How to Fight Against (sub?) Human-Written Comment Spam

All the comment spam plugins of the world do not protect you against spams which are written by humans. No amount of comment spam prevention plugins or .htaccess tricks protect you against them. So how do you fight when humans write the spam themselves instead of bots? In this article I first discuss the more common ways of fighting such spams. I also bring forward a highly effective measure which I have not found discussed anywhere.

Note: You may argue that you can block users using proxies from commenting. But that method is plain wrong. Many users including myself are forced to use proxies of their ISP’s. If some spammers use the same proxy then all other users are doomed. It is not a solution. Do not blacklist proxies. Even Google Web Accelarator users uses proxies!

Step 1:
Use an effective Comment BlackList. This is a list of words that you want completely blacklisted from your blog. Be very careful what you add here, because if a comment matches something here it will be silently removed(will still remain in the database marked as spam) and there will be no notification. Remember that partial words can match, so if there is any chance something here might match it would be better to put it in comment moderation list. This is a very powerful weapon against human comment spammers. To get you started look at my blacklist. You can use it as a starting point.

Step 2:
Use a strong comment moderation list. Here you can be more relaxed in what you include. The flagged comments are going to end up in your moderation queue. However it is not a substitute for blacklist. It is your second line of defense. Too many comments here and you will find yourself more time moderating your comments than blogging.

Note: An effective way to build these lists is to note the keywords used in actual spam messages that you get. Take the ones which are not likely to occur in normal comments.

Step 3:
Check the option to automatically moderate all comments from first time commenters.

Note: If there isn’t such any of the above options in your blogging software then write a plugin or consider switching to one that does like WordPress.

Step 4:
This is the most important step in my experience and least talked about.

Often you will find apparently innocuous comments in your blog which can take various forms.
They could be praising you and your blog. They could even commend your efforts to the society etc. Or they could be simply single words or small phrases like - Hi or Hello etc.

The difference between these comments and the normal spam comments are that they normally do not have a spammy link which you can verify. Most of us take a look, decide it is harmless and let them through. And they are posted by a human.

These are leader comments in my experience. I think they are used for two purposes. Firstly they are used to get a comment approved for an email address which they use later to dump comment spam on your blog using a bot. I think they also serve a second purpose. They are used to test a system to see if it accepts comments or how strictly comments are moderated. This information is then fed to bots which then proceed to dump its load of spams. I have tested my theory on two occassions. In both cases I was able to stop influx of spams by promptly deleting such dubious comments from my blog.

As of now for the last several months I am totally spam free from humans as well as bots. They have even stopped trying.