Prevent Comment Spam
Posted by Jon Lee in How-to, Web Development, tags: Akismet, comments, greasemonkey, spam-protection, wordpressAny Wordpress blogger can tell you what a pain it is to go through their Akismet Spam filter to identify any false-positives (real comments that get identifed as spam). In a week, I used to get about 500 comments that gets caught by Akismet which isn’t a lot compared to some more popular blogs. Within these comments, I’d say approximately 1% of them are false-positives. Sure I could’ve ignored them but I feel every comment is an important one that shouldn’t be overlooked!
Here are possible solutions to this problem:
Bad Behavior
A couple weeks ago I wrote about how I installed the Bad Behavior plug-in to prevent unwanted traffic to my site (i.e. spam bots). Well it looked like it worked! In this past week I’ve only had 50 comments in the filter, that’s a big difference!
Captcha
Now I could have easily installed a Captcha tool but I’m sure that would annoy a lot of the regular readers and commentators. (Captchas are the “enter the following jumbled letters to prove you’re human” tests).
Change Field Names
Another solution is to change the field names of the comment form so that automated scripts could not submit their content to your blog since they won’t have the correct fieldname. However, this requires a little tweaking in your own code and frankly I was too lazy to poke around the Wordpress files to do so. Also it doesn’t stop bots that scan your source code.
Add a Hidden Field
I read about this one on digg last week. By adding an extra field to your comment form and making it invisible with CSS, you can trick spam bots into filling in that field (since they look at HTML and don’t know it’s invisible) and throw out any comment that has that field filled out. There are a couple flaws with this, first of all it’s really easy for a spam bot to add a check for visibility, and secondly users that don’t look at a site the same way others do would see the field (auditory surfers, old non-css compatible browsers etc.). I don’t like this solution because I believe in designing without discriminating! Also, it will require adding a little bit of code to the comment file.
A Different Spam Filter
I haven’t tried any other spam filters but I believe the general consensus is that Akismet is the best out there right now. Spam Karma is a close second. There is a new one that is in private beta testing and promises to be even better than Akismet. I’ve signed up to be a beta tester but I haven’t been contacted yet. I hope it lives up to its promises!
Disable Comments on Old Posts
You may notice a lot of your comment spam is on old posts since those pages have been crawled and have been out there for a while, it is only natural they will gather spam. As your blog grows and you have more posts, the number of spam comments will increase linearly. So by disabling the ability for users to comment on old posts, you will be stopping this increase. Personally, I don’t think this is a good idea since it effectively terminates any discussion on old posts. I mean, if someone had a question about something you wrote (that you would likely not write about again), they’ll have nowhere to discuss it!
I’m very happy with Bad Behavior right now, it’s no problem for me to look through 50 spam comments a week to find false-positives since it takes less than a minute to do. Also, with a little Greasemonkey script, this process is made much more efficient!
Do you look through your spam filter or do you just empty it? How do you prevent comment spam? I’d like to know!
Popularity: 18% [?]
Entries (RSS)
For the hidden field thing: you don’t actually have to hide the input only, think about this code:
<span class="hideme">Leave this field empty: <input></span>Browsers with no CSS will still see the warning message.
And for the code, well, I could make it a plugin, it shouldn’t be hard
I use math questions. And I block a lot of spam bots.
No spam whatsoever.
Right now, I simply moderate all first time commenters, much lik e the default settings for Wordpress. I have only got about 10 spam commenters though, so it isn’t a big problem. One thing I saw on one site that I thought was neat was a Javascript dialog asking if the user wanted to post the comment. Seeing as spam bot s probably wouldn’t interact to that…
My old site had a huge spamming problem that may or may not have contributed to the free web host under it collapsing. With my new one, things went great for a long time.
Suddenly, I’m getting dozens, if not hundreds, of spam attempts. I shut down commenting for non-registered users just in time.
I make sure to keep checking the wordpress site for the latest plugins, they have saved me a lot of spam on my blog.
Askimet has been blocking everything nicely for me. I occassionaly login to the wordpress admin and check all the spam comments left, quite amazing how fast it all adds up.
I have always just emptied my spam filter, just assumed it got it right.
Checked it after reading your post and there were 2 genuine comments in there – so I will be keeping an eye on it from now on!
Thanks
Good point, but it would still confuse the Homer Simpson’s out there.
Quote:
Leave the space below blank.
O.K.
Tell me about it, I’m not entirely sure how Akismet does it but it works wonders!
I was doing that myself until a reader e-mailed me complaining about why his comments never get posted!
Interesting solution, although I’d worry about users with Javascript turned off!
I used to get hit by heaps of spam until I started using Spam Karma. I’ve found it very reliable.
Lol
[...] weeks ago, I talked about ways to prevent comment spam on your blog. Most of them required installing some sort of plug-in or tinkering. Near the bottom of that post I [...]
Thanks for the tips. I was trying to figure out ways to get rid of spam as askimet wasn’t doing 100% great.
Nice suggestion. I read that you mention about captcha will trouble the commentator. honestly, it is not. unless the picture of captcha is hard to read. it can cause put mistake word and do it again and again.
about change field name, it is not all user can do it because it need scripting knowledge.
I, too, receive hundreds of spam attempts per week on my site. As I use my own custom blogging / CMS code, I wasn’t able to rely on the standard WP/MT antispam plugins to do the job.
Originally, I was keen on the idea of using a hidden field (hidden through CSS visibility). However, I would caution anyone thinking of using it: From what I recall, Google (via Cutts) has indicated a distaste for invisible text (due to its black-hat prevalence). Considering the penalty for triggering a SEO red-flag, I don’t think it’s use would be prudent.
I have created an spam statistics & technique page that might be of interest to those who are trying to build custom detection methods that build upon some of the suggestions you’ve already written here.
In addition to custom filters, I am now running Akismet in parallel to see how it compares. So far, I haven’t observed any false positives, but I did encounter a number of false negatives. This is easily explained by the fact that it does not have access to special form field content that provides additional indicators of harvesting and bots.
[...] my post about preventing comment spam on blogs last month, I mentioned that I signed up to be a beta tester for a new anti-spam filter that [...]
Akismet sucks. If you leave a comment on someone’s blog and they disagree with your comment, they get you banned from commenting on all blogs by falsely makring what you said as spam.