Category: Comment Spam

Blogging, Comment Spam, Open Source

Akismet 2.0 is a life (and comment) saver

Akismet is the default anti-spam plugin which comes with WordPress and it has saved me from literally hundreds of thousnads of comment spam messages (124,200 last time I looked).

A new version (Akismet 2.0) was released the same time as WordPress 2.1’s release so it’s release was kind of drowned out in the hoopla.

To my mind, the most significant change in Akismet 2.0 is the ability to tell Akismet to automatically delete any comments on posts over a month old.

Akismet configuration

As Matt himself said:

When I was doing some research into false positives I found an interesting statistic: the overwhelming majority (more that 99.99%) of false positives (which is when Akismet marks someone as spam wrongly) occur on new posts. Which makes sense because most real comments happen on new entries.

Typically I used to get >500 comments per day flagged by Akismet. There was no way i could go through those looking for genuine comments accidentally flagged as spam by Akismet.

Today though, having configured Akismet to dump all suspected spam comments on posts over a month old, I now only have to check 20-30 comments per day.

And just this morning, I rescued two comments which had accidentally been marked as spam by Akismet.

Well done to the guys in Automattic again. I love Akismet.

Blogging, Comment Spam

Slow comments in WordPress

In the last couple of weeks commenting on this site was taking longer and longer – sometimes timing out and not letting people comment at all. I was puzzled as to the cause of this and tried turning off various of the plugins I had installed on this blog.

Today though I think I have found what the problem was! I looked into the Akismet anti-spam plugin and found that there were nearly 10,000 spam comments there! I deleted the nuisance comments and now commenting seems to be working much better.

Anyone still having problems commenting here?

Blogging, Comment Spam, Trackback Spam

Bad Behaviour blocks TechMeme

I noticed recently that none of my posts were appearing on TechMeme so I emailed Gabe Rivera, TechMeme’s founder to ask what the problem was. He responded:

Your Bad Behavior plugin is blocking me, even though my crawler behavior is rather benign.

If you can whitelist my crawler (does BB let you?), it looks like this:
Mozilla/5.0 (compatible; Wazzup1.0.XXXX; http://70.86.131.10/Wazzup) …with XXXX varying (long story…).

Or just uninstall it! (What are some alternatives? I’d like to do a post on this…)

Bad Behaviour is an anti-spam plugin that I have written about previously.

As I don’t see a way to whitelist, I have disabled Bad Behaviour and I advise anyone else to do so until this can be sorted.

Thanks for the speedy response Gabe.

UPDATE: – Michael Hampton, Bad Behavior’s developer has contacted me to say it is possible to Whitelist TechMeme by adding its ip address (70.86.131.10) to the Whitelist-inc.php file – this fix didn’t work for me but may be worth a try if you do want to use Bad Behavior.

.htaccess, Comment Spam, Technology

How to block comment spam

Like all bloggers, I find comment spam to be a constant annoyance. There are many ways to mitigate the problems it causes however and using the following techniques means that this site is subject to almost no comment spam.

Use WordPress’ built in comment spam tools –

  • In WordPress Options -> Discussion, fill in the list of common spam words – words in this list automatically cause a comment to go into the moderation queue. I use the following list.
  • Also use the Comment Blacklist field. Populate this very carefully. Any comment containing words in this list are nuked automatically. No notification. No way to get them back. Gone. This is the list of words I have in my blacklist.
  • I have checked the “Comment author must have a previously approved comment” field as well. This is a very simple but very effective tool – regular commenter’s are able to leave comments and see them appear instantly; new commenter’s comments are held for approval and if they are not spam, their comment appears in short order and subsequent comments appear immediately.
  • And I use WordPress’ built in anti-spam plugin – Akismet.

I also have a custom .htaccess file which stops a lot of spamers cold before they reach the site at all. Excercise extreme caution with .htaccess files as they can take your entire site down. If you are not sure what you are doing, I have written a few explanatory articles on .htaccess files previously. If you are still not sure what you are doing, put the .htaccess file down and walk away very slowly!!!

Finally, I use plugins called Referrer Karma and Bad Behaviour which help significantly by stopping bots from accessing your site to leave comment spam.

Having implemented these techniques ensures that my site stays free of comment spam without having to moderate all comments and without having to implement CAPTCHAs. CAPTCHAs are those horrible badly drawn images of combinations of letters and numbers which some people put on their sites to stop spam. CAPTCHA’s are evil*. Stop using them. Now.

* The American Foundation for the blind has written many times about how difficult Captchas make browsing for blind or partially sighted people and the W3C in a report on Captcha’s said:

A common method of limiting access to services made available over the Web is visual verification of a bitmapped image. This presents a major problem to users who are blind, have low vision, or have a learning disability such as dyslexia.

Business blogging, Comment Spam

A solution for Robert Scoble?

In a recent comment on Shelley Powers’ site Robert Scoble explained one of his reasons for turning comment moderation on his blog, it has nothing to do with comment spam – he said:

I am seeing more and more anonymous comments and I have been tracking their IPs and see that one person is showing up under a variety of different names

Robert, if someone is posting troll comments under multiple names coming from the same ip address – enter that ip address into your WordPress Options -> Discussion -> Comment Moderation field and then comments from that ip will be moderated – all others will get through.

Be transparent about it – say in a post on your blog that you are moderating posts from that ip because of abuse. People will row in behind you on that.

Moderating all comments seems like taking the lazy way out.

Blogging, Business blogging, Comment Spam

Captcha's are lame

A captcha is an acronym for “completely automated public Turing test to tell computers and humans apart – in other words a type of challenge-response test used to determine whether or not a computer user is human (or another computer).

From the Wikipedia entry on Captcha’s:

A common type of captcha requires that the user type the letters of a distorted and/or obscured sequence of letters or digits that appears on the screen. Because the test is administered by a computer, in contrast to the standard Turing test that is administered by a human, a captcha is sometimes described as a reverse Turing test

Recently, I have seen several bloggers install captcha’s as a way to try to stop comment spam on their site – guys, captcha’s are lame.

Captcha's are lame

Why are captcha’s lame? Captcha’s are lame because:

  1. they force the burden of work back on your commenter and pushing extra work on your readership displays a lack of respect
  2. they show you are too lazy to properly secure your blog against comment spam (using blacklists, .htaccess, number of links, etc.) and most importantly,
  3. they discriminate against partially-sighted readers

There are many good anti-comment spam tools and procedures available, don’t use captchas.

Comment Spam, Technology

Comment spam run last night

Apologies to anyone who subscribed to comments on this site and was emailed the spam comments which hit this site last night.

The site was hit by over 80 spams overnight – the first spam run to make it through my anti spam defences in over a year.

Curiously, all the spams came from a single ip address (71.57.133.162) and that ip is now blocked by my .htaccess file.

Hopefully it will be another year before this happens again!

UPDATE:
I see this spammer also visited the Spamhuntress – what a twit! Go get him Ann!

Comment Spam, Security, Technology, Trackback Spam

Spamming can seriously affect your health!

Via Loic

From MozNews.com

Russia’s Biggest Spammer Brutally Murdered in Apartment

Vardan Kushnir, notorious for sending spam to each and every citizen of Russia who appeared to have an e-mail, was found dead in his Moscow apartment on Sunday, Interfax reported Monday. He died after suffering repeated blows to the head…

Under Russian law, spamming is not considered illegal, although lawmakers are working on legal projects that could protect Russian Internet users like they do in Europe and the U.S

For more info on Kushnir, see the WikiPedia entryhere.

UPDATE:
Russian police are now saying that Kushnir’s death was a robbery gone wrong and was unrelated to his spamming – see here for more.

Comment Spam

A spam comment makes it through my comment spam defences

Well, it had to happen – a comment spam made it through my defences and onto the site this morning. Having said that, I never thought the site would be spam-free for four whole weeks when I turned off my comment spam plugins.

The spam, which was on the site this morning, looked innocuous enough. The text of the comment was

I came to your site accidentially, but found it very good to read. Thanks.

The comment was from someone calling themselves elephant with the email address norman@chick.com. The domain being pointed to by the comment was 11say.com and the comment was left with a User Agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1).

Something about the comment didn’t seem right so I did a bit of digging. I checked out the site and at a first cursory glance, it appears to be a legitimate site but looking a little more closely, you will notice the text is nonsense and below the copyright notice there are a load of links.

So I did a bit more research on the comment (address lookup, whois info, traceroute, etc.) and forwarded my findings to SpamHuntress. She subsequently wrote a comprehensive post on it.

Searches on Google and MSN Search for the term “I came to your site accidentially,” (including the inverted commas and note the misspelling of accidentally) show that those responsible for this spam have been busy and are also using a variety of aliases and many other domains all pointing to the same spam site.

They are also using the comment text

I have learned about this at school today!

and

Hey Jon did’t know you are reading this too :0. Greets

so if you see any of these comments on your site, delete them.