Weblog Spamming Basics

04/08/2005

Most weblogs allow commenting an entry. Unfortunately, this good feature can also be misused. It is very important for a weblog author to understand this subject fully.

Important Note

Six Apart - the developer of Movable Type - is aware of the subject and has written the extensive article Six Apart Guide To Comment Spam. It is definitely worth reading.

What is Spam?

The word Spam describes unwanted email or simple text. Certainly, you have seen it yourself, either in electronic mailboxes or in discussion forums in the internet. Concerning Movable Type this means that a comment is not wanted because of its content or because it appears in multiple copies in a weblog.

For example, such comment spam might be created in either of two ways.

  • Unfortunately, there are readers who like to leave garbage text in comments. Maybe the comment is very interesting for the author but has nothing to do with the entry they are commenting. The contents might also be illegal in some way or it might be against good manners.
  • Typical search engines can be convinced that the own website is very important by having many other websites point to the own website. However, a search engine is not able to distinguish whether a website owner has voluntarily created a link or whether the link is part of a comment. Because of this, spammers developed software that tries to flood weblogs with new comments, consisting of nothing more than a link back.

Counter Measures

There are a couple of techniques for getting rid of comment spam. Some of these are...

  • The upgrade to Movable Type v3.15 is a reasonable action. There is a centralized administration of comments in this version. Moreover, you can configure your weblog so that each comment has to be viewed by an admin before it is shown to the public.
  • You can change the name of the CGI program that is responsible for accepting the comments. This will make it more difficult for programs to post comments by software.
  • You can extend the comment forms with additional fields. The server-side programs will check their existence and their contents. Moreover, the form can be build by client-side JavaScript.
  • The process for sending a comment might include a so-called Turing Test. Lately you find these kinds of tests in the internet more often. For example, a number that is merged with a colored background and is hardly recognizable has to be entered into a textbox.
  • You might force a comment writer to be identified via a centralized service. For example, Six Apart offers TypeKey for this.
  • Sending masses of comments can be made more difficult by watching the sending IP address. If a comment has already been sent from a certain IP address within a defined period, the next comment is rejected.

Recommendation

There is not a single best thing to do. You should be aware of the problem and choose a collection of settings.

My weblog implements the following.

  • A human will read all comments before they are visible to the public.
  • Two comments coming from the same IP address within a short interval are not allowed.
  • The CGI program has been renamed.
  • The MT Approval Plugin is used.

You can read abount the MT Approval Plugin Avoid Spam Comments.

mgs | 04/08/2005

Feedback is welcome!

What do you think about this entry? Was it interesting or boring? I would like to hear your comments. If the text was helpful, please consider setting a link to http://www.movable-type-weblog.com/.

No spam please!

For protecting this weblog I have installed the MT-Approval Plugin. You have to view a new comment in preview mode, before it is saved on the server. Moreover, I will view your comment manually, before it is published. You can find more information on the subject in the entry Weblog Spamming Basics.

With an active TypeKey session, your comment will be published immediately.

Post a new comment

TypeKey has temporarily been disabled at this location. Please create your comment without using TypeKey or log in from the preview dialog.




Remember Me?