Friday Feast #61: Unwanted Comments
I was absolutely horrified when I read Phil Ringnalda’s comment spam alert story last year in which a Las Vegas real estate agent used a script to try to autogenerate comments to every single one of Phil’s entries, including links to the spammer’s real estate site. While most of us won’t get bombed like that we still have our hands full with unwanted comment spammers. Today’s Friday Feast provides some tips about what I do to help combat comment spam along with links to more helpful tips, plugins, scripts, and information.
One of the many reasons I switched to Movable Type was its comments capability. Comment spammers are increasingly trying to exploit this feature at weblogs, however, and I’m not alone in wanting to prevent spammers while keeping the feature easy to use for legitimate comments. Some site owners stave off comment spam by closing off older comments, using blacklists, using filters, just deleting them when they occur, or a combination of these. Below are some good possibilities along with my comments and thoughts about what I’ve implemented so far.
Block Zipcode URLs
As a result of Phil Ringnalda’s comment spamming by that real estate agent, Phil added a snippet of code to the MT Comments script to prevent zipcode URLs from adding comments to his site. He shared the code at his post, URLs Including Zipcode are Prohibited.
Jay Allen has generously provided a new Movable Type template module to help prevent or at least slow down unwanted comments. Jay’s Killing Comment Spam Dead provides all the instructions for implementing it in your own site.
In a nutshell this new Movable Type template module will prevent unwanted comments from being posted in the first place based on filters. Like email filters, spammers will undoubtedly try to figure out ways around the filters, but it’s certainly a helpful approach. Jay has written instructions for novices and experts.
Besides being effective, Jay’s approach doesn’t involve hacking Movable Type source code, and it’s easy to implement.
I’ve implemented Jay’s template module at my site. I won’t publish my filters here for the spammers to see and work around, but I’ll email them to fellow webloggers upon request. Leave a comment here with a link to your weblog.
For MySQL and PHP Users
For those using MT 2.6 and above with MySQL and PHP, geeksblog.com has provided a close comments script to automatically close comments after a specified number of hours of days.
[hat tip: Ten Reasons Why]
Last month Simon Willison wrote about Blacklisting Comment Spam, sharing his blacklist. See the section Preventing Comments Spam from my Friday Feast #58 last month for more on this and links to more on blacklisting comment spam.
Screen Your Comments
For those who don’t mind screening all comments before they’re posted, there are some scripts available:
- Comment Queue Script/MT Hack
This script by scriptygoddess requires the MySQL version of MT and PHP availability on your server.
- Perl version of the Comment Queue hack by David Raynes. David created the scriptygoddess script as a Perl script for everyone not using the MySQL version of MT.
Even without the use of the above plugins or template modules the volume of spam in our comments can be reduced by deleting them as soon as possible, not just because we delete them but because deleting them quickly means no benefit to spammers for search engines or visitors to their absurd websites.
I get email notification of all comments and trackbacks, and my email filters let me know immediately when spam has been posted. I delete those comments from my site right away. MailWasher Pro catches the spam for me but I’ve set it to show me the spam first rather than automatically deleting it. That way I can allow my comment spam notices to download to my email program, as I want to keep those.
Adam Kalsey provides some smart advice and insight in his post Spam begets spam. He also recommends deleting spam posts right away, and he found a pattern of Google referrers searching for links to the same spam sites, apparently trying to find sites with their links to add even more to them. Removing spam comments right away eliminates search engines from spidering those links and improving the spammers' search engine results.
Deleting Comments Quickly
Jakob Lange Skjerning has provided some helpful instructions in his post, Movable Type: Easier edit/removal of new comments. This approach adds some code to your MT Comments configuration.
I implemented this at my site a few weeks ago, and I love its convenience. Now that I’ve implemented Jay’s filters comment spam isn’t showing up at my site, but I still need to update the page to reflect the correct number of comments.
Speaking of Spammers...
Email spammers have generated incredible volumes of wasteful and unwanted email. As we’ve all seen, many spammers even hijack and forge other people’s email addresses, domain names, and IP addresses in an effort to get past people’s spam filters. Telemarketers won’t leave us alone in the privacy of our own homes even when we have unlisted phone numbers and have never agreed to allow their calls. Now comment spammers try to take advantage of our comment forms at our websites for their own gain despite site policies that don’t allow solicitors, certain words, and any advertising.
From their actions I have the strong impression that these people only care about money and that they don’t care about or even consider the negative impact of their actions on others, which segues to the final topic, punitive damages for spammers.
Going After Spammers
If you haven’t yet read the September 29th Wired News story about Andy Markley, you really need to do so: Spam: This Time It’s Personal. It’s gotten to be commonplace for spammers to forge email addresses and domain names to send out their spam. As a result of someone doing just that—forging email addresses and domain names—stealing Andy Markley’s email addresses and domain names damaged his income, his business, and his reputation. As Andy learned, his spammer was one of the worst spammers around, Eddy Marin. Unfortunately he’s not the only one who’s been so seriously impacted. So far all that’s happened to Eddy Marin is that his ISP canceled his subscription, and that only happened after Andy spent countless hours researching and tracking to find out who had done this.
It’s fairly common for a spammer’s ISP to cancel the spammers' account(s) once known. Little to nothing prevents these spammers from getting another ISP and continuing to spam people, though. It’s no wonder spam has become such a rampant problem.
Laws against forgery and stealing someone’s identity need to include forging and stealing others' identities via email addresses and domains, and these people need to be criminally prosecuted. It’s one thing to send unsolicited commercial advertising email, but it’s criminal behavior to steal online identities by forging email addresses, domains, and IPs.
California passed an anti-spam law to take effect January 1st (see California Passes Spam Ban). Even if the law stays on the books, though, it may do little or nothing to impact the spammers who steal identities to send their spam.
So what’s it going to take to stop these people who seem to stop at nothing themselves? Check out the following:
- Antispam 'blacklist' providers hit by online attacks, by Story by Todd R. Weiss for Computerworld.
- Marketers Warned Of Getting Caught In Fight Against Spam, by Antone Gonsalves, TechWeb News.
- Spam Attacks Claim Two More Victims, by Kevin Murphy for CBR Magazine.
[hat tip: Dougal Campbell, The War on Spam]
See also Friday Feast #58: RSS Validator Update, Check Your Sites, Comments Spam, where you’ll find more recent information and resources.
Comments, Trackbacks: 19 so far. Add yours!
This discussion has been closed. Thanks to all who participated.