Spam begets spam

Freshness Warning
This blog post is over 19 years old. It's possible that the information you read below isn't current and the links no longer work.

Vandalism experts note that one of the best ways to combat graffiti and other forms of vandalism is to clean it up immediately. A wall with graffiti on it attracts more graffiti. A building with broken windows encourages other miscreants to break windows.

The same appears to be true with comment spam. While my anti-spambot measures seem to be effective, they’ll do nothing to stop people from hand-entering spam comments. I just received a spammy comment on my SimpleComments entry. Looking at the log files, the individual was on my site for 90 seconds before submitting the comment.

Looking to see how they found my site, I discovered that the initial referral was a Google search for sites linking to a common comment spammer. Digging further, I found that I’ve had several visits over the past month from people searching for links to common spam domains.

If you’re a spammer, it makes sense to post your links in places that they will be effective. If the links are deleted immediately, all your work has been lost. So the spammers are searching for spam comments that have remained on the page long enough to get the link into Google.

If you want to reduce the flow of comment spam to your site, be vigilant in removing the ones that do get posted. Leaving them up, even for a short time, can catch the eye of more spammers.

September 22, 2003 4:08 AM

So the 'key' method is working. That's good news.

September 22, 2003 7:05 AM

Can you detail how you got this working, thinking of similar for my site. Also of interest would be a how-to or a link to how to get your entries named words and not numbers.

Chris Vance
September 22, 2003 10:09 AM

Great article. Does MT allow comments to be screened? I'm not sure if I've seen recent commenters suggest screening. LiveJournal and LJ clones (based on the LJ sourcecode like allow various screening options. Screening options include: no screening, screening all comments, replies by users you are not "watching," or only anonymous comments can be screened. It would seem that comment screening would remove the ability of spammers to get their message to your page, but would seem to add lots of administration for the owners of popular blogs. In any event, removing comment spam immediately when it is found helps to reduce future comment spam.

September 23, 2003 8:19 AM

I have never tried it personally, but there is the Comemnt Queue Script/MT Hack at and

Steven Garrity
September 23, 2003 3:47 PM

That's interesting - it's certainly consistent with the way spam comments (from robots or humans) seem to come in clusters on one or two threads at a time.

September 27, 2003 4:34 PM

You may find this interesting: It's a non-hack solution (i.e. no source code changes) for combatting comment spam with Movable Type. I will be making a few upgrades to the macros as well as rolling it together as a plugin very soon. I am also interested in working on a clearinghouse solution as I state in the entry. Perhaps you and Simon would be interested in collaborating??

Trackback from cce blog
October 6, 2003 2:54 PM

quick-n-dirty comment spam fix

Excerpt: i started getting a LOT of comment spam ... so i just renamed mt-comments.cgi to mt-c0mments.cgi to keep the robots away. i haven't received any comment spam since then, and i used to get several every day, so i suppose it must be working. publicizin...

cul heath
November 12, 2003 9:34 PM

As a relatively non-tech guy I just spent hours removing spammed comments from my blog tracked obstensively thru a whois search to this info: [Personally identifiable information removed.] Is this just spoofed or am I looking at the actual source of the spamming? A couple of hours ago I installed Jay Allen's MT-Blacklist plug-in and thank him for that greatly. I also posted the Comment Spam Manifesto and relevant linx...again a great deal of thanks to the author. I would like to learn more and am willing to dedicate inordinate amounts of time in any way I can to battling this scourge of the internet. Thanks for your time. cul heath vancouver bc

Adam Kalsey
November 12, 2003 9:57 PM

After a bit of internal debate I've removed the whois info from your comment. We live in a litigious society and the last thing I need is a lawsuit for something I didn't even write. That said, if the whois you posted was from the domain that spammed you, it looks like you have your spammer. And a Google search on the name of the hosting company identified in the whois (**** has a lot of spam-related results. They appear to be a hosting company that speciallizes in hosting porn. You could contact them about the spammer and they might kick him. They have a pretty stong statement against spam in their acceptable use policy.

cul heath
November 13, 2003 3:28 PM

Thanx for the heads up on the litigious potential matter ( i agree;discretion/valor) I will follow up on the **** info... I know who they are and they are usually a fairly responsive group. I will post my results later. Thanx again.

November 14, 2003 10:04 AM

Don't know how important it is for you to be found by a Google search, but perhaps you could prevent your blog from being indexed by search engine sites by using a robots.txt file.

This discussion has been closed.

Recently Written

The Trap of The Sales-Led Product (Dec 10)
It’s not a winning way to build a product company.
The Hidden Cost of Custom Customer Features (Dec 7)
One-off features will cost you more than you think and make your customers unhappy.
Domain expertise in Product Management (Nov 16)
When you're hiring software product managers, hire for product management skills. Looking for domain experts will reduce the pool of people you can hire and might just be worse for your product.
Strategy Means Saying No (Oct 27)
An oft-overlooked aspect of strategy is to define what you are not doing. There are lots of adjacent problems you can attack. Strategy means defining which ones you will ignore.
Understanding vision, strategy, and execution (Oct 24)
Vision is what you're trying to do. Strategy is broad strokes on how you'll get there. Execution is the tasks you complete to complete the strategy.
How to advance your Product Market Fit KPI (Oct 21)
Finding the gaps in your product that will unlock the next round of growth.
Developer Relations as Developer Success (Oct 19)
Outreach, marketing, and developer evangelism are a part of Developer Relations. But the companies that are most successful with developers spend most of their time on something else.
Developer Experience Principle 6: Easy to Maintain (Oct 17)
Keeping your product Easy to Maintain will improve the lives of your team and your customers. It will help keep your docs up to date. Your SDKs and APIs will be released in sync. Your tooling and overall experience will shine.


What I'm Reading


Adam Kalsey

+1 916 600 2497


Public Key

© 1999-2023 Adam Kalsey.