25 Sep 2006

A Story About Comment Spam

This is my first blog, and I haven't had it for very long. I was surprised to find that it only took about a month for the comment spammers to show up (this was after I removed the CAPTCHA control from the comment form, which I deemed unnecessary due to the low amount of traffic).

I didn't want to bring back the CAPTCHA block, and I certainly wasn't about to disable anonymous comments (I hate having to sign up to a site just to leave a few words of feedback), so I decided to give the Community Server spam rules a shot instead. In my case, I was getting (past tense, as this particular spammer seems to have given up) persistent comment spam from one person. All of his comments had a similar theme and used a small selection of user names. Based on this information, I made some changes to the rules:

  • All of the user names used by this spammer immediately went on the forbidden words list. This was a safe move, as this spammers user names were all short phrases and very unlikely to clash with a real user name. Forbidden words get five points each.
  • I added a couple of choice words that were repeated many, many times in his comments to the bad words list. Bad words get two points each, and are allowed only once before they start to count towards the spam score.
  • While this user did not post any links, I decided to take the advice posted on several other blogs and enable the link count rule. I allow three links, with five points added for each link beyond three.
  • Similarly, I enabled the IP count rule, allowing up to three comments to be posted from the same IP within sixty seconds. Every post beyond three earns five points. I'm still wondering if this rule might be too loose, as I can't imagine anyone posting three legitimate comments in a minute, but I see no need to change it for now.
  • Since the bad word count and link count rules are fairly loose now, I set the score to mark a comment for moderation at five and increased the score to mark a comment as spam to fifteen.
  • Finally, I set comments to be disabled after a post had been up for thirty days.

And then I just sat back and watched. It is now about three months later, and the spam blocker has caught pretty much everything that's been thrown at it. More importantly (to me, anyway), it hasn't incorrectly flagged any legitimate comments as spam. I am very, very impressed. I've even loosened the post date restriction to ninety days, because I really don't care how much spam shows up, so long as it doesn't make it to the actual page.

I've also since installed Ken Robertson's AllCommentRss CSModule, which creates an RSS feed of all comments posted to your blog, and apparently filters out spam comments as of last week. I no longer have CS email me when I get comments; instead, I use the RSS feed to watch them while CS sends an email when I have comments that need moderation (spam).

,

Comments

Community Server Daily News said:

news of the day a grab bag for what's happening in Community Server Sean Winstead provides a brief report

# September 26, 2006 @ 7:37 AM
Technovangelist said:

I have had a blog in one form or another for ages. In fact, if your definition of a blog is a place to

# October 31, 2006 @ 6:52 AM
Daily News Faq List said:

Justin Pierce brings us a story of Spam Control, not wanting to go the CAPTCHA route and instead relying

# November 22, 2006 @ 3:15 AM
Community Server Bits said:

Justin Pierce brings us a story of Spam Control, not wanting to go the CAPTCHA route and instead relying

# March 12, 2007 @ 3:20 AM
t mobile send text messages said:

t mobile send text messages

# October 29, 2007 @ 1:12 PM
Technovangelist said:

I have had a blog in one form or another for ages. In fact, if your definition of a blog is a place to say what I am up to and for others to leave comments about it, enabling a basic conversation, I have had a blog since I was living on 3rd and A in NYC

# May 11, 2008 @ 4:52 PM