Spam: not ham

If you’ve blogged for even 24 hours, you most likely know what spam is. Spam is an unsolicited commercial message, or something you didn’t ask for trying to sell you something.

So what does this have to do with blogs? Well just like you can get spam messages in your inbox, people will leave spam comments on your blog. However unlike email spam where the target is you, comment spam generally targets search engines.

Why on earth would a spammer target a search engine on your blog? Let’s start from the beginning. Several years ago Google pioneered a search technique called PageRank. Basically what it does is, in addition to looking at the content of a page they index, they also look at who links to a page and what that link says. This technology is what made Google very good at returning relevant results and made it the most popular search engine today. Because their ranking system relies so heavily on PageRank people can sometimes game the system in what’s called “Google Bombing.” A google bomb is when a large number of different websites link to a page with the same link text to influence the ranking of that page for a search term.

This brings us back to the spammers. A spammer might have a site that sells a ‘certain type of pill’ and wants to be at the top of a search for taht ‘cerain type of pill’ on Google, so to create the effect of a google bomb they leave comments on hundreds or thousands of weblogs linking to their site with the link text “pill”. They don’t really care if you see it, in fact they’d rather you didn’t because you would delete it, they just want the search engine to see it when they index your page.

Comment Moderation is very effective in addressing unwanted comments. The best defense against comment spam is just watching your comments. Under Manage → Comments it shows a listing of the latest comments on any post and you can quickly scan the comment activity on your site. The faster you respond to comment spam on your site, the less likely the spammers will return.

On the Combating Comment Spam page you will find a list of more proactive measures against comment spam.

Stealth Spam

A new technique is the spammers will leave a perfectly normal-looking comment except for the commenter’s URI or name. The best way to watch out for this is to visit the URIs of people who leave comments on your blog. (This is a good practice anyway.) If one looks suspicious, either delete the comment entirely or leave the comment and delete the URI.

Another way of stealth is to use a div-tag around a bundle of hundreds of links. This becomes more and more common because many software displays directly the given HTML tags and not the HTML code. To avoid this the software must “strip-out”, other word: filter the HTML tags while inserting the comment into the database.

The Good News

The good news is that your WP hosted blog at AussieHomeschool is protected by a wonderful program.  Some blogs have been knowen to be hit by several hundred spammers per day…so in the light of that, your anti-spamming program works quite well, eh?

Akismet Comment Spam Fighter

Current versions of WordPress come with Akismet installed by default. Akismet uses a unique algorithm combined with a community-created database to “learn” which comments are comment spam and which are legitimate.

To enable Akismet on your WordPress blog, go to the Plugins panel and activate the Plugin. A menu is added to the Comments Panel and holds a list of “caught” comment spam.

If comment spam gets through Akismet’s net, mark it as comment spam in your Comments Panel. Do not delete it. By marking it “comment spam”, the information is sent to Akismet and added to the community-created database.

Frequently, check through the caught comment spam in the Akismet Panel to look for false/negatives, legitimate comment spam that has been caught by Akismet. Mark it as Not Spam and click Despam at the bottom of the page to remove these comments from the list.

My Comments Get Caught By Akismet

Akismet learns by those who mark comment spam as comment spam and legitimate spam is despammed. If your comments are being caught by Akismet, remove them from the Akismet Panel. It might take two or three times, but it will learn and automatically not designate your comments as spam.

Commenters on your blog may have their comments caught by Akismet. If you do not regularly check your Akismet Panel, have an easy way of allowing readers to email you if their comment did not appear.

With updates to the database and major changes to the software, this process may have to be repeated.

If you continue to have problems with Akismet catching your comments or too many of your readers’ comments, contact Akismet for more assistance.

Combating Comment Spam FAQ

Default Comment Spam Tools

The following are the default comment spam tools that come with every installation of WordPress, in addition to the Akismet WordPress Plugin.

Number of Links in Posts

To change the number of links in comment posts, which may help stop comment spammers who include dozens of links in their comment posts, you can change the setting for the number of links permitted in a comment.

  • Go to the Options > Discussion panel.
  • Scroll down to Comment Moderation.
  • In the section which covers the number of links in a post, it is set to 2 by default. You could lower to one.

NOTE: Do not set this to zero or leave the field blank. It will send every comment to moderation — not the desired effect.

Spam Words

If you encounter a word or phrase that is not in the Spam Words list, you can add it. You can also add the spam words found on the Spam Words list to the list that comes with your WordPress installation.

  • Go to the Options > Discussion > Comment Moderation panel.
  • In the Spam Words textarea box, you can add additional spam words.
  • Added words are to be on a single line with a single line break after them with no spaces in between the words. If you include a blank line, every single comment will be moderated.
  • When a comment contains any of these words in its content, name, URI, e-mail, or IP, WordPress will hold it in the moderation queue.

Comment Blacklist

Included on your Options > Discussion panel is a section called the Comment Blacklist. This is a list of words completely blacklisted from your blog.

Be very careful what you add here. If a comment matches something here it will be completely nuked and there will be no notification. These “nuked” comments will not appear on your blog, but they will remain in your database marked as [spam]. Comments that are marked as [spam] are held in your database to educate “intelligent” anti-spam plugins, such as Akismet.

Choose your blacklist words wisely!

Remember that partial words can match, so if there is any chance something here might match it would be better to put it in the moderation box. Blacklisting a word such as tramadol will automatically delete any comments containing tramadol, tramadols, bigtramadol, etc. But, blacklisting a word such as ass will automatically delete comments containing ass, asses, assistance, passionate, assumption, etc.

Moderate All Comments

Depending upon the amount of comments and control you want over comments on your WordPress site, you may want to moderate all comments on your site.

In the Options > Discussion panel, check the box next to An administrator must approve the comment (regardless of any matches below).

Pre-approve Comments from Old Commenters

You can also set your Options > Discussion panel options to allow previously approved comments to avoid moderation. Check Comment author must have a previously approved comment.

I hope this helps you understand spam and therefore equip you with a few tools in how to deal with it. More information can be found at the WP Codex.

May 5, 2009 | Filed Under Blogging Tips 

comments

Leave a Reply