Jun 25, 2009
I woke up this morning to a number of new comments on my blog. All of them utter crap from offshore SEO link builders.I know they were posted by offshore link builders, because I happen to track referral URLs on all comments. These particular referral URLs all had search queries like web design "post comment" which is a pretty standard starting point for link builders looking for blogs to comment on.
Great post!
This got me thinking. When was the last time one of these link builders actually posted a useful comment? Their comments make it straight past the CAPTCHA because it's a human entering them, and because they don't usually contain spammy phrases such as 'WOW gold' or 'viagra' it's hard to algorithmically filter them too.Does anyone else have problems with these 'low quality but not completely spam' posts? The ones where you have to stop and think for a bit before deleting?
Would it be so bad if I simply said no to all comments from visitors that arrived at the site from a search query such as web design "post comment"? Or any search query containing "add link", "submit url", "post comment" etc.
So, I thought I would put a bit of code together to put this theory into action.
Announcing...
So here is ManualSpamBlocker. It's a Wordpress plugin that closes comments for all posts if the visitor arrived via a dodgy looking search query. The link builder can still enjoy your quality blog posts, but they just won't be able to comment on them because they will think comments are closed.Simple huh?
This is the first Wordpress plugin that I have released, so I would really welcome any feedback you might have on it. It's still to be considered Alpha quality code, so don't be rushing to install it on your high-traffic blog just yet. Once I'm happy with how it's looking, I'll submit it to the Wordpress plugin database and see what happens. Happy to give out SVN access to anyone who thinks they are able to contribute.
24 Comments
Sorry my bad... I thought the comment was gonna undergo verification from the site owner.
But still it can be avoided.
aidan - Jul 17, 2009
Great post ;P
Err ... Great Post, Harvey :-)
I guess this works like a burglar alarm - they go somewhere else instead.
Is it working for you ?
i think you can disable by just putting no follow in your blog because spammers dont like no -follow tag
yeah. nice post about spammers and their interruption on valuable post. your cartoon images are too good than your content. lol..:>
I guess this works like a burglar alarm - they go somewhere else instead.
The link builder can still enjoy your quality blog posts, but they just won't be able to comment on them because they will think comments are closed.
Harvey Kane. A fellow New Zealander :)
Anyway im trying to get guests to my forum but yeah ive got my site pretty much optimised as you can get - its second on google if you search "new zealand mobile forum" but still not many guests. Any ideas?
Hi there I have classifieds website .What is the best captcha i can use for it?Because The website is still under test mood and I am already getting spam.
1. Install Akismet
This is the simple one that everyone does. Akismet comes bundled with WordPress by default and does a good job of picking up spam - for the average blogger, install Akismet and your spam problems will be sorted. The trouble is though, it just stops spam getting displayed, it doesn't get to the root of the problem. That's where this post comes in. We'll start with some simple methods of stopping spam being displayed and then we'll move onto stopping the spammers getting on your site in the first place.
2. reCAPTCHA
The reCAPTCHA plugin is one you've probably seen around on sites such as Facebook, Twitter and StumbleUpon. It isn't just your average CAPTCHA (an image containing some letters that are designed so only humans can read them), it uses words from old books, so every time you enter a reCAPTCHA, you're helping digitise books. At this point, you're probably thinking but if I'm telling it what the words mean, does that mean I can enter anything? How does that stop spammers? The answer is simple - there are two words, one of which the CAPTCHA knows. The second, it doesn't and you're helping digitise it.
The plugin is simple to install, in 2.7+, just do a search for WP-reCAPTCHA and click install. You'll need a key for the plugin to work, which you can get here. After you've done that, reCAPTCHA should appear on your comments' page.
3. Ask your readers to do 1+1
The second plugin that we're going to look at as a way of stopping spam being displaued is the 'Math Comment Spam Protection' plugin. Using it, you can add a field to your blog's comment box with a simple maths (or 'math' as they say in the States) question.
I'm not going to go into installing it here as there's a comprehensive installation guide on the plugin's website. You can see it in action on WordPress Hacks (image above).
4. Stop spam trackbacks
The final plugin that we're going to look at is one by the same author who made the plugin above. The 'Simple Trackback Validation' plugin checks if the IP address of the sender of the trackback is the same as the IP address that the trackback URL refers to, thus eliminating [lots]% of trackback spam as spammers won't use bots running on infected machines. As the plugin's page says, the plugin also "retrieves the web page located at the URL included in the trackback. If the page doesn’t a link to your blog, the trackback is considered to be spam. Since most trackback spammers do not set up custom web pages linking to the blogs they attack, this simple test will quickly reveal illegitimate trackbacks. Also, bloggers can be stopped abusing trackback by sending trackbacks with their blog software or webservices without having a link to the post."
Like the 'Math Comment Spam Protection' plugin, there's an installation guide on the plugin's homepage.
5. Make users login to comment
This is something that probably won't be a good idea for the majority of bloggers, but it will stop spam - make users login to be able to leave a comment and spammers will be stopped from commenting, but so will one time visitors. Just keep that in mind.
Under 'Settings'. click 'Discussion' and then tick the box 'Users must be registered and logged in to comment'. Then save changes and you're done.
6. Ban spammers by IP
Now that we've stopped spam being displayed with the tips above, we're going to move on to blocking spammers getting on your site in the first place. Something we're going to be using extensively is the .htaccess file. A basic introduction that you should read first is here, and remember the golden rule of .htaccess - always have a backup. Further .htaccess reading is available here on CatsWhoCode and my own blog, WPShout.
In most situations, this tip wouldn't be too much of a good idea; spammers will fake often their IP, but if there is one IP that is particularly bugging you, then the code below will block them from visiting your site - instert it into your .htaccess file in your blog's root, changing the second line to include the IP that you wish to ban.
Order allow,deny
Deny from 100.100.100.
Allow from all
7. Ban spammers by IP, on a massive scale
You've blocked a single spammer. Well done. Now, with help from Perishable Press, you can block thousands of spammers - Jeff from Perishable has compiled a number of blacklists, from which you can pick and choose which you want to implement into your .htaccess file. The latest blacklists, the 'fourth generation' can be accessed below:
* 'The Perishable Press 4G Blacklist'
* '4G Series: The Ultimate Referrer Blacklist, Featuring Over 8000 Banned Referrers'
* '4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots'
8. Deny comment posting to no referrer requests
Another .htaccess trick and the final comment spam stopping technique we're going to look at is denying comment posting to no referrer requests - in other words, if the comment isn't actually coming from your site, then it gets blocked. Make sure you change the url in line four to your blog.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
Source - WordPress Recipes.
9. Stop content theives
Spammers don't just limit themselves to spamming your comments - often they'll steal your content too. This next trick will stop spammers who steal your content via RSS. Once you've found a site stealing your content, first thing to do is find out the site's IP address. A search for 'ping [site name, ie catswhocode.com]' should give you a result. Once you've got that, head over to the offending site and find their RSS feed. Then, open up your .htaccess file and add the following lines:
RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^69.16.226.12
RewriteRule ^(.*)$ http://newfeedurl.com/feed
Change the IP in line two with the IP of the offending site and the url in line three with the offending site's feed.
Source - WPShout/ SEO Black Hat
10. Stop spammers stealing your images
Now that we've stopped spammers from stealing your content via RSS, now it is time to combat those who just copy and paste your articles onto their site. Yes, this isn't technically stopping spam, but it is helping combat the spammers.
You've got two options if people are hotlinking your images - watermark or .htaccess. We'll look at both, and I'll leave you to decide which is better. First up, watermarking. The foolproof method is to watermark your images before you upload them, which you can do with some simple software - FastStone Photo Resizer is a great tool that I'd thoroughly recommend. What's more, it's free! The second option is to install phpThumb and create a shortcode that resizes and watermarks your image. Copy and paste the following code into your functions.php file, having uploaded phpThumb to your theme's folder, uploaded a watermark and changed the URLs. You can also change the width that images will be resized to (it's currently 590).
What exactly is your idea to avoid spammers publishing the comments on your blog?
Please Elaborate in your next post. I will be folowing your posts for the reply.
Thanks,
Sam
Flemming Rasmussen - Oct 8, 2009
Look, whats all this paranoia really about? - I'm getting a bit tired of hearing all those SEO people complaining about spam - Who (not you) of all people was the worst of scum when it came to filling the web with garbage?
SEO people are not the victims here - u guys (still not you) started this mess and now you're all whining because some automated spammer passed your captcha?
The reason why people make the spam in the first place is because U guys directed the world into this style of mess? ;)
Flemming Rasmussen - Oct 8, 2009
Right, and thanks for the reply Harvey ;)
<!--spam was supposed to be here, but I decided not to spam Harvey--> :)
One thing though - we could start thinking of a way that actually go back to basics and make the sites rank "naturally" .. Like how do we manage IRL and port this into the web-behaviour ;)
Genius, that is exactly what I have been looking for - such a simple idea, but one that will really avoid all the really poor attempts to gain traffic with poorly written compliments posing as comments... Thanks for that!
Soundz good but does it actually work if i might put it on my wordpress blog as I get a lot of useless comment being add on my articles.
Great idea and one we'll definately add to our new comment function we're building into our CMS.
Its true that various comments are written just to generate back links, but that comments are being deleted by webmasters of the site, but if genuine comments are posted by any user, they should be given priority and importance.
There are a lot of ways to keep spammers from your blog site. You can install akismet or have your guests register before allowing them to post a comment. What I do is I don't allow comments at all :)
Heya,
Let's say someone searches for webdesign posts and finds page:
http://www.ragepank.com/webdesign-and-seo/
using the query
"add comment inurl:web inurl:design etc."
and then he simply types that url in another window or just copies and pastes it in google adding an extra site:http://ragepank.com/webdesign-and-seo/... what are you going to do after that ?
It might discourage the newbs but anyone with a bit of a brain can avoid this trick.
Overall I give it a 7/10 and i do think it's really a good plugin.
Cheers