Wednesday January 04, 2006
Battle With the Comment Spammers
Recently, this site has been hit with "Comment Spam". This is a phenomenon where commercial messages are pasted into comments on blogs. These comments are not related to the topic in the blog post, are typically for pharmaceutical products, are are done by programs, not people.
One approach to this spam is to turn off comments altogether. This is the nuculear option that is pretty unattractive. This site doesn't get to many comments, but if somebody has a question on a technical topic I post, then email becomes the method, and only the parties in question benefit from the results of the discussion.
Another approach is to moderate the comments. Hide the comments until a human (me) can review the comment and either approve or discard the comment. This is a hassle, especially since the spammers are typically code based and can throttle up the volume pretty easily. I was getting 30-40 per day.
Another approach is to put in a "CAPTCHA" ("completely automated public Turing test to tell computers and humans apart") test that puts an image on the screen that can't be read by a computer and ask the commenter to key in the value in the image. Accessibility is the issue here as those using screen readers can't participate in the commenting.
To prevent the message from providing value (most search engines like outbound links and boost site rankings when people link to the site) you could remove all the HTML or add the "ref=nofollow" attribute to anchor tags (this tells participating search engines to not index the link). But once again, this can limit functionality to real users.
Another approach is to change the comment form in a subtle way that prevents the spammers program from working properly. But much like security techniques, the smart spammer will eventually figure this out.
I've implemented a combination of the above methods, and so far I've been able to thwart their attempts. I think their programs are still hitting the site as my page views are abnormally high, but the spam actually be posted to the server has been eliminated.
What I'd really like to know though is 1) how did they find this site? 2) what makes them think that this site gets enough page views that spamming would have any success at reaching an audience (search engines or human eyeballs? 3) does it really work?
I wonder if there is some sort of blog "confessions of a blog spammer" that could provide those insights.
Search This Site
About the Author
is a Web Application Designer working in the suburbs of Portland Oregon.
He specializes in bringing user-centered, standards based, easy to use applications developed using Oracle web technologies.
This blog will focus on the crossover of standards based design and web application development with Oracle technology, and an occasional sprinkling of articles about his newly discovered "Entrepreneurial Spirit."
Recent Articles
- Fun with Ajax and Native Dynamic SQL
06-JAN-06 - Battle With the Comment Spammers
04-JAN-06 - More Web Goodness
02-DEC-05 - One of the Best Words in the Language - Free
01-DEC-05 - The Way of the Code Samurai
22-NOV-05
The Archives
- January, 2006 (2)
- December, 2005 (2)
- November, 2005 (1)
- July, 2005 (1)
- April, 2005 (1)
- March, 2005 (1)
- February, 2005 (5)
- January, 2005 (6)
- December, 2004 (2)
- November, 2004 (4)
- October, 2004 (2)
Categories
- PL/SQL (11)
- CSS (1)
- Oracle (5)
- Development (8)
- Technology (7)
- XHTML (3)
- Entrepreneurial Spirit (1)
- About this Website (1)
Quick Hits
- Here are some good notes from the Business for Geeks tutorial at OSCON. I'm not an open-source person, but it does give some good info on starting a software business.
- Drag and Drop functionality on a web page? Docking boxes shows you how.
- Amazing visual effects using Javascript is shown at script.aculo.us - and available for download!
- Ten good practices for writing JavaScript in 2005 discusses the separation of structure, content and behavior for good web practices.
- Styling form controls is riddled with problems, the visual quality of the "select" or drop-down box is one. Here is a solution
- I'm beginning to be a collector of these Ajax examples. Soon I hope to actually do one, then I'll do my own tutorial.
- I've been thinking about a business plan. Here are Top 10 Business Plan Myths of Solo Entrepreneurs
- Ajax - Asynchronous JavaScript + XML - Making Dynamic web applications possible without the disaster of Java Applets.
- ZDNet Reports on the uncertain future of web forms.
- XML.com does an excellent primer on XmlHttpRequest for dynamic web pages.
RSS Syndication
Validation
