Recent Posts
Sponsors
 |
Goodbye Comment SpamAdrian Singer, 05-18-2007 |
One of the absolute best ways to generate content and keep your website fresh is 'User Generated Content'
If you have a forum, encourage users to post new threads and comment on existing posts. If you have a blog, turn comments on and encourage users to post their comments by rotating links to top posters on the front page, running contests and removing the nofollow tag.
User generated content is free, it keeps your site fresh with the search engines and it opens up new monetization opportunities as your website begins to rank for longtail keywords in your industry.
As is the case with most good things in life, user generated content has a nasty negative side to it - comment spam.
You see it in most forums and blogs. Comment spam comes in all flavors, from gybrish, to dozens of links, non related content, one link to the poster's website or warm invitations to purchase viagra, levitra, insurance etc.
Regardless of the technology you use, if you have a form that allows users to post new content on your website, comment spammers will eventually find a way to use and abuse it.
Sure - you can require all users to register before they can post anything, but as Guy Kawasaki says, you don't want to do that unless you're stupid.
In the case of SoftwareProjects, a few short months after we launched our forum (powered by vbulletin), we started getting bombarded by a couple of hundred (!) spam comments every single day.
While there are built-in tools to moderate comments, nobody likes to spend time going through hundreds and hundreds of spam comments to weed out the few legitimate ones. Not a good use of your time.
As part of this 2-part post, I will go through our experience and elaborate on how we went from getting a couple of hundred spam comments per day to zero spam comments, without requiring a human to moderate spam.
The first step is to understand there are basically two types of spam-comments:
1. Bot-generated
These are server-side scripts that scrape websites looking for familiar patterns of "post comment" or "post reply" forms. Once these bots find your form, it will be added to a list of open comment relays. From that moment on, you can expect to be bombarded with comment spam, often several spam-comments posted within the same few minutes.
2. Human-generated
Human users finding your website and posting a one-line link back to their website or a dozen links, typically to bad neighborhouds.
--
The first type of comment spam - "bot generated" is easier to mitigate.
We can use the fact that "bot generated" comment-spam is server based to our advantadge. Server-based scripts can't execute JavaScript.
So all we have to do is some basic PGP encryption using JavaScript to authenticate the comments form is running on a browser and not as part of a server script.
Here's how -
Step 1: Locate the page that shows your Post Comments form. Find the FORM heading and add the code below directly after the FORM opener.
Replace 'olegrulez' with another random string.
What this does is - generate a unique hash value, encrypt it using MD5 with a private key ("olegrulez" - replace this with some other random string) and set the value using JavaScript.
Step 2: Locate the page that handles processing of all posted comments and add this code:
Replace the warning message with whatever you like and make sure to use the same random string you picked in step 1 instead of 'olegrulez'.
Explanation: We are validating that the information (user IP address) passed through step 1 and properly encoded with our private key. If not, a nice message is displayed to the user and execution terminates.
--
Simple. Works every time.
This quick fix helped us completely eliminate 100% of all bot-generated comment-spam. If any of you would like to get the specific "how to" for WordPress, post a comment here and I'll add that.
The next part of this post will explain how we got rid of human-generated comment-spam.
If you have a forum, encourage users to post new threads and comment on existing posts. If you have a blog, turn comments on and encourage users to post their comments by rotating links to top posters on the front page, running contests and removing the nofollow tag.
User generated content is free, it keeps your site fresh with the search engines and it opens up new monetization opportunities as your website begins to rank for longtail keywords in your industry.
As is the case with most good things in life, user generated content has a nasty negative side to it - comment spam.
You see it in most forums and blogs. Comment spam comes in all flavors, from gybrish, to dozens of links, non related content, one link to the poster's website or warm invitations to purchase viagra, levitra, insurance etc.
Regardless of the technology you use, if you have a form that allows users to post new content on your website, comment spammers will eventually find a way to use and abuse it.
Sure - you can require all users to register before they can post anything, but as Guy Kawasaki says, you don't want to do that unless you're stupid.
In the case of SoftwareProjects, a few short months after we launched our forum (powered by vbulletin), we started getting bombarded by a couple of hundred (!) spam comments every single day.
While there are built-in tools to moderate comments, nobody likes to spend time going through hundreds and hundreds of spam comments to weed out the few legitimate ones. Not a good use of your time.
As part of this 2-part post, I will go through our experience and elaborate on how we went from getting a couple of hundred spam comments per day to zero spam comments, without requiring a human to moderate spam.
The first step is to understand there are basically two types of spam-comments:
1. Bot-generated
These are server-side scripts that scrape websites looking for familiar patterns of "post comment" or "post reply" forms. Once these bots find your form, it will be added to a list of open comment relays. From that moment on, you can expect to be bombarded with comment spam, often several spam-comments posted within the same few minutes.
2. Human-generated
Human users finding your website and posting a one-line link back to their website or a dozen links, typically to bad neighborhouds.
--
The first type of comment spam - "bot generated" is easier to mitigate.
We can use the fact that "bot generated" comment-spam is server based to our advantadge. Server-based scripts can't execute JavaScript.
So all we have to do is some basic PGP encryption using JavaScript to authenticate the comments form is running on a browser and not as part of a server script.
Here's how -
Step 1: Locate the page that shows your Post Comments form. Find the FORM heading and add the code below directly after the FORM opener.
Replace 'olegrulez' with another random string.
What this does is - generate a unique hash value, encrypt it using MD5 with a private key ("olegrulez" - replace this with some other random string) and set the value using JavaScript.
Step 2: Locate the page that handles processing of all posted comments and add this code:
Replace the warning message with whatever you like and make sure to use the same random string you picked in step 1 instead of 'olegrulez'.
Explanation: We are validating that the information (user IP address) passed through step 1 and properly encoded with our private key. If not, a nice message is displayed to the user and execution terminates.
--
Simple. Works every time.
This quick fix helped us completely eliminate 100% of all bot-generated comment-spam. If any of you would like to get the specific "how to" for WordPress, post a comment here and I'll add that.
The next part of this post will explain how we got rid of human-generated comment-spam.
|
|
Subscribe Now to receive new posts via Email as soon as they come out.
Comments
Post your comments
