Stop Spam Comments: Round 2
Right. Enough. I’m on a no-holds barred ‘spam bashing mission’ here.
I drew my battle lines with my Comments Policy.
I’ve had a few Spam Prevention Plugins installed for a while, which have now been replaced by CommentLuv Premium which blocks all automated ‘Spambots’ (and a veritable treasure trove of other cool things too)
Thing is, I want to reward my genuine commenters (like your good self) with a dofollow, keyworded backlink and a dofollow CommentLuv post link.
But – Houston, we have a problem – Spammers want to get thar grubby lil’ link stealin’ mitts on them goodies too…
Why Bother Stopping Spam Comments?
Spam comments affect a blog in several ways. They:
- Devalue your posts in the eyes of new visitors
- Discourage genuine commenters (it looks like you don’t care what’s in the comments section)
- Make it more difficult to follow discussions between commenters
- Steal link juice from your posts
- Draw traffic away from your blog
- Encourage more spammers to try their luck getting comments approved on your blog
Most manual spam is the work of SEO agencies or freelancers who have been hired to build backlinks to sites by commenting on blogs – especially those with dofollow status, some Page Rank, and CommentLuv enabled.
Because blog commenting is an easy (and effective) way to build quality backlinks, the job of posting lots of comments is often outsourced to such agencies or individuals in places like Bangladesh and the Philippines (at least, that’s where most of my spam seems to come from)
The following list shares some of the ways I determine which commenters on my blog are here to steal free backlinks with no intention of contributing any value whatsoever.
How to Identify Spam Comments
Use you’re own judgement. Here’s a few comments I’ve flagged as Spam:
Here’s some of the tell tale clues which those cheeky spammers leave behind:
- The subject of the post isn’t named at all, but referred to ‘it’ or ‘this article’ or ‘doing this’.
- The title, or even a key topic in the blog post is referred to – but nothing else. For example “That will surely make a blogger productive” – note the reference to the subject (productivity for bloggers) but the non-specificity (‘That’)
- The comment is copied and pasted from other comments (or even pieced together parts of multiple other comments)
- The comment is completely off-topic and keywords point to a site relating to the topic in the comment
- It contains needless flattery or praise (such as “Thanks for giving such a wonderful site” or “wow, this is really good blog content”
- The commenter enquires about advertising on your blog, yet links back to a completely irrelevant topic
- They tell you how they arrived at your blog (for example “I found this blog using MSN”) and goes on to say how great it is – again without real reference to the topic “This is an extremely well written article. I will make sure to bookmark it and return to learn extra of your useful info. Thanks for the post. I’ll definitely comeback”)
- The comment has irrelevant (or loads of) links in the comment body (Akismet will block these, and CommentLuv Premium can be set to do the same)
- The name and/or linked website of the commenter suggest a native English speaker (eg. ‘Steve Smith’) but the comment is clearly written by someone with a poor grasp of the English language. Note: I welcome visitors to my blog from every country, nationality and level of English language mastery. this point is included this because it is often an indicator of spam. Poor English alone is not a reason to mark a comment as spam. A good way to check the origin of a comment is to find the IP address of the Commenter (from the comments page in your dashboard) and use a tool like IP Address Locator to find out where that comment was submitted.
- The comment has no Gravatar image. Again – be wary of this one, sometimes new bloggers or those who don’t comment often have no Gravatar, so it’s not a hard and fast rule.
- The comment makes reference to how they’ve used a tool, or tried something, when – upon investigating their link – they apparently haven’t. (Example “I used the old version of CommentLuv and it really give me the result that I expected”, when linked back to a website (not a blog) about used cars? Mmmm…)
How to Ban the Comment Spammers FOREVER
- Sign up for Incapsula’s Content Distribution Network and web security service (It’ll also optimize and speed up your blog) – read more about it in my Incapsula Review (for the record – I’m not affiliated in any way – I just love Incapsula’s service)
- Plug your blog into Incapsula’s network (It’s easy – full instructions provided by Incapsula upon joining)
- Use the list above to identify spam comments.
- Look on the ‘Comments’ page in your dashboard to get more info about the commenter/s who made any that seem to be spam
- Click on their IP address (numbers – formatted like this: 122.201.110.130) This will show if they’ve made any other comments (some spammers use different names from the same IP address to be able to leave more comments and get more backlinks). Copy the IP address onto your clipboard with Ctrl+C or Command+C.
- Once you’ve identified any or all comments you’re sure are spam – not just crappy comments, but actually ones designed to suck juice from your site in order to promote irrelevant commercial pages – go to Incapsula.com and log in.
- Click on your website logo, then head into the dashboard settings for your account and click on ‘Access’
- In the ‘block specific sources’ menu, go to the ‘Block IPs’ box and paste in the IP of your spammer with Ctrl+V or Command+V (you can block entire countries if you wish, but I think that may be going a bit far. Don’t you?)
- Click ‘Add’ and then ‘Save’
- Go back to your Blog dashboard and send the comment into your spam folder…
- Continue on your merry way as if nothing ever happened, safe in the knowledge that that spammer will have to find another internet connection if they ever want to return to your blog (most of them won’t)
Spam Stopping Summary…
So in effect – Incapsula helps you build a up your own blacklist of individuals who will be unable to continue posting spam comments on your blog without going to some significant effort.
Will this stop all comment spam? No – but it puts up yet another layer of protection, and will stop some of the more prolific offenders.
All they’ll see when they try to come and suck off your blog next time is
Spam evolves. So does the technology to combat it. Right now the ‘killer combo’ of Incapsula and CommentLuv Premium is the best solution I’ve found for the set up I have here at Blogger’s Alchemy.
Is spam a problem on your blog? How do you stop spam comments?
Please share this post as far and wide as possible – The more bloggers get wise to the spammers ‘antics’ and defend against them, the less value spam comments will have, and (hopefully) the less we’ll have to deal with.
Some may say I’m a dreamer. But I’m not the only one.
Spam free living. I hope you’ll join me…
Image adapted from Garlic Spam by Father.Jack
How to Stop Comment Spam and Block Spammers Forever © 2011 Blogger’s Alchemy
Here at Blogger's Alchemy, Jym shares simple tips, tricks, strategies and techniques to make blogs remarkable, successful and exceptional. For a long time, he felt like his blogging career was going nowhere fast. That is, until he learned and implemented the things that you'll learn if you stick around... Get the best from this blog by Subscribing Now
facebook comments:
I recently got ONE very long blog spam comment that consisted only of 62 different spam comments! Of course I used them as a blog post, but so as not to feel like a blog POST spammer myself (if there is such a thing) I also wrote about 800 words about spam comments to go with them, and I even credited the spammer since I was actually allowing his (or her) comment to appear on my blog – even if it was as a post and not as a comment. I use Akismet but it’s still a pain having to empty out my spam folder nearly every day – your tips on how to block spam commenter’s for good is very useful. Thank you.
Teresa Schultz invites you to read…Examples of Blog Spam Comments
I guess you could turn off comments completely that would eliminate blog spam, but it would also eliminate your traffic.
Everyone has a different meaning or definition I guess you would call it to what spam actually is, or what they will allow and will not allow.
None of the anti-spam methods, plugins, or what have you will ever be totally fool proof or have a perfect success rate. I have tried a few anti-spam wordpress plugins. I have tried cloudflare, and I am currently testing incapsula on one of my other domains. None of them work as well as I was hoping for.
Ray invites you to read…The Pitfalls of Free WordPress Themes
I’m coming to a similar conclusion Ray.
Whatever solutions we find to combat unwanted comments – however we personally define them – new spamming solutions are being created.
It’s a constant thing, and we simply have to accept some degree of spam if we’re going to leave comments open.
For most bloggers, to close comments is to forego traffic and social interactivity, so it’s not an option.
Though the strategy explained in this post has helped a lot, there are certain offenders continually breaking through. I’m considering moderating all comments before publication to prevent this, although I’d rather not.
Thanks for stopping to add your thoughts mate
Jym invites you to read…Blog Post Length – How Long Should A Blog Post Be?
I hate spammer…….
>:]
Me too Mutri.
Jym invites you to read…Blog Post Length – How Long Should A Blog Post Be?
I’m relatively new to blogging, so I imagine spam detection gets harder to manage the more comments you get. I do agree with the comments Ana made earlier, that newbie bloggers are more in danger of approving spammed comments. I did go though the stage of accepting all comments, but went back and unapproved loads after. I now take a tough stance and if the comment is anywhere near irrelevant I don’t approve it, mainly because the comments are irrelevant, rather than I’m worried about spam..
Graham
Graham Bell invites you to read…Cheap Tablet PC
I think this is the case for most bloggers Graham – initially it’s a pleasure to have comments and not necessarily obvious when they’re spam. As we become more discerning and stat to see the patterns, we become more ruthless and tougher on those who simply want to take a link without even reading a post.
Whatever your feelings about it, there seems to be an ongoing need for intelligent moderation in order to get the best balance… Some comments fall into that ‘grey area’ where they aren’t horribly spammy, but aren’t highly relevant either.
Thanks for coming by
Jym invites you to read…Writing Effective SEO Headlines – How to Rank and Get Readers
Jym, my judgement is fairly good and so far I have the time to scan for spammers. I may well join the Incapsula effort as my traffic and experience grow. Sincere thanks for everyone helping to identify career spammers. As a beginner, I was accused of spamming WordPress with an article that still informs people of a solution for WP menu drag and drop not working (it’s Google Libraries plugin). I left the link where people with the problem were asking. But there are real spammers out there. Go get ‘em.
Astro Gremlin invites you to read…6 Reasons to Be Extra Thankful
Given the time and sensitivity to manually discern which commenters are spammers, it’s not that hard to keep your blog clean.
In a couple of cases I’ve actually started to email borderline commenters to find out a little more about where they’re at, just in case I’m being too presumptuous by labelling them as spammers.
The problem with automated spam filters – which you’ve found, and I’ve found by being repeatedly branded a spammer by Akismet (I’m not one, promise!) – is that there doesn’t seem to be a consistently accurate one. Yet.
A couple of alternative solutions have been offered in the comments below, and I’ve found manual moderation followed by banning IP’s as outlined in this post to be effective in reducing the number of human spammers.
Still considering blacklisting the entire Philippines though. Any Philippino visitors in the room? Cheers Astro!
Jym invites you to read…WordPress Ping List – Blog Update Services
I totally agree with you I have had a lot of spammers on my blog to and never knew how to get rid of them, but then I found a few plugins to solve that problem. Only that didn’t last long so I really hope some of your techniques will help me. Thanks!
Peter invites you to read…Video conference multipoint
There’s a number of possible solutions Peter. The guidelines I’ve suggested here work reasonably well for me but require a small investment of time moderating.
Depending on what you want from your blog, you could take more draconian measures – but you run the risk of throttling any kind of community development.
I highly recommend the GASP plugin (or better yet, CommentLuv Premium) to block all bots. On top of that, something to help you filter the human spammers of course…
Good luck mate
Jym invites you to read…Free Blog RSS Feed Submission Directories List
Jym,can Incapsula work well with Akismet ? I use Akismet but still have some spam comment and Akismet can’t filter it.
Techgravy invites you to read…Audials Moviebox 9 Review And Giveaways
Yup. If you want to keep using Akismet, Incapsula will run alongside it no problem…
Personally I found Akismet consistently blocked too many genuine comments, so I no longer use it here.
Jym invites you to read…5 Steps to Creating A Brilliant Blog Name
“Damon, How do you handle IP proxies; spammers and crawlers that are rotating IP addresses for every request?”
Really can’t cover this in a public arena.
“It also appears that Incapsula and CloudFlare are security layers (ip filters)/CDNs and not spam protection”
We use a variety of sources, including Project Honey Pot, to identify spammers and to challenge them. We do offer a great deal of protection from most spam.
“Also, how does pricing work?”
CloudFlare is a freemium service & upgrading is optional to a paid plan.
“I would imagine you are pricing it based on transfer/bandwidth utilization? ”
We do not. Our charges are based on feature utilization. Basic security and CDN features are included in the free plan, with more advanced options available to people that want Pro (SSL support, etc.).
“Also, I would imagine that some of the larger publishers/higher traffic websites would have some concern about re-pointing their DNS to your servers because now there is an extra link in the chain, so to speak, and if you go down, then they are down and have no ability to fix or control that fact.”
We do run into this concern at times (our DNS uptime, however, is rock solid). You don’t have to switch DNS if you activate through a hosting partner & we hope to have CNAME pointing soon.
“Do you actually cache all of the requested content, like memcached? What about new requests? ”
We don’t cache *everything*. We cache static content by file extension. By new requests do you mean new file types?
“Do they get protected by CloudFlare (even if you don’t have the content cached locally on your service)?”
We proxy traffic over ports 80 and 443 only (can’t protect other ports). So the site would still have an additional layer of protection – regardless of file type.
Thanks Damon, Appreciate you taking the time to answer those questions here mate.
Jym invites you to read…Speed Up Your Blog Without Code – Slow Blogs Lose Readers and Rank Lower (part 2)
No problem. I was actually sick when I was replying & hope I didn’t say anything stupid:)
Damon Billian invites you to read…CloudFlare Product Updates: Updated WordPress Plugin, Invoices & New CloudFlare IP addresses
No mate. All good. Hope you’re well again
Jym invites you to read…CommentLuv Premium Is Revolutionizing the Power of Blog Commenting. Here’s What You Need to Know
The first thing I look for is whether the comment is something that refers specifically to the post. If it could have been dropped anywhere, it is deletable. And unless I recognize the person commenting, it is deleted. The second thing I look for, is whether it adds any value to the post/conversation. I will be much more lenient on this if there is no URL or if the person uses just their name for a link. The third thing I look for is what site is being linked to. Even if someone leaves the smartest comment in the world, there are just a few niches that I do not want my site linking to.
David Leonhardt invites you to read…Delegate Social Media Tasks? Ouch!
I like your style David.
Seems similar to my moderation approach, though you put it more succinctly…
Identifying comments which are generic enough to be applied to any posts will identify a large proportion of spam comments.
The newer spam strategy which slips through this test is to mention the post title or keywords in the comment… Still fairly easy to spot in most cases though!
Ultimately it’s a combination of factors which decides it for me as well, and as you said, some neighbourhoods don’t get a link no matter what…
Jym invites you to read…11 Popular Places to Promote Your Blog Posts
Aloha Jym, gosh what a hot topic you stirred up here and I am sure there are pros and cons to spam comments. I do have my share and can relate to all the comments I see here. I know there are some out there looking to get their own way and others who are true commentators and with groups that encourages it. I manually go thru mine by email first, just in case if there is any virus attached to the links and my email tells me the IP’s and I can identify who the spammers are .
I do have to say I just recently cleaned out my comments and reviewed some of the ones I approved. Glad I did most of them turned out to be non-active links, which I deleted. I use SEO Quake and this tool tells me there PR and believe it or not I tweaked the spammers verbiage and url link to receive the high PR and my blog went up a notch in PR.
I figure if the spammers are on my turf the most I can do is turn around and use their links for their link juice. Glad I came by and thanks for sharing. Mahalo, Lani
PS..this would be a hot forum to cover on, just a thought so many interaction here.
Lani – Aloha invites you to read…Martha Stewart A Savvy Successful Entrepreneur And Marketer
Spam is something all bloggers face at some point Lani… Seems like there’s no way around it.
Especially as we jump Page Rank or get featured on ComLuv list – both of which are helpful – we get added to lists made by spammers as well. Which is exactly why I think the strategy I outlined here works.
I’m not sure I understand how you tweaked the spam comments to benefit your site, but I like the idea of turning the tables and making Spam Comments work for you. Can you explain further?
Jym invites you to read…5 Steps to Creating A Brilliant Blog Name
“It turned out that others who were accessing my blog for the first time were getting the captcha and giving up. ”
Whitelisting the IP does override our behavior. Passing the captcha as a human also does start to correct false/positives with IP data.
Another thing you can do is extend the Challenge Page TTL in your settings (pass captcha= won’t see it again for the amount of time you specify).
Note: One of the things our data sources does report on is infected machines. It is actually quite possible that these users may have had an infected machine & should have run an av scan.
Damon Billian invites you to read…Wow, That’s Fast! Instant DNS Updates and More…
Damon,
How do you handle IP proxies; spammers and crawlers that are rotating IP addresses for every request? I know that these proxies services are now built into many cheap, off-the-shelf spam programs/tools that can be easily purchased and used to generate tremendous amounts of spam comments. It’s just a matter of time before every spammer is proxy-ing their IPs and I’m curious to understand how CloudFlare would handle a more sophisticated attack (which is becoming the default)?
It also appears that Incapsula and CloudFlare are security layers (ip filters)/CDNs and not spam protection, in particular. In theory, it should reduce spam if less bots are able to access the website but it isn’t a spam solution, so to speak, since it doesn’t do anything to prevent human spammers or botnets.
Also, how does pricing work? I wasn’t able to easily locate it on your website. I would imagine you are pricing it based on transfer/bandwidth utilization?
Also, I would imagine that some of the larger publishers/higher traffic websites would have some concern about re-pointing their DNS to your servers because now there is an extra link in the chain, so to speak, and if you go down, then they are down and have no ability to fix or control that fact. Its hard for me to believe that for say $50/mo you can store and serve 7 TBs of images to say 500K visitors per month (one of my websites) reliably and still earn a profit. Do you actually cache all of the requested content, like memcached? What about new requests? Are they directly served by the publisher/client? Do they get protected by CloudFlare (even if you don’t have the content cached locally on your service)?
Hi Jym and everyone else discussing this. The issue is far more complex than most realize:
For example, if a commenter says they use CommentLuv but THAT comment does not link to a blog that has CommentLuv installed that does NOT prove they are lying because they could – and many often DO – have multiple sites.
While SEO agencies often hire workers in countries where English is not their native language, many of those workers are also bloggers and many bloggers whose native language IS not English comment for businesses as part of their job.
One blogger we all know and love worked for an SEO agency and did comments and I teach businesses how to comment properly by showing them how myself – which means I make comments on their behalf sometimes. (Not often, but sometimes I do – but you know my comments – they are rarely short.)
There is really no way to know for certain whether someone comments because they read your blog or they read and comment in your blog because they were seeking out sites for link building – and honestly it doesn’t really matter IF they know what they’re doing BECAUSE it makes sense for businesses and bloggers in the same niche to read and comment in each other’s blogs.
Just today a blogger commented they were concerned that if they collaborate with bloggers the others might target the keyword phrases they want. That is GOOD because if the blogs are that related they will rank better. Highly RELEVANT is more important than quantity for backlinks.
I have one of the most lenient comment policies (except for my position on adult content, gambling – even bingo – or linking to unethical sites that promote vices). The reason I do is that I know many people on Twitter or elsewhere who leave VERY weak comments BEFORE they ever comment so when they do I know they are not spammers – but believe me their comments are very similar to spam comments.
Beginning bloggers and non-bloggers write comments that are much like spam comments – maybe because people spamming blogs are also less experienced.
We have all been conditioned to distrust small businesses and always trust authorities and big brands and I can give you as much evidence as it takes to understand that it is authorities, bankers, governments, and multi-national corporations that we can not trust.
Supporting small businesses and buying local IS THE SOLUTION. Blogging communities that collaborate and support small business can change the world, improve the economy (and if we don’t it IS going to crash), and raise the standard of living for everyone in every country. You can get to that information through either link.
Gail Gardner invites you to read…Learn How to Get Noticed Online AND Get CommentLuv Premium, Too!
Thanks for joining, Gail. I love your perspective and even-handedness. Makes me ashamed to be blocking so many people.
I just don’t have the energy to devote to daily cherry-picking: “Is that real flattery or false praise? Hmmm, this link ends in .ru … Ah, here’s Travel Wisconsin, AGAIN…”
I wrote a post about Spellcasters, based on the last Harry Potter movie. Now, that post is the target of someone who uses the services of a witch. Sheesh.
I always think about you as I hover over the spam link. Seriously, it’s almost like “What Would Gail Do?”
But, I have to draw the line somewhere. I’m not even a blogger and I don’t want to play that game. I use CommentLuv because I want to share, but I don’t like the Keyword Luv business and won’t use it.
Thanks again for your insights!
Cheers,
Mitch
Mitchell Allen invites you to read…Hollywood is Building My List
Thanks for weighing in Gail…
I tend to agree with you on most of the points you’ve raised, except one key one.
I’m confident that I can identify a large bulk of SEO agency comment spam because I can detect ‘spun’ formulas and pasted formulaic comments.
One spammer who was popping up regularly was posting the same 3 sentence comment, but changing the title (love this posts about …) and principle keywords (… is a very important issue for bloggers). Otherwise word for word. It’s obvious.
Also, I’ve spent several years in India and SE Asia and I have a strong sense of how English is spoken as a second language there. Certain grammatical patterns and words in the comments I mark as spam simply smack of spinning.
So although I disagree in that sense, I agree with your more fundamental point – it’s not a good idea to block or mark comments as spam ‘willy-nilly’ – I’d say it needs some care and intelligent sensitivity.
I can see that it becomes trickier when a blogger also works as a commenter, but I still think it’s possible to tell when someone has actually skimmed or read the post they’re commenting on.
Agreed that examples like the one about commenters having multiple sites is by no means a clear indicator of a spammer – but coupled with other factors, it doesn’t look good.
And I’m absolutely with you in the support of small and local businesses too (I love your passion for this message Gail!). It seems to me that the larger economy is going to crash anyway, and it’s up to bloggers, individuals, entrepreneurs and small, grass roots businesses to create a sustainable alternative which is not linked in to the banks, corporations and unsustainable systems which currently dominate.
I can see a few more blog posts emerging out of this whole comments section. Thanks for sharing your thoughts here Gail, and thanks Mitch for your contribution as well.
Jym invites you to read…Fresher Ranks Better: Google Freshness Update
You have mentioned all the valid points but some people do not have English as first language and they are also not spammer. They write English in some odd manner. What is solution for those non natives.
I agree with Azhar that just because someone doesn’t write English well does not mean they don’t have something worthwhile to share.
When I can figure out what they meant I often correct their comments to clarify. I have even approved comments in another language when I could provide a translation of what they said.
I also publish guest posts for bloggers whose native language is not English. I strive to edit their posts to make them more easily understood without changing the character of the writing.
What I recommend for bloggers who wish to write in English is to collaborate with others who have strong English grammar and spelling skills who are willing to edit their posts. You could even leave Skype and IM open like I do and ask them to correct your comments.
Even many bloggers whose native language IS English collaborate with me and others and let us proofread their posts and improve their writing. There is no shame in that – almost every book ever published had editors and proofreaders involved.
Having ideas worth sharing does not mean you write perfectly or that your writing can not be improved. I encourage bloggers to read the intro in the post I’ll put in the Name field (not the CommentLuv link) for more on my views on why we should make the effort to cross the language barrier.
Personally, thanks to how well the GrowMap anti-spambot plugin (G.A.S.P.) works, I am now finding phony trackback spam a bigger problem than regular comment spam. You can read about that in the post I’ll put in CommentLuv. GASP is built into CommentLuv Premium or you can get information and the free version through the G.A.S.P. tab on my blog.
Gail Gardner invites you to read…TrackBack Spam: Blacklist Blogs Using Trackback Spammers Blogging Backlink Spamming Plugins
Love that mode of collaboration Gail. Very interesting. I agree GASP is excellent and ‘every blog should have one’. Will read your post on trackback spam, I don’t have too much of it and CommentLuv’s trackback blocker seems to catch most of it here.
@Azhar – To answer your point from my perspective – as stated in the post (and in my comments policy, which I know you’ve seen), the problem is not with the language itself.
But if someone writes a suspicious comment (meaning it ticks some of the boxes on my list above), and English is not their native language (no problem by itself) BUT their link goes to a website in America or the UK with perfect and complex English – Then I mark the comment as spam.
That to me is clear evidence that the commenter is being paid to write a comment on behalf of an SEO agency, and unless the comment has value to it (I don’t mind the SEO agencies if they read the posts and add genuine comments) – I don’t want it on my blog. It’s all about taking, but giving nothing back.
Jym invites you to read…How to Write Great Blog Posts in Half the Time
I had an easily identifiable spam comment tonight, “Stumbled on your web site through Reddit. You know I am subscribing to your rss feed.”
I only have one post and it isn’t even finished.
I don’t know why they even try.
Brian invites you to read…Stock Photo of Lucky’s Cafe in Dallas
Classic.
I have another blog I use for testing themes, plugins and so on, and it has three posts on it, all of which say “This is a test post” as their entire content body.
Imagine my surprise when the comments began rolling in:
“I am just sense delighted by looking at a great matter. You simply helped me crystal clear about this i extremely take pleasure in for you so.”
Hmm… nice of you to say so, ‘Black and Decker Cordless Drill’.
Thanks for sharing Brian. These spammers are truly ridiculous.
Jym invites you to read…How to use Strategic Blog Commenting to Market Your Blog
Fascinating discussion. I’ve been using the combo of GASP (via CommentLuv Premium) and CloudFlare with some success until about a week ago, when I suddenly started getting a lot of spam. I am using the CloudFlare WP plugin and I’ve noticed that some of the comments I marked as spam manually are now going there automatically. I am tempted to give Incapsula a try, though.
Sharon Hurley Hall invites you to read…Get Paid to Write Online – Now On Google+
Hey Sharon, glad you saw the tweet! So, you noticed the re-emergence of spammers, too? I’m encouraged by that fact, even though it’s sounding like bad news for CloudFlare proponents. At least I know it’s not me.
What’s disturbing, though is that it USED to work. I wonder if the team at CloudFlare broke something and don’t know it, yet? It would be great if that were the case, since it used to work, maybe it can work again…
Cheers,
Mitch
Mitchell Allen invites you to read…Hollywood is Building My List
p.s. Darn, seems I misread your comment, Sharon. That’s a GOOD thing, if manually marked spam goes into spam automatically. That’s EXACTLY what the CloudFlare folks say will happen.
Sigh. Must get coffee.
Mitchell Allen invites you to read…Hollywood is Building My List
Yes, it’s a good thing, but whereas I saw a big drop in spam at the start, I’m seeing more now. My point is that I don’t even want to see it, so that’s a BAD thing, Mitch, especially as it seems to take longer to make it to the blacklist.
Sharon Hurley Hall invites you to read…Get Paid to Write Online – Now On Google+
Sharon, my gut instinct is to ask you whether the MORE is “more of the same old spammers” versus just “more spam than ever.”
If it’s just more new spam, we can’t really fault CloudFlare. But, as it is in my case, if you mean the previously marked urls are still getting through then I have a new question:
Are those previously marked urls going straight to spam or are they sitting in pending?
In my case, they’re pending, which sucks.
Cheers,
Mitch
Mitchell Allen invites you to read…Hollywood is Building My List
They started in pending. I added one offender to the blacklist, but now there are new ones in pending.
Sharon Hurley Hall invites you to read…What’s Your Perfect Writing Environment?
Just a quick note that we won’t stop all spam (depends on our data sources) – so you will want to have other spam measures in place.
Nothing has broken on our end from the sources we use. If you see an increase in spam, you could also turn your security settings to a higher level to see if that helps.
Damon Billian invites you to read…Wow, That’s Fast! Instant DNS Updates and More…
I agree with Damon – there is NO way to stop spam so you don’t ever see it unless you are willing to also stop many of your best comments and real trackbacks.
All we can do is keep it down to a manageable level and consider it the cost of free speech.
Gail Gardner invites you to read…Why Your Geographic Location IS a Niche
Agreed. That’s why targeting obvious spam and somehow blocking it manually is a better approach. That’s the price we pay…
Thanks for dropping in Damon.
Jym invites you to read…3 Tips to Speedily Improve Your Online Productivity
Okay, thanks for letting us know that CloudFlare is still rocking it, Damon.
I will try a higher setting for a while, see what happens.
Cheers,
Mitch
Mitchell Allen invites you to read…Hollywood is Building My List
Thanks for joining the discussion Sharon.
Incapsula and CloudFlare are basically in competition with each other, and have a slightly different emphasis, I’m still weighing up the differences but intend to write a thorough comparison of both at some point soon.
Optimization-wise, they’re similar. Spam prevention-wise, I’m not sure. Incapsula has the higher security profile, and (much like GASP) seems to block all automated spam.
It also has the IP blocking function which is the crux of this post.
I’d be interested to know what’s going on with CloudFlare and exactly how effective it is at preventing the kind of spam we’re talking about, and how much effort it takes to implement that effectiveness. Is there anyone from CloudFlare in the room?
If you try Incapsula, I’d love to know how you feel, having become comfortable with CloudFlare’s operation…
Jym invites you to read…How to Write Great Blog Posts in Half the Time
Blocking IPs is problematic because many ISPs still dynamically assign IPs as someone connects to the Internet. What that means is that the spammer may be on one IP this time and a different one next time so you just blocked ALL the people using that ISP that ever get assigned that IP in the future.
Blocking IPs is only effective if the person has a static IP assigned and is not using IP cloaking or proxies to hide what it is.
Bloggers need to understand that the more successful and popular they manage to get the more manual spammer’s lists they are going to land on. Spammers sell and trade these lists so a sudden jump usually means you are on a popular list and will end up on more lists.
Is not having to ever see spam really worth losing the ability to communicate freely with each other? I don’t think so and that is why I will not block trackbacks and I still check them and approve and promote posts for the bloggers sending the REAL trackbacks (which by now are maybe 25-40% of all trackbacks).
Gail Gardner invites you to read…TrackBack Spam: Blacklist Blogs Using Trackback Spammers Blogging Backlink Spamming Plugins
“It also has the IP blocking function which is the crux of this post. ”
CloudFlare does have this option as well.
Relative to blocking by ip (my take):
If you’re blocking by IPs in a country you want traffic in, you probably want to prune your lists at times because of the dynamic element (stuff we flag for a challenge gets expired after two weeks of no bad activity, for example).
If you know that you don’t want traffic from certain countries, this is where blocking by IP makes sense.
Damon Billian invites you to read…Wow, That’s Fast! Instant DNS Updates and More…
Good to know Damon. I missed that when I was testing out CloudFlare…
Have to say I’m considering blocking the Philippines since almost all the manual spam I get comes from there. But I wary, it seems unfair to tar all with one brush, and it’s very tricky to weed out and whitelist genuine visitors.
Thanks for adding that mate
Jym invites you to read…Speed Up Your Blog Without Code – Slow Blogs Lose Readers and Rank Lower (part 2)
Glad to help. Here’s a quick link to using CloudFlare’s threat control: http://blog.cloudflare.com/cloudflare-threat-control-making-your-website
Note: Blocking by country in CloudFlare is a little misleading because it only throws up a challenge page (assumption is that people don’t want to block all visitors). You would want to block by IP/IP range if you really want to block, or set custom rules directly on your server to fully block the country.
Damon Billian invites you to read…Wow, That’s Fast! Instant DNS Updates and More…
Hi Jym,
Things were getting kind of narrow there. LOL
Okay, so I understand your position on CloudFlare. Here’s mine: the planets all lined up.
My webhost has partnered with CloudFlare, giving all my domains a boost. I did a major WordPress cleanup a couple of months back, and CloudFlare was highly recommended by several bloggers. I was desperate to supplement the GASP plugin with something for intrepid human spammers.
I don’t have any complaints, so far. Did you set your threat level to low before switching away? Mine is a medium, and I was thinking of testing a higher one!
Now, as to my blacklist experiment. Massive fail. I have no idea how CloudFlare handles spam reports. But four messages returned after having been reported as spam.
I suspect that the different urls allow them to escape. They are still in moderation, but they’re not marked as spam.
So, I’m at a loss. I don’t get many, but my real readers get mixed up in this mess and I miss a comment now and then, unless it’s moderated.
Drastic measure time? I already mentioned setting CloudFlare threat level to high. I may also turn off comments on really old posts – something I hate to do because I’m always referring to them.
One final option, which you mentioned, is filtering by ip address. I don’t understand that very well and it may be too drastic – a bazooka shot at a mousehole.
As a last word, I’m wondering if CloudFlare can actually deliver on this promise of reducing spam via reporting.
Cheers,
Mitch
Mitchell Allen invites you to read…Hollywood is Building My List
I love those planetary alignments Mitch (did I mention, I used to be an astrologer?)
I ended up setting my CloudFlare threat level to low when I found out that the medium setting was putting off some of my Indian visitors.
I didn’t test CloudFlare extensively though, so I’m still interested in the results – I love the ‘Project Honeypot’ data sharing – I’m just not convinced that it’s ‘fine-tuneable’ enough, and ends up singling out those who are construed by spammers by others, but may not be in my eyes.
From the results of your experiments, it seems that CloudFlare is not going to cut the mustard as a stand-alone spam filter. I also don’t know how it works at this stage, though it would be interesting to find out.
Filtering by IP address is – I’d say – more like taking a sniper rifle and aiming it at particular vantage points.
As Jonathon pointed out in his initial comment, some agencies employ people from a wide area, and some spammers could start to comment from other addresses.
But my experiments with this suggest that – having banned about 30 IP’s – this method works.
It took a little manual effort and will probably continue to do so (not much though), and did require some moderation decisions, but it is working. I get less spam, and some of the constant offenders are no longer appearing on my radar at all.
I’d love to know what comes of your drastic measures Mitch. I fully intend to compare Incapsula and CloudFlare sometime soon…
Thanks for sharing mate.
Jym invites you to read…How to Stop Comment Spam and Block Spammers – Forever
Hi Jym,
I appreciate the power of careful sniping with ip-blocking. Maybe that’s not as drastic as it sounds, though the WP codex stresses that spammers use a variety of ip addresses, anyway.
There’s not much interaction on the Posterous blog where CloudFlare announces stuff. Oh Well!
I’ve restored my blacklist – did you know that CloudFlare uses that, as well? So, if all CloudFlare users judiciously add to their blacklists, will we wind up with another Akismet-like fiasco? I’d love to hear what Gail Gardner has to say about that, as she makes strong arguments AGAINST Akismet, but FOR WordPress blacklisting
(not really putting her on the spot, as the reasons are not interdependent.)
Cheers,
Mitch
Mitchell Allen invites you to read…Hollywood is Building My List
I’ve been using Incapsula for a while now, Jym, but it never occurred to me to use it as spam prevention tool. Thanks for the tip!
I also think that newbie bloggers are in much more danger of posting spam comments on their blogs since they are starved for attention.
Me? I delete anything that even smells like spam.
Ana invites you to read…How to Pick the Best Affiliate Marketing Programs that Pay
That doesn’t surprise me Ana. I had noticed that none of the ‘usual suspects’ seem to last long on your blog.
Incapsula is great – I was most intrigued by it’s optimization capabilities to begin with, but I’m very happy with it’s ability to blog offending IPs (or countries, or client types)
Very handy. Thanks for dropping by
Jym invites you to read…Speed Up Your Blog Without Code – Slow Blogs Lose Readers and Rank Lower (part 2)
Man, it gets harder and harder every day to keep these spammers at bay. It seems. at least, that the auto-software is being kept at bay.
I love your little list of ‘how-to’ check for spam. It’s pretty obvious eh? I will be weary though, of banning one IP off the bat, with Incapsula, as one or two comments may have been a simple mistake. I think educating someone should also be considered. But of course, if you get 20 spam comments in a day from 1 IP it is really a no brainer.
I’m a bit disappointed though, reading your article Jym, and reading Justin’s comment, that G.A.S.P (from within ComLuv) still lets a couple spam comments slip through. But with humans clicking the anti-captcha checkbox, there’s nothing more you can do. I’m just always weary of blocking a genuine commenter because some program algorithm decided he’s a spammer. The flipside can also be true and therefore I put up with moderating a bit of spam.
bbrian017 invites you to read…#engaged @blogengage is our new trend for #blogengage
It’s an eternal story Brain, and realistically, whatever anti spam is put in place, if there’s a reward, someone will try to grab it without giving anything back.
I agree with your observation that it’s not good to be too hasty about banning people, I tend to watch for either certain dead giveaways (like copying and pasting existing comments), or watch a few comments and then decide.
GASP is only effective at blocking spambots, and as you say, any human can tick the ‘confirm you’re not a spammer’ box.
I absolutely agree about not trusting an algorithm to decide what’s spam and what’s not, which is why I don’t like Akismet (which thinks I’m a spammer – I say otherwise!). Just like you, I prefer to choose who to block completely, and manually moderate the rest.
If the volume gets up too high, as it obviously did for Justin on his blog, I may well consider a more automated, blanket option and risk losing some genuine commentators.
Thanks for adding your thoughts here mate.
Jym invites you to read…CommentLuv Premium Is Revolutionizing the Power of Blog Commenting. Here’s What You Need to Know
Spamming is terrible, annoying, waste of space and time. I had the same problem and spammers are increasing by the minute. Mostly are from PH because they are hired by American companies to do linkbuilding services for them.
Dennis invites you to read…Back Together: Hands-on Healing for Couples (Paperback)
It’s true Dennis.
I’m still considering black listing the Phillipines, since that’s where most of the real spam comes from on my blog.
But that would seem a bit like ‘cutting off the nose to spite the face’. Linkbuilding services are exactly the kind of visitors that I don’t want clogging up my comments section however, so I’m willing to look at all the options…
Thanks for dropping by mate.
Jym invites you to read…Blog Productivity – Fractals, Focus, and the Myth of MultiTasking
I can honestly say Livefyre using Impermium spam detection blocks 99% of all my Spam, better than GASP, Akisment and Anti Spam Bee. It does a double scan and catches it either on the first pass, or 2nd but removes it automatically. I have used about 9 different methods of blocking SPAM over the last 3 years and have more spam than ever now on my primary site. Livefyre was worth switching to for reducing my comment moderation times by nearly 3/4.
Justin Germino invites you to read…Formidable Pro MailChimp and Paypal Support
Wow, Justin. Causing such an uproar with your decision it seems it’s w orking solution for you. I was waiting to see what happen there before commenting, but with a 75% reduction, it seems that I’ll have to sign up if I want to comment on your blog. It also looks like people embraced your decision and signed up to still get the chance to comment. I am curious, I see nobody get’s a Gravatar and there’s no ComLuv right. So no link back or other ‘perks’? Let me know, I’m VERY interested since it seems to give you GREAT results.
Ivin invites you to read…My First Client Site
You do get a Gravatar, Livefyre automatically uses the profile pic you signed up with (Facebook/Twitter or you can set one). You get a DoFollow backlink to your site from your profile name when you register and link a site.
Also LiveFyre does show you where you most recently commented on other Livefyre blogs, so if you run Livefyre on your own blog you can leave breadcrumbs of the last sites you commented on that also use Livefyre.
Finally, Livefyre has something CommentLuv doesn’t and this is to bring somebody into the comment conversation from Facebook or Twitter. With Livefyre you can simply @reply a user and it will find them in your social network and respond to them on that social network. From a blog comment you can contact someone on Twitter and ask them to answer, or for information…etc. It also reads in comments on Social Media and puts them in the comments as part of the thread.
It is this engagement and bringing social media into the blog commenting which was the most interesting feature to me. The SPAM blocking was the best benefit, but I have seen some blogs get hundreds of comments and dozens on Social Media in the post and all related to comments on the post.
The only thing Livefyre doesn’t really do is give commenters a keyword backlink (though I opened an enhancement request for this) and they are working on “guest commenting) which they will have in place soon. They are also working on a Livefyre for Blogspot blogs which will help. @DannyBrown from http://dannybrown.me/ uses LiveFyre as well (Longer than I have) and it appears to be very effective over there as well.
Justin Germino invites you to read…Formidable Pro MailChimp and Paypal Support
It sounds VERY good Justin. I’ll have to look into that. But you’ll probably alienate the COmLuv crowd if you do…
Ivin invites you to read…My First Client Site
I did alienate the CommentLuv crowd, and I did pay a price. A few of the regular bloggers who commented on my site stopped, but many still leave a comment once in a while.
Most of my comments were from readers who run no blogs, and these # of comments didn’t really slow down. Even commenters who want a backlink for advertisers still comment and use the DoFollow link with Livefyre, so I probably only lost about 20% of my commenting. It feels like more because I was moderating so many spam comments and I don’t have to do that anymore.
Justin Germino invites you to read…Should You Create Your Google Plus Page Now?
Very interesting.
Have to say Justin that I would have commented more on your blog if it didn’t require a sign up (who likes jumping through extra hoops?) and had a keyword link.
In fact, your is the only Livefyre site I’ve made the effort to comment on.
But reading your explanation of the benefits, I’m intrigued. As you said Ivin – VERY interesting. Especially the social media connection.
If the system was a little less ‘clunky’ and incorporated something like the CommentLuv post and keyword links, I’d join. Perhaps it’s only a matter of time?
I wonder if LiveFyre and CommentLuv could be made to ‘talk’ to each other. The best of both worlds could be the ultimate solution…
Thanks for sharing and commenting guys
Jym invites you to read…How to use Strategic Blog Commenting to Market Your Blog
I use Disqus and have never had a spam problem. I just never have. But CommentLuv looks like such a great commenting plugin
Nick invites you to read…Take Notes or Live Life? There’s Your Blog Post!
I started with Disqus too Nick.
I’m sure that it helps and certainly CommentLuv provides an extra incentive for spammers to worm their wiggly way into your comments section.
The problem with Disqus, and other commenting systems is that they put some commenters off. Spammers and genuine alike. It’s a question of testing both and balancing up what outcomes you want to achieve with your posts…
Thanks for coming by and commenting mate.
Jym invites you to read…Traffic Generation Strategies Unified: Superstrings for Bloggers
Yeah, once I make more money I may invest in CommentLuv Premium but for now I’ll stick with Disqus
Nick invites you to read…Rogers & Gray Insurance Internship: Week 2
I know a couple of well established bloggers who use Disqus, but I’m a big fan of CommentLuv.
If you’re spam levels aren’t too high, the free version of CommentLuv is already awesome!
Jym invites you to read…CommentLuv Premium Is Revolutionizing the Power of Blog Commenting. Here’s What You Need to Know
I didn’t even know they had a free version. Guess it goes to show what I know. I’ll check that out soon. Got lots of homework and posting and college applications to fill out!
Nick invites you to read…Rogers & Gray Insurance Internship: Week 2
Really good tips here Jym.
After a while you gain an eye for spotting spammers. As a newbie I had no clue: I was just happy to get a comment!
In time I saw who was adding zero value and who was adding real value.
Thanks for sharing!
RB
Ryan Biddulph invites you to read…Love Your Cash Gifting Team
It doesn’t take long to tune into the intentions behind the comments, it’s true Ryan.
I was the same… As I started to get more genuine comments, I slowly became more and more ruthless with spammy ones.
But I’m a softy at heart. Anyone who makes at least a little effort will usually be allowed to stay!
Thanks for commentng mate
Jym invites you to read…How to use Strategic Blog Commenting to Market Your Blog
Sounds like you’ve been under attack by spammers! I guess you can look on the bright side, at least you’re popular
Darren invites you to read…Lost Or Stolen University Laptop Computers Could Cost Your School A Fortune
That’s one way to look at it Darren!
I like the positive spin mate
Jym invites you to read…Advertising is Dead, Content Marketing Lives, Your Blog is the Future
I can relate to this. I must admit that during my first release of my blog, I was flooded with spam. And it is really annoying for beginners like me at that time.
(http://codedincantation.com/blog/)
http://codedincantation.com/blog/ invites you to read…What is Cloud
I’m going to go out on a limb here and call this comment spam! It is clearly an off topic link embed in the user name and comment body, the comment adds no value, the site it links to is irrelevant and just an ad sense site with some auto-generated content. Classic spam!
So much for Incapsula (and comment luv).
first, this is not a spam. Second, i’m not a spammer. And third, the site is not an auto-generate content.
http://codedincantation.com/blog/ invites you to read…What is Cloud
I disagree. You used your blog url as your username, you then embed the same blog url in the bottom of a comment that offers little value.
Upon inspection of your website, it is clear that the content is not auto-generated but most likely hand written. But the high ratio of ads to text is a good indication that this site is “spammy”.
I disagree. This site is not spammy. Here, check my username again. I changed it to fit your needs. I also removed my links at the bottom of my comment. Happy now?
psepheroth invites you to read…What is Cloud
Psepheroth, I agree – spam is annoying (could you tell?)
I have to say that I thought, similarly to Jonathon, that your comments came across as spammy, for the reasons he mentioned.
I tend to delete signature links in comment bodies, and I’d prefer your name (Psepheroth is fine) in the name field.
It would actually work better for you to write Pspheroth @ [keywords] – keywords being whatever you’d like to be found on Google for – ‘code incantation’ etc… And it looks better (and less spammy)
I don’t think you’re a spammer, but I do think those small adjustments would get you a better reception on several blogs (not just mine). Just a thought.
Thanks to both of you for putting your views across without getting too gnarly
Jym invites you to read…Comments Policy
Spammers makes the blog unappetizing to read for people who just want good reading and information. I really appreciate that you point out some facts about spammers that will make the blog owners aware of the possible damages these crappy comments can do on the blog. By the way I love the SPAM pic!
Greg
Webmaster of Lethal Commission Review
Gregory invites you to read…Instant Niche Maker Review-By Mike Enos & Roxie Thomas
Unappetizing is the word Gregory…
Some comments I consider to be spam and I know come from people who aren’t reading posts seem to be accepted on some blogs.
It’s a personal choice of course, but I’m quite happy to put a spanner in the works of the spammers and promote a greater awareness of their ‘game’ – it cleans up the whole blogosphere.
Cool pic isn’t it? I love the Pythons.
Jym invites you to read…5 Productivity Blogging Tools That I Wouldn’t Go Without
Blog commenting is great way to get easy backlinks to your site, you just need to add some valuable opinion or points which you think are important after reading the post.
I have been commenting on good blogs regularly of course one reason is quality backlink
plus I got to learn something new and I never comment if I don’t have anything valuable to add.
Unnecessary comment shows to the blog owner that you only like backlinks and don’t care about what he/she is sharing.
Aaron invites you to read…Goa Carnival 2012
There’s certainly nothing wrong with commenting to gain a backlink Aaron, it’s all part of the deal as far as I’m concerned.
But it should also be about giving something back. Nobody likes energy suckers, whatever form they may take!
In summary, it’s all about being genuine and contributing in some way.
Jym invites you to read…Speed Up Your Blog Without Code – Slow Blogs Lose Readers and Rank Lower (part 2)
Good one, Jym. I’ve got spammers right on the edge. They are human and mention a detail from the post, but seem shady (shills for a site they didn’t build). How much is it hurting my blog when I approve?
Astro Gremlin invites you to read…8 Biggest Workplace Errors
It’s not a big deal Astro… A few comments which aren’t too blatant aren’t going to cause any serious problems.
But it’s up to you. If you don’t get many comments, maybe give them the benefit of the doubt for now.
If you get 80 comments on each post, show them the door.
I tend to use the guidelines above and then judge accordingly – if I see a trace of effort to make some connection, or feel that they’ve maybe read more than the first few lines of a post, I let some through.
Most I’m pretty ruthless with these days though.
Hope that helps – thanks for coming by!
Jym invites you to read…Nofollow? Dofollow? Better Search and Page Rank vs More Blog Comments
Jym, I don’t have my blog up yet, but my blog topic is unrelated to marketing or blogging.
If I comment on your marketing/blogging blog, would that make you treat my unrelated blog as spam… even though I’m commenting on your topic… and since I am a blogger?
But more importantly… since my blog topic is unrelated to yours, would CommentLuv links be harmful to YOUR site… or to mine? (Isn’t that what you were saying about stealing link juice?)
If linking is harmful (diluting) to either of us, would it be necessary for me to always comment as if I didn’t have a blog to link to?
Do you want “any” bloggers linking with your blog, or just bloggers talking about blogging? What gives you “juice”, and what gives the commenter “juice”?
Anxious to learn the distinctions that matter… Thanks!
Hi Kathryn – great questions!
To my mind (others may take a different view on this) a comment isn’t spam because of the destination of the link, it’s spam because of the intention to gain a link without contributing, participating or giving value.
So although my blog is marketing/blogging oriented, if a blogger who writes about home made chocolates or sports cars adds something to the conversation which is relevant, or genuine in nature – no problem.
You wouldn’t even have to be a blogger. My issue is with those who write comments which show that they haven’t even read the post, especially when they link to sales pages for products or completely unrelated services. Or even related services for that matter.
Heck – even a spammer is welcome if they read my post and share a real opinion or add something to the discussion! (invariably, they don’t!)
To answer your second question – ‘link juice’ is passed down some links (including those from multiple commenters or people who share my content). A link to an unrelated blog is no problem. although I don’t want any connections to or from gambling or X rated sites – that’s ‘bad neighbourhood’ stuff and can be harmful to rankings.
It is more beneficial to build links to your own site from related pages, but all links are valid and useful. So in this instance, neither you nor I would be penalized for commenting on each others unrelated blogs.
To clarify my phrase ‘stealing link juice’ – I just mean those commenters who do what it takes to get a link back to their page, without fulfilling their ‘side of the deal’ which is to give a genuine comment in return.
There’s a little more info on my thoughts about what is and isn’t spam over on my Comments Policy which I’ll link to below.
Hope this answered your question and thanks so much for coming by!
Jym invites you to read…Comments Policy
Thanks, Jym, for your helpful reply. Your Comments Policy was very enlightening!
I particularly liked that by commenting, people are giving you permission to use their words. I LOVE that! You can directly address questions as a blog post! Great idea to add that policy.
I didn’t know to look for a comment policy before I first commented; I’ll know from now on, though.
Thanks, again!
You’re welcome Kathryn, glad it was helpful.
To be honest the Comments Policy was designed more to show people after their comments had been deleted, I had a few commenters emailing me complaining and I didn’t want to have to explain!
Anytime, and thanks for your comments here too.
Jym invites you to read…3 Tips to Speedily Improve Your Online Productivity
Hi Jym,
Thanks for the tips! I have never heard of Incapsula, I’m going to set up my site with them right away!
Thanks,
Stacy
Stacy invites you to read…A Couple Tricks to Show Any Post On CommentLuv
You’re welcome Stacy.
Worth checking out for both spam prevention and site optimization!
Thanks for dropping by!
Jym invites you to read…SEOPressor: Why I threw a $47 WordPress Plugin into the Trash
Ok, so comment luv stops bot spam and Incapsula allows you to block IP addresses much like WordPress/Akisment. The problem with this approach is that human-generated spam is the biggest threat yet the Incapsula approach does not stop spam, it just stops repeat spam from the same IP address, if you manually review your comments for spam and then log the IPs into the filter.
That doesn’t seem like much a solution to me because 1) you have to manually review every comment, 2) you are always playing catch-up, never proactively blocking the fist human spam submission from an IP, 3) IP addresses aren’t unique to users, they can encompass an entire network, multiple-users, or a shared resources like a computer in a library, 4) companies hire armies of human spammers located in Asia and you can bet they all have different IP addresses which they cycle through/refresh routinely, 5) IP Proxies are free – they allow you to mask your IP on the fly and most spammers know about them.
You need a solution for blocking the first instance of human spam, thereby freeing you from being a human spam filter. The ideal solution analyzes the comment and any embedded links to decide if the comment is spam (relative to the source page/article) using a relevancy engine and other obvious clues as you have mentioned above.
I think your tell tale clues are great, now you need a solution that automates that process!
As I said Jonathan – it’s not a complete solution.
It is a step forward in making it harder for those spammers who aren’t part of bigger networks or using IP Masking.
The human spam I regularly get around here has been reduced by taking a few minutes to enter a bunch of IP’s into Incapsula.
In terms of blocking whole networks, I don’t see it as a problem, in fact I’m may consider blocking the Philippines as a whole since that seems to be the origin on most of the drivel that ends up making it into my comments section – and I don’t seem to get any genuine visitors from there (although I’m not sure).
The ‘ideal’ solution you hint it is exactly that – ideal – but as far as I know there isn’t an automated way to combat this. Let me know if you find one.
In the meantime, the method above is effective to a degree, and as far as I’m concerned, it all helps.
Thanks for such a thoughtful comment mate
Jym invites you to read…Incapsula Review: Elite Protection and Optimization for Bloggers?
Jym and Jonathan, automating the solution requires the resources of the Honeypot project.
I use the free version of CloudFlare and W3TC caching plugin.
According to CloudFlare, if you hit the Spam button on a comment, their services is supposed to add the person’s url or something.
{wanders off to CloudFlare blog}
Well, I’ll be. I haven’t done this yet! Seems you also need the CloudFlare plugin.
Here is the link to the info:
http://blog.cloudflare.com/using-the-cloudflare-api-to-report-spam-on-yo
One of things I was doing was manually adding urls to the Discussion blacklist. Several have come back, which pissed me off.
Now, I see why: I don’t have this CloudFlare feature enabled!
It’d be cool if it really works. Jonathan’s complaint would be addressed as, through CloudFlare (even without the spam notification setting), you blog never sees a good portion of what the CloudFlare folks call threats.
Cheers,
Mitch
Mitchell Allen invites you to read…Everything Rots – Conclusion
[edit]
I am using this, after all. Now, I have to do a test to see whether WP Discussion blacklist is needed.
I shudder at temporarily deleting this list.
I will let you know how it goes.
Cheers,
Mitch
Mitchell Allen invites you to read…Everything Rots – Conclusion
Hey Mitch – thanks for adding this.
I had CloudFlare running here for sometime, but replaced it with Incapsula.
Agreed it answers some of the query raised by Jonathan, and it even optimizes site speed in a comparable way to Incapsula. But security-wise, you need to go for the paid version to get a parallel service to that which Incapsula offers for free.
All that said, I know some bloggers prefer it to Incapsula – I’d be interested to hear how you get on.
Main reason I stopped using it was that I got into a discussion with several blogging friends in India who were unable to access my blog (or any other powered by CloudFlare) without filling in a captcha.
Which they didn’t like much. In short, it was losing me traffic that I valued, as well as deterring spammers.
I may well give it another test run though. Do let us know how you get on mate, and thanks for adding this – I probably should have mentioned CloudFlare in the post as well
Jym invites you to read…CommentLuv Premium Is Revolutionizing the Power of Blog Commenting. Here’s What You Need to Know
“Which they didn’t like much. In short, it was losing me traffic that I valued, as well as deterring spammers.”
Did you know you can override this behavior? Two options:
1. Whitelist the IPs in your threat control panel.
2. Turn your security settings to a lower level in CloudFlare settings.
Why we challenge IPs is outlined here: http://www.cloudflare.com/wiki/DataSources
Damon Billian invites you to read…Wow, That’s Fast! Instant DNS Updates and More…
I did set the security to Low, but still had the same response.
Problem with whitelisting is that this was affecting more than just the visitors I knew.
It turned out that others who were accessing my blog for the first time were getting the captcha and giving up. My engagement with a few such cases satisfied me that they weren’t spammers, but I know they werent the only ones – just the ones I happened to meet through social media.
Thanks for sharing the link mate.
Jym invites you to read…How to use Strategic Blog Commenting to Market Your Blog
Jym,
The ideal solution would enable the publisher to have commenters posting in real-time so that when you break an article like this and you get that initial traffic spike, you capture as many comments and replies as possible. Comments spawn more comments so the sooner you post them after breaking an article, the result will be more interaction/conversation. Plus users don’t like waiting to see there post go live.
Maintaining an IP blacklist is time consuming because you have to do it everyday! And it’s not proactive… It’s like using bubble gum to seal the cracks in a levee. And as your blog grows in popularity, it may not be a practical and scalable method.
I think you almost hit the nail on the head in your post when you said;
“The comment has irrelevant (or loads of) links in the comment body (Akismet will block these, and CommentLuv Premium can be set to do the same)”.
I think the relevancy and subject matter of embedded comment links are the key to stopping spam. But CommentLuv only works on bot driven spam and Akismet routinely misses human spam too and generates many false positives for real comments.
The ideal solution analyzes the embedded links and tests their relevance against your post or article. The link analysis also detects commercial intent, e.g. this website is trying to sell something, as well as hazardous content (porn, drugs, gambling, etc.). It also measures quality, coherence, grammar and syntax of the post, as these are also reliable signals.
I’ve been working on bringing the ideal solution to market for sometime now and have released a WordPress Plugin called SiteBrains, as well as a JS snippet version and API. You can check it out at;
http://www.wordpress.org/extend/plugins/sitebrains-1/
Initial feedback has been great and we are seeing 99% accuracy in classification of posts as spam or “ham”.
Thanks for persevering Jonathon. As I guess you realized – it takes two links to require moderation with the settings I have at the moment.
I agree with your suggestions about moderation – I don’t moderate comments (unless there’s two or more links within the body) for the very reasons you mentioned.
The IP Blacklist is proving effective – not as a total solution, but having entered 20 or so IPs, some of the ‘repeat offenders’ who used to pop up regularly aren’t coming back. I still see them on some other blogs I visit, so the strategy is working.
Naturally there are ‘first timers’ coming to drop spam comments here and it’s only once I’ve made a decision to blacklist them and done so that there’s any effect. It is a manual task, I take a few minutes once every week or two which I don’t mind. It’s still preferable to pulling genuine comments out of Akismet’s filter, as far as I’m concerned.
You’re right in saying that CommentLuv only blocks bot spam – hence the need for complimentary alternatives to block the human spam – obviously it takes no effort for a human to ‘click to confirm’.
I like your approach but it still leaves a problem unsolved: In some circumstances, I may get a comment from someone who’s niche or website is vastly unrelated to the topics I cover, yet they leave a genuine and relevant comment, showing they’ve obviously read the post and are interested in the discussion.
I don’t want to prevent commenters purely on the basis of link destination.
The only solution I see would be a software with a highly advanced, sensitive and customizable means to determine whether a comment is spam or not…
Thanks for sharing the sitebrains info, perhaps it offers the best alternative yet… I’ll check it out
Jym invites you to read…How to use Strategic Blog Commenting to Market Your Blog
Jym,
Thanks for your feedback and I see your point about good comments coming from niche sites that are not relevant. If the commenter leaves a URL in the comment, we apply the relevancy test as well as a scan for hazardous content, eg porn, drugs, gambling, etc. We do this because we believe that in-comment urls should be relevant to be published.
If the commenter’s URL is in the URL field, as is often the case on your blog, we don’t do the relevancy Check but do scan the url for hazardous content.
We also allow publishers to determine exactly how strict they want to be on links and comments. For example, you can block or accept blatantly commercial websites, eg ecommerce purchase pages, clear spam landing pages (that aren’t “hazardous”) as well as determine the level of profanity and quality in the comments you publish. The system is sensitive and highly configurable.
Of course, we are always improving and do so from the feedback we get from savvy publishers like yourself. Please let me know if you test SiteBrains out, we’d love to hear from you and have also enjoyed participating on your blog.
Thanks for the further explanation Jonathan.
I’ll make some time to test it out, seems like you are tackling the problem on some levels that it isn’t currently.
Thanks for your input here too.
Jym invites you to read…11 Popular Places to Promote Your Blog Posts