Regardless of whether or not your blog is new or old, you are going to have problems with spam. There is no way around it, the bots are always going to be there as long as you want to stay on the internet. While both of us will probably curse those who make those bots, the only way to beat them is to set up some security and hope it blocks them to some degree we are happy with. There really isn't much you can do offensively as everything I list in this article is a defensive measure.

During my searching I ran into one blog that has flipped my thinking on spam completely. It's the spammers fault for posting the spam but it's also the fault of the people who follow those links and make it worth the time to post the spam in the first place. Email spam is big on that. If no one went along with the spam, clicked the links, or sent their money to Nigeria, there wouldn't be any spam because it wouldn't be worth it. With that in mind, make sure you educate not only yourself but friends and family about how to recognize spam and keeping an eye out and not trusting anything remotely spam looking. The less profitable it is for spammers, the less they will do it.

Anyways, I wanted to give a list of the things that you can do for your blog to prevent spam that is already happening or could happen in the future.

 

1) Reverse Turing Test - The Turing Test, if you don't know already, basically tests computers to see how smart they are. We are doing the reverse of that by creating tests only humans can pass (for now at least). Typically this is with a captcha, but I don't want to do that to people who want to post their comments, it takes too long to do and therefore fewer people will post. However, you can do a very simple question or math problem. It is very quick for users and at the very least it will take the spam bot a few tries to get past it. Which leads me to number...

2) Flood Limit - This is for those bots who are repeatedly trying to get by my easy math question. Set a limit to the amount of posts a user can make in a day, say 5. You can also set the limit on how many times they try (and fail) to post a comment. Too many failures will prevent the bot/user from posting.

3) Blacklist - There are common words in spam that you can use for blocking spammers. You can put together an array of those words with whatever you are coding with and check the comment for anything matching. Any matches throws up a red flag. I believe Wordpress has it's own list you can activate if you are using that. Keep in mind though, some spam may still get through. Usually, if you find a common spam term that you do not have on your blacklist yet, then you can easily update the list. From my crude logging system, out of the spam that gets by Bad Behavior (listed below) 99.2% has been blocked by a blacklist. It took a few weeks too get the list to finally stop them, but for now I have gone a month or two (It's March 04, 2010) without any spam.

4) Hidden Fields - This is something I have yet to test out, but seems like a really good idea. Most spam comes in the form of bots and all bots do is run around looking for forms and throws in a bunch of garbled text along with their link in hopes of getting someone to click on it. However, if you hide your field (not a input type="hidden") with CSS so that the user cannot visually see it, but the bot can, you can cut off any comments that fill that field because it would be impossible for an average human user to fill that field. I plan on testing this out as soon as I finish updating this post

5) Bad Behavior - Act badly in your blog and no one will come--ok, that was a lame joke, but seriously a bit of PHP code and including one of the files in every one of your pages will keep spam bots from entering the site at all. Use this on top of the other 3 prevention measures and it sounds like many people have stopped spam almost altogether. If you did not code your whole site by hand as I did, there are installation versions for tons of blog sites. Bad Behavior

6) Moderate Comments - Along with captchas, this is another one I want to avoid but will do if things get out of hand. If you check every single comment that comes in and approve it before it is posted, no spam will ever be posted. You can also use this tactic in tandem with the blacklist. Maybe a legitimate comment used one of your blacklist words for some reason. Making only the comments that failed the blacklist be required to be approved can limit the amount of spam and limit the amount of comments you have to approve, as well as keeping the good comments from being shot down.

            If you don't like the idea of moderation at all, you can also send yourself email alerts every time a post is made. This way, you see every post after it has been made and if you happen to run into a spammy one you can remove it promptly. Considering you probably want to read all of the comments anyways, that could be nice. However, if you are getting dozens to hundreds of comments a day than you may end up starting to spam yourself.

7) Use Javascript - This is something I have read about and would rather not do at this point (because there is still a chunk of people with Javascript off), but seems like it would be something that could work really well. What this involves is using some sort of action that involves dragging and dropping or something similar that the bot cannot do. If it isn't done, then the submission throws up a red flag and the spam gets blocked.

8) rel='nofollow'  - This is one that is created to make it less worth the spammers time to actually spam. Many spammers just want to throw up tons of links so that they can get a higher page ranking in Google. What this tactic does is makes it so that any link the comment poster makes with the rel='nofollow' attribute will not get any 'points' (I'm not sure how they do it) from Google that would make their page go up in ranking. If spammers can't get their ranking up through spamming blogs, they will do it less because it would not be worth their time. Google's Article

9) Block comments after X days - That's right, after one of your posts gets too old, stop allowing comments on it and call the conversation done. Most spammers go after older articles because there is a smaller chance you will catch them because you are not going to that article to check on it any more. Closing up shop for old articles will give you less to worry about and give spammers less places to spam.

10) Never, Never, Ever fall into a false sense of security - This post was made for those with Wordpress but if you read it, you will find that he had made this mistake and thanks to him I won't do the same thing. If you think you can turn off some of your spam prevention because you haven't had any, you will be in a world of hurt when you do so. Even with all the blocking, the spammers are still there just waiting for an opening. Don't give it to them.

 

            All of these are really what I have found to be simple to moderate to implement if you are like me and made your own blog site without a CMS and have a healthy knowledge of PHP. However, most, if not all, of these still apply on any CMS. You will just have to find out where to turn it on or figure out how to set it up to do that.

 

Category: php Tags: comments, blog, php, prevention, spam

Comments

Tell me what you think...

Name:

Website:

13 + 6 =

Comment: