Friday Feast #61: Unwanted Comments

I was absolutely horrified when I read Phil Ringnalda’s comment spam alert story last year in which a Las Vegas real estate agent used a script to try to autogenerate comments to every single one of Phil’s entries, including links to the spammer’s real estate site. While most of us won’t get bombed like that we still have our hands full with unwanted comment spammers. Today’s Friday Feast provides some tips about what I do to help combat comment spam along with links to more helpful tips, plugins, scripts, and information.

One of the many reasons I switched to Movable Type was its comments capability. Comment spammers are increasingly trying to exploit this feature at weblogs, however, and I’m not alone in wanting to prevent spammers while keeping the feature easy to use for legitimate comments. Some site owners stave off comment spam by closing off older comments, using blacklists, using filters, just deleting them when they occur, or a combination of these. Below are some good possibilities along with my comments and thoughts about what I’ve implemented so far.

Block Zipcode URLs

As a result of Phil Ringnalda’s comment spamming by that real estate agent, Phil added a snippet of code to the MT Comments script to prevent zipcode URLs from adding comments to his site. He shared the code at his post, URLs Including Zipcode are Prohibited.

Filter Comments

Jay Allen has generously provided a new Movable Type template module to help prevent or at least slow down unwanted comments. Jay’s Killing Comment Spam Dead provides all the instructions for implementing it in your own site.

In a nutshell this new Movable Type template module will prevent unwanted comments from being posted in the first place based on filters. Like email filters, spammers will undoubtedly try to figure out ways around the filters, but it’s certainly a helpful approach. Jay has written instructions for novices and experts.

Besides being effective, Jay’s approach doesn’t involve hacking Movable Type source code, and it’s easy to implement.

I’ve implemented Jay’s template module at my site. I won’t publish my filters here for the spammers to see and work around, but I’ll email them to fellow webloggers upon request. Leave a comment here with a link to your weblog.

For MySQL and PHP Users

For those using MT 2.6 and above with MySQL and PHP, has provided a close comments script to automatically close comments after a specified number of hours of days.

[hat tip: Ten Reasons Why]


Last month Simon Willison wrote about Blacklisting Comment Spam, sharing his blacklist. See the section Preventing Comments Spam from my Friday Feast #58 last month for more on this and links to more on blacklisting comment spam.

Screen Your Comments

For those who don’t mind screening all comments before they’re posted, there are some scripts available:


Even without the use of the above plugins or template modules the volume of spam in our comments can be reduced by deleting them as soon as possible, not just because we delete them but because deleting them quickly means no benefit to spammers for search engines or visitors to their absurd websites.

I get email notification of all comments and trackbacks, and my email filters let me know immediately when spam has been posted. I delete those comments from my site right away. MailWasher Pro catches the spam for me but I’ve set it to show me the spam first rather than automatically deleting it. That way I can allow my comment spam notices to download to my email program, as I want to keep those.

Adam Kalsey provides some smart advice and insight in his post Spam begets spam. He also recommends deleting spam posts right away, and he found a pattern of Google referrers searching for links to the same spam sites, apparently trying to find sites with their links to add even more to them. Removing spam comments right away eliminates search engines from spidering those links and improving the spammers' search engine results.

Deleting Comments Quickly

Jakob Lange Skjerning has provided some helpful instructions in his post, Movable Type: Easier edit/removal of new comments. This approach adds some code to your MT Comments configuration.

I implemented this at my site a few weeks ago, and I love its convenience. Now that I’ve implemented Jay’s filters comment spam isn’t showing up at my site, but I still need to update the page to reflect the correct number of comments.

Speaking of Spammers...

Email spammers have generated incredible volumes of wasteful and unwanted email. As we’ve all seen, many spammers even hijack and forge other people’s email addresses, domain names, and IP addresses in an effort to get past people’s spam filters. Telemarketers won’t leave us alone in the privacy of our own homes even when we have unlisted phone numbers and have never agreed to allow their calls. Now comment spammers try to take advantage of our comment forms at our websites for their own gain despite site policies that don’t allow solicitors, certain words, and any advertising.

From their actions I have the strong impression that these people only care about money and that they don’t care about or even consider the negative impact of their actions on others, which segues to the final topic, punitive damages for spammers.

Going After Spammers

If you haven’t yet read the September 29th Wired News story about Andy Markley, you really need to do so: Spam: This Time It’s Personal. It’s gotten to be commonplace for spammers to forge email addresses and domain names to send out their spam. As a result of someone doing just that—forging email addresses and domain names—stealing Andy Markley’s email addresses and domain names damaged his income, his business, and his reputation. As Andy learned, his spammer was one of the worst spammers around, Eddy Marin. Unfortunately he’s not the only one who’s been so seriously impacted. So far all that’s happened to Eddy Marin is that his ISP canceled his subscription, and that only happened after Andy spent countless hours researching and tracking to find out who had done this.

It’s fairly common for a spammer’s ISP to cancel the spammers' account(s) once known. Little to nothing prevents these spammers from getting another ISP and continuing to spam people, though. It’s no wonder spam has become such a rampant problem.

Laws against forgery and stealing someone’s identity need to include forging and stealing others' identities via email addresses and domains, and these people need to be criminally prosecuted. It’s one thing to send unsolicited commercial advertising email, but it’s criminal behavior to steal online identities by forging email addresses, domains, and IPs.

California passed an anti-spam law to take effect January 1st (see California Passes Spam Ban). Even if the law stays on the books, though, it may do little or nothing to impact the spammers who steal identities to send their spam.

So what’s it going to take to stop these people who seem to stop at nothing themselves? Check out the following:

[hat tip: Dougal Campbell, The War on Spam]


See also Friday Feast #58: RSS Validator Update, Check Your Sites, Comments Spam, where you’ll find more recent information and resources.


Friday Feast archives

05:49 pm, pdt 3 October, 2003 Comments, Trackbacks (19) ·';}?>

Categories: Friday Feast, Internet, Movable Type, Weblogs


Comments, Trackbacks: 19 so far. Add yours!

  1. Shirley Kaiser's work because this is simply some of the best content in the world of weblogging for those...

    05 Oct, 2003Trackback from Rodent Regatta

    trackback #1 permalink ·'; else echo '·'; ?>

  2. stopping comment spam

    05 Oct, 2003Trackback from Snapping Links II (The Revenge)

    trackback #2 permalink ·'; else echo '·'; ?>

  3. My site is (as posted) I got hit pretty hard yesterday with comment spamming and was interested in implementing Jay’s template module.


    05:53 pm, pdt 5 October, 2003Comment by Erik

    comment #3 permalink ·'; else echo '·'; ?>

  4. Erik, I’m so sorry to hear you got hit hard yesterday. I’m finding Jay’s approach quite effective.

    I’ve only been using Jay’s filter approach since Thursday but it’s already prevented several major spam posts from showing up at my site. I still get the email notifications that includes exactly what these creeps tried to post along with their IPs.

    So it’s quite effective at the moment. :-)

    As I mentioned in my post, I suspect these creeps will figure out ways around the filters just like they try with email filters; however, it’s no big deal to add new filter information.

    Honest SEO people and web designers and developers would never try to spam weblog comments to fool Google or other search engines.

    I want these creeps to be criminally prosecuted for ripping off people, stealing domain names, email addresses, and IPs, and conducting business in misleading and dishonest ways. They need to be held accountable. I’m keeping the email notifications that I get from these creeps' absurd comments to turn them in to the appropriate agencies. They all use forged email addresses.

    We could all do this and make it clear to the appropriate agencies that we’re dealing with serious and rampant problems that continue to grow and worsen. We have to keep bugging them until they go after and prosecute these people just like other crimes. An ISP voluntarily canceling the spammer’s account doesn’t stop what’s going on, although I appreciate the fact that they do that.

    Well, enough of my rant. ;-)

    07:11 pm, pdt 5 October, 2003Comment by Shirley Kaiser

    comment #4 permalink ·'; else echo '·'; ?>

  5. First, and foremost Radiohead was one of the best concerts I've ever been to. They are simply amazing, and the outdoor amphitheatre made it alot of fun as well. Thom Yorke's performance was moving, funny, exciting, and hypnotic all at...

    05 Oct, 2003Trackback from //gtmcknight

    trackback #5 permalink ·'; else echo '·'; ?>

  6. Would it work to require a commentor to enter a simple validation "code word" which is displayed as a gif or jpeg? I think I remember Paypal or some other service displaying a word as a partially blurry image, then requiring you to enter that word in a text box, which proved that you’re a human and not a spambot, since the bot can’t interpret the image as text.

    11:57 am, pdt 6 October, 2003Comment by Christopher J

    comment #6 permalink ·'; else echo '·'; ?>

  7. Christopher,

    That approach is used at some commercial sites, as you may have also seen; however, it’s problematic with accessibility, such as the blind, voice recognition software, or alternative devices that don’t display images.

    So I’d rather not take that approach myself.

    Your idea has been brought up at a few weblogs to help combat comment spam. If it didn’t have any accessibility issues I think people would be more inclined to that approach to prevent the comment spam bombing that Phil Ringnalda experienced, too, for example.

    Thanks for your comment, Christopher. I think it’s good to discuss various possibilities.

    02:41 pm, pdt 6 October, 2003Comment by Shirley Kaiser

    comment #7 permalink ·'; else echo '·'; ?>

  8. What timing, I’ve just started getting hit about daily. If you’d share your filters, I’d really appreciate it!

    08:37 am, pdt 7 October, 2003Comment by Miriam

    comment #8 permalink ·'; else echo '·'; ?>

  9. archives/2003/10/03/feast_61_unwanted_comments/ If you have a hate-on for comment spam you probably already have seen this, but Shirley Kaiser at has written a great post containing much of the co...

    07 Oct, 2003Trackback from EdTechPost

    trackback #9 permalink ·'; else echo '·'; ?>

  10. Die spammers, die.

    07 Oct, 2003Trackback from Between Coffees

    trackback #10 permalink ·'; else echo '·'; ?>

  11. It's a hot topic in the blogosphere lately. As well it should be, since so many of us are hit by it. I've been getting a few a week, which I suppose I should be grateful. There are some who...

    08 Oct, 2003Trackback from A View From Home

    trackback #11 permalink ·'; else echo '·'; ?>

  12. I give up. The rate of blog comment spam to this site is bothersome, now with 10 banned IPs (which likely does very little), and going in to remove the comments manually is getting very old. The latest, unrelated, un-meaningful,...

    08 Oct, 2003Trackback from cogdogblog

    trackback #12 permalink ·'; else echo '·'; ?>

  13. Unwanted Comments: Comment spam is becoming a bigger and bigger problem. Shirley has a good roundup of resources to help you fight it. "Some site owners stave off comment spam by closing off older comments, using blacklists, using filters, just...

    08 Oct, 2003Trackback from Gadgetopia

    trackback #13 permalink ·'; else echo '·'; ?>

  14. As a designer, you may have heard a potential or existing client tell you that they'd like a new site design exactly like the XYZ site (fake name) and may suggest that you copy it. I've even had several potential clients ask me if I'd build their site...

    10 Oct, 2003Trackback from Brainstorms and Raves

    trackback #14 permalink ·'; else echo '·'; ?>

  15. Around 5 years ago I found a great niche of combining my passion for music and graphics in a way to help others -- I began offering a line of linkware music graphics, eventually getting its own domain name as it grew. The benefits have been beyond my w...

    10 Oct, 2003Trackback from Brainstorms and Raves

    trackback #15 permalink ·'; else echo '·'; ?>

  16. Can you share your blacklist with me? I am using Kellan’s MT-Spambad hack - Kellan’s MT-Spambad hack.


    03:25 pm, pdt10 October, 2003Comment by Geodog

    comment #16 permalink ·'; else echo '·'; ?>

  17. hier ein guter Überblick zu unterschiedlichen Ansätzen, was man gegen Kommentarspam tun kann (alelrdings nur für MT Nutzer) >>>...

    13 Oct, 2003Trackback from MEX Blog

    trackback #17 permalink ·'; else echo '·'; ?>

  18. all the anti-spam resources I've gathered so far.

    27 Oct, 2003Trackback from Snapping Links II (The Revenge)

    trackback #18 permalink ·'; else echo '·'; ?>

  19. I second this review of the MT-Blacklist plugin. It is very, very useful.

    I have one quick suggestion, after you download the plugin, and have it working, you may want to change the name of the *.cgi file to something unpredictable.


    09:42 pm, pst14 November, 2003Comment by Shanx

    comment #19 permalink ·'; else echo '·'; ?>

This discussion has been closed. Thanks to all who participated.

*/ ?>