I’m winning the battle against comment spam.
Honestly.
Living in the Middle East, I learned to live with the up close and personal issue of life with terrorists and suicide bombers. Among the many lessons I learned was the reality of the phrase “You can’t let terrorists win.” While the United States is still learning what that really means, the courage to not let terrorists win is an appropriate metaphor for our ongoing battle with blog comment spam.
We can’t let the comment spammers win.
Too often they win by forcing us to make it more difficult for our readers to comment on our blogs. We punish our readers by putting up road blocks and security fences, forcing them to jump through hoops to leave a comment on our blog posts. Fear and the hassles of comment spam is strangling the joy out of the conversation that makes blogs successful and distinctive from websites.
I’m here to tell you that I’m winning the battle against comment spammers by not letting the bastards win, nor by spoiling the experience for my readers.
I’m winning with the following comment spam fighting policies:
- I do not use forced comment moderation.
- I do not force people to register in order to participate on any of my blogs.
- I do not force people to be logged in to comment.
- I do not force visitors to dance through captchas, doing math problems, answering stupid questions, or guessing at bizarre spelled words.
- I do monitor as much of the caught comment spam as possible for any false/positives that slip through, helping to train my comment spam fighting tools to improve comment spam recognition.
- I do keep my blog free from comment spam, catching and removing the few that occasionally slip through as fast as I can.
- I respect my audience.
- I respect those who comment even more.
This is not an easy task. Between my various blogs, I work with a team of top spam fighting and catching tools. Akismet, Bad Behavior, and Spam Karma 2 are the leaders of the comment spam fighting pack.
Akismet blows away thousands of comment spam weekly on this blog. Recently, Akismet’s total comment spams fought off since it was installed on this blog hit 50,000 caught comment spams, and a few days ago, I found it caught 1399 comment spams in one day! That’s impressive comment spam fighting stuff.
On my full version WordPress blogs, Bad Behavior slaps comment spammers away before they even can get in the door. Any that manage to slip through are caught and jailed with Spam Karma and/or Akismet. With these three sturdy soldiers at my side, I do my best not to inconvenience my readers and commenters.
The best comment spam fighting methods are the invisible ones. If you don’t see comment spam on my blog, I’m winning the war.
Can you say the same?
Related Articles
- Truths and Consequences of Blogs That Stand Out
- Do You Care Enough To Keep Your Blog Comment Spam Free?
- AntiLeech Splog Stopper: Fighting Back Against Content Thieves
- Will Stopping Overseas Online Gambling Payments Impact Bloggers?
- Digital Fingerprints Help Track Blog Content Theft
- The Bitacle Battle of Blogs
- Editing Your Blog Comments
- What is Comment Spam?
- Comments on Comments
- How NOT to Comment on Comments
- Mean Spirited Comments and Blogging
- You Must Be Logged In To Comment
- One Year Anniversary Review: Comments on Comments
- Special Guide to Weblog Comments
- I Love It When You Say Nice Things About Me
- The Day I Looked Forward to Casinos, Drugs, and Penises
- Your Comment Has Been Moderated – Stay Tuned for Approval
- Monitoring Blog Comments
- A Day in the Life of a Paranoid Website Administrator
- My Daily Tasks With WordPress
Site Search Tags: comment spam, comment spam fighting tools, fight comment spam, win the war on comment spam, wordpress comment spam, bad behavior, akismet, spam karma, wordpress plugins, comment spam wordpress plugins, stop comment spam, comment spammers
Copyright Lorelle VanFossen, member of the 9Rules Network 
Subscribe
Lorelle on WordPress 
57 Comments
I have to say, Akismet is absolutely awesome and saves me no end of time. It’s never caught a false positive, and if anything is dubious, it gets caught in moderation (which is very rare).
Hooray for the anti-comment spam tools!
Oh absolutely! I didn’t get all the fuzz about comment spam as a problem at blogs I visited. Really, just install Spam Karma 2 and you’re probably good to go, but if you are a high-trafficed site then also run Akismet. I have yet to try Bad Behavious, because honestly I haven’t felt the need to install yet another spamkiller.
Really, the battle against todays comment spam isn’t all that hard to wage, as you so nicely pointed out above. And it’s good that a high-profile blogger like yourself blogs about it, the more that understand it, the merrier.
Thanks Lorelle, your article made me realise I have been keeping new commenters in moderation, which might be irritating, I’ve removed it now! Akismet rocks 😉
I use BB2+SK2 on my Blog as well, I’m spam-free.
BTW, the Middle East (where I live as well), isn’t just ‘terrorists’, that’s just a small portion….
I use only Akismet and it is sufficient for me. During last 6 month only 1 (one) spam-comment was seen in my blog. This single comment was posted in Estonian language (I blog in Estonian) by human person. So, long live Akismet!
I have Akismet and it is doing a great job. What I need is a simple solution to help Akismet – one that requires email verification. I am surprised that at wordpress 2.0.5, there isn’t a plugin that can achieve this simple task.
Thanks for the pep talk – I must be doing okay too. Askimet is wonderful and as a new spam comment shows up, I can usually find a keyword to add to the banned list for it.
Is there any thing else I can do to stop sping-ers (spam trackbacks and pings) other than what I am doing with Askimet?
BadBehavior2 doesn’t replace Akismet nor SK2, it’s quite different in what it does, so even if you use akismet and prefer it to SK2, use BB2.
Akismet rocks like hell, if I might say. I use it now for almost 2 years, and also dont need all kind of tricks like login for people, register themself, answering questions and so on.
Wow! Over 1000 spam comments caught in one day and 50,000 in total!
How do you check through that to remove the false positives?
I’m pretty happy with Akismet at the moment, it only let a couple of spam through once when it went down for a couple of hours and it’s only caught one false positive. Also, I am pleased to say that I have never entertained the thought of making my commenters jump through any of the hoops you mention above. I too am winning the war! 😀
133,927 spam comments caught till Askimet installed
Akismet does the job for me too, I haven’t needed anything else. I’ve had a couple of false positives, but the guy used the name of a common online card game as his name so you can’t blame Akismet for that!
Yes – Akismet works for me – it catches about 99.99% of my spam :razz:.
Glad to know I can say the same.
I use SK2, BB and the Akismet SK2 Plugin that looks up SK2 as a secondary defence.
I use Spam Karma 2, great article.
Yes! I believe I read it on your site last month about Akismet. I honestly would dread logging in knowing that I would have to delete hundreds of spam comments everyday. Now that nauseous feeling is gone and I blithely log on knowing that Akismet catches all these dirtbag spammer’s attempts to sell whatever stupid product they are trying to sell.
No problem here, using Akismet and Wp-Hashcash 🙂
The sad part is that those of us reading this article probably do a fantastic job at stopping comment spam. But all those people with spam infested blogs won’t (or don’t) read this site. Those who aren’t responsible with their blogs are the reason why spam comments work and why we (the good guys) will always have comment spam fired at us.
Thanks for the interesting article. I’ve always relied upon Akismet on it’s todd. I’ve never had a false/positive yet, but have taken a leaf from your book and no longer ask folk for their name and email address. I’ve also turned off hold for moderation unless previously approved.
I’ve also taken your advice and installed BB & SK2. The only thing I’d say to others is make sure you update your WP-Cache to the latest version before installing BB (just in case you download and install without reading instructions when installing plugins!)
While I’ve got Bad Behavior installed on both of my blogs, I’ve got to wonder if there’s a way to tell that it’s actually having an effect. I know it says that it’s blocked access attempts but how do you know it’s actually doing something and not just claiming to do something? At least with Akismet I know it’s having an effect. Part of the reason why I wonder is because the amount of spam bombarding my site is increasing exponentially.
I’m also not afraid to throw IP blocks up as well. Any IP that hits me with more than three pieces of spam gets blocked, in addition on one of my sites I’ve blocked the entire range of addresses that belong to RIPE Networks out of SE Asia which has had a huge effect. On the other hand I’ve noticed that it appears that my spam is coming from South America now and am considering blocking those IPs as well. While that’s not an option for many, since this site in particular is for a business that contractually can’t work with clients outside of the US and Canada, I’m not concerned if we can’t get visitors from outside of North America.
Nice post and great tips, Lorelle.
One thing to note about Bad Behaviour, although it is a great/helpful plugin, is that it can cause some false positives and the blog owner won’t always know about it.
I realized it because one commenter actually took the time to find my e-mail and explain he was receiving an “Error 412: Precondition Failed” each time he tried accessing my site in his browser. When I couldn’t duplicate the problem, I figured it was an ISP problem. Later found out is wasn’t when the dreaded 412 error popped up in my own browser (yep, I was locked out from reading my own blog) and I tracked it back to Bad Behaviour.
Just a head’s up to anyone using Bad Behaviour, monitor it and make sure unsuspecting visitors aren’t being locked out of your blog by accident.
~ Teli
akismet is doing a wonderful job of keeping my blog spam free. its very good in what it does. yes occasional ones get thru, but i find them and teach it that these are not ok. but i wish there was more we could do to stop it indefinately. that would rawk.
J’utilise également SK2, et j’en suis très satisfait !! Bravo pour l’article.
As much as I enjoy the discussion about spam fighting techniques, I’m more impressed with your clever use of metaphor. I agree.
Akismet + BB2.
Honestly, I was almost completely immune just using Akismet. I agree with you. The whole CAPTCHA thing, while effective, is a huge hassle and a deterrent to conversation.
I can no longer imagine a weblog without Akismet, it has been an integral part of every WordPress blog I deploy.
I agree that we should try not to impose restrictions on our readers just to catch comment spam. I’d rather go through all recent comments than inconvenience my readers.
You know, it’s sad to say, but I installed one of those math problem plugins today, cause I was sick and tired of all the spam comments. I mean, none of them every got through to my main page through careful moderation, but I really got tired of combing through the comments page for that crap. If anyone wants to post, I don’t think a simple math program is too much…
Wouldn’t you like to know how to refinance your home mortgage and make $$$? Just kidding. Good post, I wish more bloggers would follow your example.
Living in the Middle East myself too, I find it sad that you compare mere spammers to terrorists…. The “War on Terror” is getting a bit out of hand here…
Nice post! I could not get bad behavior to work on my blog so Instead I use my WP .htaccess file to block any computer that contains my list of “spam words”. Works great… 🙂
A crucial aspect of wiining a ‘war’ is co-operation. To be honest, i’m not entirely sure how Askimet’s innards work, but I get the impression that the data submitted on spam (and indeed, false-positive not-spam) by individual users goes to make the system better.
I like Akismet and Spam Karma 2, since they’ve almost never failed to catch the spam that gets posted. However, Bad Behaviour has exhibited a lot of Bad Behaviour for me. It locks me out of my own site for God and its author know what reason.
Given the issues, I simply don’t use it. I don’t think it helps to stop comment spammers from visiting my site when their crap still gets filtered. Moreso, if it locks me out, it can also lock other readers of my site out for no good reason, and that’s simply unacceptable for me.
I’ve installed Bad Behavior since it’s conception on many blogs and never had a problem. The latest version is very trouble free. I know some people have had problems, but there are problems and limitations with all of these comment spam filter and protection programs as they take drastic measures to protect you. In time, as they learn and grow and develop, I expect these programs to seriously improve, making it easier to fight off comment spam invisibly.
Don’t give up on Bad Behavior. It has really improved.
Great post as usual! I still moderate my comments but ever since I’ve installed SK2 along with Akisimet, it’s been great! Without SK2, I would notice a few slip through for moderation but so far, it’s been working so well. Maybe I may decide to remove moderation, well, maybe not.
As for Contact Forms, it would be so nice to get something similar since I do get some spam emails via the Contact Form. But thankfully, I am able to filter them out.
Keep up the great work!
Since I’m the man, who is constantly marked as spam by Akismet, I don’t really like the service. I do think that you can’t rely on black box like solutions, you need something more transparent. That’s why I installed Spam Karma 2. It’s configurable, smart, and does not “hate me”.
But in general – except for the war metaphor – I agree. It’s the blog owner’s responsibility to keep the blog clean.
Hi Lorelle!
I absolutely agree with you. Invisible spam fighting is the best one – and if it happens all automatically as it happens on my blog with Askimet it’s just great. It catched until now every spammy comment and if not it was in moderation (perhaps 10 out of 1800).
Occasional readers won’t comment if they have to register, login, spell fuzzy written words and that kind of spam protecting stuff.
SK2 does not work on my blog because PHP safe mode is on, but I’m still happy with my solution.
Hi Lorelle,
I hate trying to squint at deformed letters (is that an “a” or a “q”??) before I can leave a 10-second comment. It’s just sloppy blog management not to install spam blockers like SK2.
Spread the word!
Szedlák Ádám, I don’t think Akismet “hates” you, but do you think the accents in your name and the worldshots url might look spammy enough to trigger a capture?
You’re not dealing with humans but human programming on being captured. Akismet captured you here and I pulled you out of comment spam jail, but think about what might be the triggers.
And have you contacted them and asked? If you haven’t, I will do so for you.
I agree that Akismet rocks, but…I have a couple of regulars on my blog who are blocked from the spam fighting power of Akismet. Even when I mark it as “Not Spam” they still can’t post without moderation. Any suggestions?
If you are being constantly caught by Akismet (reported by friends or otherwise), you can contact Akismet and ask them to provide information on helping you get through their defenses. Hopefully they will add an explanation on how to deal with this issue on their FAQ page soon.
Before you do, consider what it is about your name, URL, website name, or content that might trigger a capture. Using a commercial website known as NOT a personal blog, like technorati, google, or some other site, in your comment form for your URL will trigger an automatic capture. Certain words will also trigger a response, as will extremely short comments that don’t seem to directly apply to the content like “good job” or “thanks for the info” as those are used by comment spammers.
See How NOT to Comment on Comments for more information on how to comment in a way that might help you get through the comment spam filters.
Thanks for your input, Lorelle. The folks who are constantly blocked both have AOL email addresses. I hate AOL in the first place…so don’t get me started. They usually leave detailed comments, and, when they omit their own weblog URL, they can comment without any problems.
I have emailed Akismet, to no avail. They have never replied to any of my five emails concerning this matter.
Have a great week.
I have finally had it with all the spam comments showing up as being caught by SK2 and Akisimet because it obviously means that they are still using up bandwidth and it doesn’t make me feel good that they are still around.
So, finally I decided to try Bad Behavior 2 and it’s been so amazing! I hope that no valid comments will be blocked but time will tell. I hope that this will also mean that I won’t get all the email spam I’ve been getting via the contact form. I have decided to start removing the contact form on every post since it was getting ridiculous that I have to keep filtering all the spams that were sent via the contact form.
So far, it’s amazing that there’s been no spam comments at all! Woohoo! I can’t believe that I tried to avoid BB for so long. Hopefully this is something that will really stop all the spam bots from accessing the site.
yes, its important manually review comments, but sometimes its very hard to decide, is it spam or not. When I remove comments, user writes: “you removed my comment, so I decided to delete your page from my sources”, etc. Not all users comments are good quality, so its not very easy to decide…
I’ve just run across a new type of comment spam, in my moderation queue, which I thought I should FYI . I notified support (the forum hasn’t any threads for this yet.)
The comment was on an “attachment” in one of my wordpress.com blogs. The attachment is not published and not public. The spammer referenced it by ID number which I can see only if I’m logged in.
By the way, do you have a preferred place for readers to add these FYI comments? I look first for a relevant post and then a most relevant post (to my eye).
I don’t understand how anything can “attach” itself to a comment in WordPress. Do you mean that it included a link that, when clicked, tried to download something? Odd.
As for reporting FYI stuff to me, any appropriate article will work or let me know on my Contact page. Thanks!
“attachment” is what WP uses for those uploaded documents and images, etc., items hosted at WP for using in the blog.
Check out your `http://blogname.wordpress.com/?attachment_id=nn` where nn is a numeral. If you are logged in, it should show as a “post” complete with comment block (at least on my theme, K2)
As I was reading through your spam fighting posts I noticed something hilarious.
Comment #47 right above mine is exactly the same as the first paragraph of Tony’s (#41). Good grief. I guess you can add that they copy already approved comments to get through. Lovely.
By the way, I use all three on my blog and don’t get any spam. I do, however, have to fish a regular commenter out of the spam hole (as I call it) every so often. He gets annoyed by that, but what can you do?:)
Ah, good catch. Since they came so far apart in dates, and there is no threaded comments on the Comments Panel, I didn’t catch this.
What you’ve found is the work of a human comment spammer. Good for you! Thanks!
I’ve been using a little plug-in that asks people to solve a simple maths problem (e.g. what’s 2 + 7?), but I’m still getting some comment spam coming through, which I don’t understand how it can happen.
After reading this article, I’m going to try fighting comment spam with Akismet.
How does it happen? Because it doesn’t work. It didn’t work in the first place, and it won’t work in the future. The CAPTCHAs, math tests, quizzes, and other torture tests don’t work. By the time you install it, the spammers have figured out how to bust through it. And the human comment spammers can get past it in a second.
The three comment spam protection tools I’ve listed in the article get to the comment spam BEFORE you see it, without making the commenter’s life miserable. That’s the best kind of defense: invisible.
Great tips, Comment moderation without irritating readers.
Do the spam tools listed here work with wp 2.7? Their download pages are very out of date.
Akismet and Bad Behavior continue to work with WordPress 2.7.
Thanks for your speedy reply – sorry it took me so long to notice it!
LOL! I so like this article! Gosh I hate spam!
I’ve been coding my own blog engine and got pestered by spam too. I don’t believe in captchas (I hate them, personally), because another site I run uses these and that doesn’t stop spambots either. So I’ve decided to have a look at how far I can push things without triggering too many false positives, and without using captchas.
So, in order to fight that, I haven’t (yet) written something as advanced and exhaustive as Spam Karma 2, but I’ve noticed that 99% (if not more) of all the spambots post their stuff in less than 10 seconds. Therefore, I check the time between the corresponding page load and the comment form submission — if it’s less than 10 seconds, the comment is blocked, and the spambot gets a 403 error in its face.
Basically, the only way to get to post in less than 10 seconds would be to either (a) copy/paste nonsense, or (b) write something really short and uninspired, or (c) be a bot. In all these cases, I wouldn’t want the comment anyway.
Also, because I log all commenting attempts, I’ve sometimes noticed that when a spambot gets a 403, completely out of the blue, the exact same form is posted from another IP address before also getting 403’d. And then another bot tries that too. So in total, up to 3 bots usually give it a try before giving up (as if it weren’t obvious enough that they’re from the same botnet).
Now I know SK2 uses the same techniques, and much more (like keyword blocking and whatnot), but this simple “timing” check is more than enough to block “dumb” bots. Spammers really don’t bother even if they face resistance from one single site, as long as their bot works on most others.
Of course, my blog doesn’t run WordPress and therefore, WP blog owners are probably targeted by WP-specific bots instead of those I’m faced with. Be that as it may, it’s been a couple months now since I’ve implemented this, and I’ve yet to see a bot getting past my rather simplistic (and imperfect) security measures.
I wouldn’t say I’m winning the battle against comment spam – but only the battle against dumb spambots.
While these are great things to do, and it would be better if your own blog engine could work with Akismet, which many do. The real issue is that something like 70% or more of all spam is created now by humans. @While you might make every hoop unjumpable, humans can jump it.
I’ve been working with colleges in changing the curriculum for their Web Development degrees. Most of the PHP classes include creating a blog engine from scratch and we’re doing away with that as the market is shot for innovative products like that without major funding and investment behind them that do something extraordinarily different and distinct. They are dime a hundred right now. I’ve been a part of many new blog engine development projects over the years, so I know of which I speak. Good luck with your project!
26 Trackbacks/Pingbacks
[…] If only all of us could be so fortunate. Beating back the comment spammers is not easy, but Lorelle lays out what she has and hasn’t done to push back spammers. 1. I do not use forced comment moderation. 2. I do not force people to register in order to participate on any of my blogs. 3. I do not force people to be logged in to comment. 4. I do not force visitors to dance through captchas, doing math problems, answering stupid questions, or guessing at bizarre spelled words. 5. I do monitor as much of the caught comment spam as possible for any false/positives that slip through, helping to train my comment spam fighting tools to improve comment spam recognition. 6. I do keep my blog free from comment spam, catching and removing the few that occasionally slip through as fast as I can. 7. I respect my audience. 8. I respect those who comment even more. […]
[…] Sadly I think that it won’t be the advertisers that will create this utopia but us, the consumers. We’ll get smarter and smarter in tuning down the noise which will force the advertisers to up their intelligence. The ones that continue to be dumb broadcasters will simply be classified as spam (Presidential election anyone?). […]
[…] I was just reading Lorelle VanFossen’s post: I’m Winning the Battle Against Comment Spam. […]
[…] Akismet is a plugin for WordPress designed to combat spam. After reading a post over at Lorelle’s blog about a successful fight against spam, I decided to at least begin my fight with akismet. […]
[…] I’m Winning the Battle Against Comment Spam « Lorelle on WordPress Lorelle velemenye a commentspamrol. Egyetertek. (tags: spam blog wordpress) […]
[…] The war against comment spam is an uphill battle. WordPress users have a number of tools at their disposal that help with combat it. Based on Lorelle’s declaration of war on spam, I’ve decided to take the same steps here on my site. […]
[…] You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. Leave aReply […]
[…] spam comments a day previous to that (sadly double my unique daily visitors and nothing compared to some blogs), this has been a miracle. To date, Akismet has stopped 11,670 spam comments and I […]
[…] I’m Winning the Battle Against Comment Spam […]
[…] plugin settings. But the mind opening inspiration (and realization) came after reading articles by Lorelle VanFossen and my friend Jed. My tests and their posts helped me to become more […]
[…] I’m Winning the Battle Against Comment Spam […]
[…] comment spam is stuffed with links, making bloggers wary of comments, and many are taking drastic measures to […]
[…] I’m Winning the Battle Against Comment Spam is already over two years old but still valuable […]
[…] issues to my page. Now mind you last night was the first time I’ve ever read anything about comment spamming, index, no follow and read Lorelle on WordPress article about linking. After reading her post it […]
[…] I’m Winning the Battle Against Comment Spam […]
[…] I’m Winning the Battle Against Comment Spam « Lorelle on WordPress (historical review) […]
[…] I’m Winning the Battle Against Comment Spam […]
[…] like Akismet stops comment spam and trackback spam. By turning off trackbacks, I believe we are letting comment spammers win. Trackbacks continue to be relevant and important elements on the […]
[…] I’m Winning the Battle Against Comment Spam […]
[…] the real comment spam fighters and let your real readers comment […]
[…] I’m Winning the Battle Against Comment Spam […]
[…] I’m Winning the Battle Against Comment Spam […]
[…] I’m Winning the Battle Against Comment Spam […]
[…] I’m Winning the Battle Against Comment Spam […]
[…] I’m Winning the Battle Against Comment Spam […]
[…] I’m Winning the Battle Against Comment Spam […]