Human-Submitted Blog Comment and Form Spam

By Mike Maddaloni on Tuesday, January 20, 2009 at 03:39 PM with 5 comments

If you are reading this and it is your job to manually spam blogs and forms with links, all I have to say is I am onto you!

You don’t need me to tell you that spam is a problem. Well, if you do, Dunkirk Systems, LLC would be glad to put on a private, paid workshop for you, but I digress. Unfortunately there is no set solution to spam. If you look at it as spam is a journey and not a destination, you will grudgedly accept this. As a result, any method that you have used to prevent or thwart spam today may be rendered useless down the road.

When we think of spam, we think of it in large volumes. Opening our email to hundreds of spam messages on a daily basis, getting a ton of form submission spam, and on a blog a lot of this is in the form of comments. Robots tend to find our site somehow and have a field day. As turning off commenting and not using forms altogether does not make sense from a user perspective, other methods needed to be considered and deployed.

First Strike – Verify Submitters Are Human

My first step was to implement technology to “ensure” a form submission was made by a human. I decided to use a random question that needed to be answered. For example, a question is “what is 2 + 2 – spell it out” and the answer would needed to be entered as “four.” I chose this method over CAPTCHA for several reasons. In addition to personally not being a fan of it, CAPTCHA is as far as usable for those with are visually impaired. And forget the audio CAPTCHA – try it for yourself and see if you can comprehend it!

The random Q&A functionality worked initially, and cut down form and comment spam to almost nothing. But it did not block it entirely, as some kept coming through. After further review, I determined all was working well, and that people were the culprits!

Second Strike – Moderation

Even though I have always had moderation turned on my own blog and that of my clients, I consider this a final step after others are taken. Especially when human beings are the ones filling out the forms. How do I know this? There were 2 tell-tale signs. The first was courtesy of my site’s analytics. Many visitors came to my site from either a search query of something like “remember my personal information” or from a Web site that tracked Web sites that do not have the “nofollow” attribute on links. If tagged with nofollow, a Web site’s search engine will most likely not follow links off your page, which helps in the ranking of the sites linked from yours. As I think this is of value to me from both sides, adjusting this did not work.

The blog comments and form submissions manually submitted are interesting in themselves. Some are blatant and others are more subtle. Each post has a name, email address and some URL in it, and the comments tend to be short and choppy. Some say things like “interesting post” and others actually have some context of the original blog post in it. But as you take a look at the URL in the comment, and often the domain name and IP address of the poster, you can see they don’t really match the URL or someone associated with it, or even the same hemisphere. Those always get deleted.

Final Thoughts

Where I consider a blog a community, it doesn’t mean you necessarily have to log into it to participate. As a result, I don’t generally advocate logins for blogs. If one is considered to prevent spam, I would recommend methods as I previously mentioned. If it is thought these are too much labor than it is worth, I would ask you to consider your audience, and maybe even pose it to them. Unfortunately you may get some spam in response.

Did you enjoy reading this? You are welcome to subscribe to The Hot Iron by RSS feed or by email.

BusinessTechnology • (5) CommentsPermalink

Page 1 of 1 pages