I like distributed/collaborative approaches to fight spam. For weblog with few comment volume, pre approval of comments may be the answer. If you know that your comment will first be read by a moderator/blog owner, and that you know that it will never be approved why would you want to put a comment spam ? Pre approval via email turn a Comment Spam into a regular spam with smaller audience and regular email spam tool already available could be used... kaushal parikh http://www.kaushalparikh.com
Excerpt: [11/14/2004] Update: [Adam Kalsey has a piece][adam] from Sep 2003 that includes more or less what I call Secret Tags. Since it's from Sep 2003, the credit goes to him, even I discovered his piece just today. Adam, too, says...
I agree very much with your point about spamming on comments. Why don't you just make sure that the topic is really addressed honestly? If it is addressed legitimately, then you should allow the link. If it's just a short and meaningless comment, then I would delete it. People should be rewarded for their honest interests in specific topics.
These are the last 15 comments. Read all 34 comments here.
This discussion has been closed.
galiel
September 19, 2003 7:48 AM
I am surprised there has been no follow-up discussion about communal post-ranking systems like Slashdot. No need to censor anyone or deal with accessibility problems, you simply have the community rank comments by merit, with the kind of safeguards against ballot-box-stuffing that Slashdot has built in. Trolls, spammers and freepers, who arguably combine the worst attributes of both, still post, but their posts don't get exposure--anyone who is bothered simply sets their filter to level 3 or whatever, and never see the bottom-feeders. When the community is too small to have a good community filter, you either rank it yourself or appoint a small group of responsible commenters to do the ranking. When the community grows enough, you adopt a Slash-type system. Simple, free-speech-friendly, accessible, non-intrusive, manageable.