PixelMEDIA Inc.

Spammers are pretty clever. Wait, scratch that. Spammers are extremely clever – and becoming more-so every day. Their deviant techniques constantly evolve and for anyone that runs a website, keeping up with preventive maintenance is an ongoing challenge.

In the past, keeping spam off your blog was comparatively easy. Basically, you would block, erase or refuse any comment that provoked the user to buy Viagra, or click on adult links. As long as you monitored the comments, you would be OK.

Now, not so much. Modern spammers have taken it up a notch, and their “junk mail” is getting past a lot of moderators.

Spam will never go away, but there are a few things you can learn that will help you better deal with it.

1. Spammers are trying to achieve something.

   There is always a reason a spammer is posting something to your site. Some reasons could be:

   • Encourage or trick someone to click a link. Either to sell something, or try and install malware on the user’s machine.
   • Use your page rank to build theirs. One big way to get website traffic is to get your link out there as much as you can. Spammers attack forms to place their links on your site. It is even common for people to search the web for high-ranking websites that have discussion boards. They will then register an account on one, add links to their profile signature, and make a few semi-valid posts to simply get those links on the site. This is sometimes referred to as “sblogging” (spam-blogging), and is usually not automated, but real people trying to promote their site.
   • Test for confirmation emails. Some blogs will email a user when a comment is posted for moderation. If a spammer gets a “your comment is being reviewed” email – they just got a valid email address (from) that they can now send spam to.

2. Spam comments are usually automated.

   This means that there is not an actual person manually putting the bogus information in to your form. More likely, there is a computer in some guy’s basement that is running a program whose sole purpose is to scan the web for forms. When a form is found, the program then submits data. Programs like this are relentless and absolutely flood the internet with bogus information. It’s not uncommon for us to get 100 – 300+ spam submissions every day.

3. Your post is probably not as popular as you may think.

   I say this because I see tons of bogus comment posts on the blogs I run, regardless of the site or post content. Once a spammer finds your site, they often submit something very general, vague and non topic-specific to trick the person into thinking it’s a genuine comment. Some examples may be:

   • “Wow, this is a great post. I’m going to subscribe to your blog”
   • “I love this site’s template. I want to make something similar”
   • “I appreciate your opinion on this, keep up the great work”

   You get the idea. These are painfully vague statements that can be applied to any post. If comment does not add anything to the discussion, it’s probably fake.

4. The spammer’s link may not be as obvious as you would imagine.

   As I mentioned above, spammers are constantly getting more clever. They know by now that a big “click here to reduce your debt” link is not going to get past most moderators. What I see a lot of these days is that when a comment is posted, the user’s “email” and “homepage” can be posted with it. While the comment may seem real, check the values submitted in these fields. Often it’s something obvious like “http://Buy-more-mortgages-online.com”. Again, if the comment is general and not topic-related – It’s probably an attempt to get the spam link onto your site.

5. Spammers can quote your content.

   The programs that read your page and submit the bogus comments can even grab a sentence or set of words from your post. These are the hardest to moderate, because the comment looks valid. For example, if your blog post is titled “Remodeling your bathroom,” the spammer may post something like “I agree with your views on Remodeling your bathroom. Great site, I will subscribe!” Before you approve this comment, check the email address and homepage of the poster for spam links.

6. Basic rule of thumb – don’t automatically trust anything posted to your blog.

   It may seem a little needlessly paranoid, but what I’m trying to get across is that you really need to analyze your comments before approving them for display on your site. Not all comments are bad. People do read blogs and post feedback. It’s just very easy to fall victim to false submissions. Take a second to review the comment before you approve it.

Important notes:

Never click a spammers link. If it looks obviously bad, like “http://reduce-your-credit-debt.hhtted.ru” – clicking it may gather info about your machine, track your IP or attack your system. Just delete the comment and move on. Remember, the spammer wants you to click the link.

How can you improve your spam filtering?

As a developer, I’m constantly testing new ways to beat the spammers. It’s like an endless circle. They make something that beats our system, we update the system – repeat. For now, any of these are a good idea:

• Use Captcha on forms, requiring a user to “enter the letters/numbers in the image”. This helps a bit, but some more advanced spam programs can actually read those so it’s not 100% effective.
• Add a “spam question” to your form. It’s becoming common for a form to ask something non topic-related to confirm the user is a human. For example, “what is the next number after 3″ can be added to the form. When the form is validated, it will fail if the correct value is not entered.
• Use CSS to “hide” a field. Because most spam bots do not render CSS, and just dump data into all form fields, webmasters can:
  1. add a field to the form
  2. hide it with inline styles (not seen by most browsers, but seen by bots)
  3. require that field be blank in order for the form to validate (bots will dump something into it)
• Add a rel=”nofollow” attribute to any link that can be posted to your site in any way by the public. This is a little gem will tell search engines (Google started, more catching on) that the link is not related to your page and not to follow it. This way, if a bad link gets through all your validation and moderation, it will not hurt your page rank. Search engines tend to think this way; If a site is linked to from your page, it must be related. The rel=”nofollow” outright tells them it’s not.
• Use tools such as Akismet to filter submissions. There are tools you can use that will filter out 90% of bad comments, by using a database of spammer techniques. Every comment sent to your form is compared against this database during validation. This is a great way to reduce the spam on your blog. It won’t stop it entirely, but with it you need to inspect fewer emails. In fact, by stripping out some of the more obvious spam from your blog, tools like this will only miss the really clever ones. So if a comment gets past the filter, be sure and still check all the points above. The filter may not have this spam signature in its database yet.

Summary

It’s a lot of work staying ahead of the spammers. Keep in mind that they are constantly trying to find ways to out-think you, and all of the applications that block them. If you get comments on your blog, take a second and really look it over before approving it. The odds are it’s not what you think.

If you have a form that is constantly being flooded by bogus submissions, contact us – we can help!

Tags: Social media, Website design