How to Fight Against (sub?) Human-Written Comment Spam

By Angsuman Chakraborty, Gaea News Network
Tuesday, July 5, 2005

All the comment spam plugins of the world do not protect you against spams which are written by humans. No amount of comment spam prevention plugins or .htaccess tricks protect you against them. So how do you fight when humans write the spam themselves instead of bots? In this article I first discuss the more common ways of fighting such spams. I also bring forward a highly effective measure which I have not found discussed anywhere.

Note: You may argue that you can block users using proxies from commenting. But that method is plain wrong. Many users including myself are forced to use proxies of their ISP’s. If some spammers use the same proxy then all other users are doomed. It is not a solution. Do not blacklist proxies. Even Google Web Accelarator users uses proxies!

Step 1:
Use an effective Comment BlackList. This is a list of words that you want completely blacklisted from your blog. Be very careful what you add here, because if a comment matches something here it will be silently removed(will still remain in the database marked as spam) and there will be no notification. Remember that partial words can match, so if there is any chance something here might match it would be better to put it in comment moderation list. This is a very powerful weapon against human comment spammers. To get you started look at my blacklist. You can use it as a starting point.

Step 2:
Use a strong comment moderation list. Here you can be more relaxed in what you include. The flagged comments are going to end up in your moderation queue. However it is not a substitute for blacklist. It is your second line of defense. Too many comments here and you will find yourself more time moderating your comments than blogging.

Note: An effective way to build these lists is to note the keywords used in actual spam messages that you get. Take the ones which are not likely to occur in normal comments.

Step 3:
Check the option to automatically moderate all comments from first time commenters.

Note: If there isn’t such any of the above options in your blogging software then write a plugin or consider switching to one that does like WordPress.

Step 4:
This is the most important step in my experience and least talked about.

Often you will find apparently innocuous comments in your blog which can take various forms.
They could be praising you and your blog. They could even commend your efforts to the society etc. Or they could be simply single words or small phrases like - Hi or Hello etc.

The difference between these comments and the normal spam comments are that they normally do not have a spammy link which you can verify. Most of us take a look, decide it is harmless and let them through. And they are posted by a human.

These are leader comments in my experience. I think they are used for two purposes. Firstly they are used to get a comment approved for an email address which they use later to dump comment spam on your blog using a bot. I think they also serve a second purpose. They are used to test a system to see if it accepts comments or how strictly comments are moderated. This information is then fed to bots which then proceed to dump its load of spams. I have tested my theory on two occassions. In both cases I was able to stop influx of spams by promptly deleting such dubious comments from my blog.

As of now for the last several months I am totally spam free from humans as well as bots. They have even stopped trying.

Discussion

arhiderrr
March 2, 2009: 7:38 am

Nice article


Anonymous
August 13, 2008: 7:36 pm

I don’t believe your comment policy had anything to do with the comment traffic, depending upon where you put it. The addition of a here to your comments policy within the comments area has no impact. Spelling out your comments policy with a lot of confrontational language within the comment form area can.

July 5, 2007: 4:22 am

Hello,
I’m a 35 years old woman, married and with children. I have an employ as accountant, part-time, so I can spend the time to take care of my family and it goes pretty good like this. During the endless spent in my house i like to do something, in particular that is watching soap operas on tv on my satellite . I also like to see cartoons. I don’t evoidnot at every hour but often to watch soap
opera either.
I am enough happy with what I have and especially about my relationship with my kids. I just hope to remain in good health, so just an normal happy life.
Bye Bye
Sandra

July 6, 2005: 5:42 am

I agree that those comments are probably seeding. But your method lacks scientific rigour: you don’t have any proof that if you’d left them there you would have got the spam attacks.

Comment spam by humans is pretty rare, IMO. Too many blogs out there, far easier to automate. See “interview with a link spammer” (look it up on Google).

You also haven’t discussed trackback spamming, which is a widespread problem (perhaps fixed in WP 1.5; in 1.2 trackbacks didn’t go through the comment moderation system; I had to hack mine).

As for proxies - the problem isn’t proxies per se, but *open* proxies. Those can be used by those outside the organisation to post to anywhere, and they’re the source of that comment spam. So yes, you SHOULD block open proxies. WP 1.5 uses blitzed.org, though I find spamhaus.org catches rather more. Again, it requires a hack of the code to do it.

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :