Mobile version (Display Regular Site)

Skip to: Navigation | Content | Sidebar | Footer


Weblog Entry

Borderline

January 03, 2007

They continually adapt their tactics to avoid counter-measures meant to eradicate them — that could describe a lot of unpleasant things, but I’m talking specifically about spammers here.

I think 2003 was the year that blog spam really started to take off; at first it was a bunch of obvious link dumps meant to encourage click-throughs. When blog software finally started building in spam tools, the tactics changed. Spammers posted less-obvious tangential comments and flattering praise, in order to remain undetected while sapping some of a blogger’s PageRank for themselves. Enter the controversial nofollow attribute. These classic forms of blog spam are still around, but if you have a relatively modern authoring tool like Akismet or what’s built in to the latest versions of Movable Type, you’re probably not exposed to them anymore.

Movable Type Spam Interface

I believe it was last year or possibly 2004 when people started noticing that spammers would simply copy a comment made previously in the thread. If you didn’t notice the duplication (or the URL that the comment pointed back to) you’d likely never realize what was going on. Around the same time, there was a rise of simple comments designed to appear on-topic at a glance, so if you weren’t paying attention you’d completely miss their intent.

It’s this last one that’s been a major thorn in my side, and it seems to be getting worse. I’ve seen a lot of comments on this site recently that look relatively innocuous at first, if somewhat useless or redundant. The URL the commenter has left behind doesn’t look particularly spammy, but it is a commercial site. (A disproportionately high number of them have been from .de and .pl TLDs, oddly enough.) At one point in time I’d have left them alone, but I find myself deleting more and more of them.

There might be an argument to be made that these are legitimate comments. A URL pointing to a commercial site isn’t cause alone to suspect spam. However, the overall trend seems to indicate that some people are trying to get a free ride out of sites with higher PageRank, and the general quality of the comments usually isn’t good enough to justify keeping them around.

Yep, legitimate comments do get deleted sometimes. But to me, the line is blurring. I’d prefer to throw out the throwaway comments and keep the overall dialogue quality high, than assiduously maintain an unfiltered comment thread and allow these junk comments to persist. If there’s cause for doubt, I’ll simply remove a commenter’s URL and let the comment stand.

When this redesign launched, I reduced the comment policy to basically “quality over quantity”. I feel no qualms about clicking the delete button anymore.


1
Sam says:
January 03, 12h

I feel very scared to comment now, but anyway, I also think there is a fine line between a user posting seemingly useless information to grab some page rank, and a user posting seemingly useful stuff to try and get someone he/she looks up to to notice him. I guess this is why you mention focusing on companies and not individuals.

Do you think that these posts are generated by a bot of some sort or are they so accurate that they have most likely been actually typed by someone working at the company?

2
January 03, 12h

Good (well, not really good since it would be better if we didn’t have to deal with spam) to see I’m not the only one pushing the delete button more frequently. I too have been getting more and more of these borderline cases, and they actually piss me off more than old-fashioned, “honest” spam.

3
ramanan says:
January 03, 12h

I am pretty quick to delete comments I think are crap. I think if people want to say something on the Internet, it isn’t hard to do so. No web site needs to be a venue for anyone and everyone to say their peace. On popular sites, the amount of noise in the comments could probably be fixed to some extent if the site owners took the time to prune comments that add little value to the conversation.

4
Dave S. says:
January 03, 12h

“Do you think that these posts are generated by a bot of some sort or are they so accurate that they have most likely been actually typed by someone working at the company?”

Tough to say. Some of the persistent .de and .pl spam was obviously bot-induced, but the harder-to-spot comments generally have the feeling of being done manually. They’re just about always one-offs, and I rarely see the same site twice.

It feels like there are a growing number of those though. Maybe someone wrote a book or how-to guide that advocated doing it.

5
January 03, 12h

How soon is it before we just stop linking people’s names in their comment to their website forcing any spam links to be in the body and easily identifiable?

6
January 03, 12h

Concentrating on comment quality makes sense to me. The “5-seconds to type” comments are generally rather pointless anyway.

On my own blog I’ve made it so that posting a comment requires Email verification before appearing. If too many hours pass without that verification, the comment gets deleted from the database. At first I worried that people wouldn’t bother commenting - but then I realized that this acted not only as a spam filter, but as a filter to those sort of lazy comments that I’d rather not read anyway. Fortunately, I don’t get much problem with spam comments now (despite the comment processing script being the most-hit page of the entire site).

Those referrer spammings on the other hand… *shudder*

7
January 03, 12h

I was getting an absolutely insane amount of comment spam (hundreds per day) until I enabled Akismet. I suspect part of it has to do with the fact that I sometimes post about poker, which also is a favorite topic of the comment spammers (online poker rooms, casinos, etc.). Since installing Akismet, only a few of these get through per day.

But what bugs me about is that even though they don’t get through, they still bang the hell out of my server. They account for a massive amount of traffic to my site. Running Akismet and other spam prevention measures on each one means they’re actually fairly expensive tasks to do with, server-load wise.

So, even though very few get through any more, it really chaps my hide that I actually had to upgrade to a more expensive hosting plan in order to accommodate them.

8
January 03, 13h

I’ve noticed this too - I’m getting a lot of comments with flattering statements like “Great Site!”, or “Interesting and informative!” which use the userlink to whore some spam-like site.

Unfortunately, as you say, it gets really hard to discriminate between spam and real “Great site!” posts. It’s a shame, but once again, spammers are screwing up the internet for everyone. However, I do think your approach of quality-over-quantity is best, it’s your site, you get to decide what’s on it.

( Speaking of blurring the line between a “great site” post and spam - this comment is basically just a “me too” post, so it’ll be interesting to see if it turns up :-)

–Simon

9
Dave S. says:
January 03, 13h

“Speaking of blurring the line between a “great site” post and spam - this comment is basically just a “me too” post, so it’ll be interesting to see if it turns up”

A three paragraph unique, on-topic comment is hard to justify deleting, even if it boils down to “me too”.

10
January 03, 13h

@Jeff Croft - I was having the same problem on a wordpress site of mine, getting around 200 Akismet-declined comments a day. I enabled a plugin that asks the user to perform a simple math question (5+3 = what?) while commenting, and the actual *requests* have dropped to 1 or 2 akismet-declined per day.

I think what’s happened is the spammer who was hitting my site has given up because of the added difficulty, leaving just the few drive-by spammers.

I know that jeffcroft.com is running django, but this should be quite an easy modification to make (although you’d probably have to mod. the freecomment app. directly).

–Simon

11
January 03, 13h

Jeff: I don’t know what’s powering your site, but the Bad Behavior plugin for WordPress (and possibly others) stops a lot of spam attacks by denying their requests - thereby reducing your server load.

Dave: I don’t want to sound like an ass, but for a lot of us without your level of popularity, the thought of deleting possibly legitimate comments sounds insane: I almost welcome spammers because it means that maybe somebody is looking at my site! =-)

12
January 03, 13h

Thanks, Simon. I have considered doing something like that, but haven’t given in, yet. It’s a good idea, though. I just hate feeling like the spammers won, I guess. I hate to make my users have a lesser experience when commenting because of the spammers. Might have to, though.

You’re right, though – it’d be really easy to do something like that with my setup. And I’m already running a custom version of Django’s built-in freecomment app (which I’ve hacked up for Akismet support and several other things) – so that part of it is no problem.

13
January 03, 13h

I agree with Jeff about the bandwidth being a serious problem.

The spammers not only steal bandwidth which translates to money but they steal our time in managing their spam which also translates to money.

So not only are they stealing money from us but they also pollute the air just like the freaks that drive through residential neighborhoods with their stereo cranked! And in the case of spammers the air is just the overall content on the Internet.

I would love to meet one of these spammers just to see what kind of a low life does this kind of thing. And then after meeting the spammer I would like to punch him/her in the face! :)

14
January 03, 13h

I know what you mean, Dave. It can be tough though, deleting the borderline comments. I always find myself wondering if a comment I delete might just be from someone who, while right now isn’t posting terribly eloquent thoughts on my site, might become that kind of valuable contributor later.

I hate deleting comments, so I use a combination of techiques to stop spam being a problem:

1. Akismet. Blocks the dumb spam (obvious keywords etc).
2. Anything with more than 5 links, link tags, or bbcode links is automatically flagged for checking.
3. Referrer checking. No referrer, likely to be a bot.
4. Sessions. Because my comments are on a different page to posts, I can look at the time between page views. Spammers will skim an article if they read at all, then comment, whereas authentic readers have a different profile.
5. Changing form field names regularly - stops bots dead in their tracks. I have a system (not quite finished yet) to change them daily, automatically and unpredictably.

With all of this I tend to get one or two comments a week where the commenter uses keywords instead of a name, but leaves a genuine comment (I usually delete the URL if this happens).

The rest of the 200-500 spam comments a week are filtered and checked. False positives? Occasionally, but as long as the users don’t see the spams, I don’t mind checking through them every few days for a gem that got accidentally flagged.

15
January 03, 14h

Revy (15), The Register recently posted an interview with one of them (link/comment spammers)
http://www.theregister.co.uk/2005/01/31/link_spamer_interview/

Personally I have encrypted my commenting form and created an unusual form submit target. I still get the occasional comments from people trying to self promote -or promote a company. But it is at the rate of 1-3 spams per month.

I simply used Automate’s email encrypted (advanced version), and encrypted the entire form html.

16
tom says:
January 03, 14h

I was about to post about blogspam today, too. For some reason, it’s been pouring in as of late, mainly through a single post which I have subsequently UNpublished.

I, too, am a MovableType user. I like the control it affords me. Unfortunately, MediaTemple no longer offers a one click install, so I don’t have the current filtering options (and banning commenters isn’t functioning).

My blogspam seems to emanate from bots and the URLs are quite deliberate in their placement within the comments, usually following “Nice site!”. Since I have low traffic and no real readership, I am resigned to approving all comments. It seems you are being treated to a slightly more insidious variety of spammer…

I wish you luck!

PS - Will your site’s color scheme change monthly?

17
Luke says:
January 03, 14h

My solution to comment spam is Akismet + Bad Behavior + Simple Trackback Verification.

Bad Behavior eliminates 99% of spambots and stuff that looks like spambots (based on their user agent, behavior, aggressiveness and etc).

Akismet will usually snag any spam that slips through based on their huge database of patterns and keywords.

Trackback verification ensures that only trackbacks from *existing* sites get to be scanned by Akismet.

I went from 80 spams a day to virtually 3-5 per week. In the past would start every day scanning through 3-4 pages of Akismet queue. Now I only look at it once a week or so. I really highly recommend using the Bad Behavior plugin.

My rule of thumb is to treat all one line, generic comments as suspicious - especially if they come in bulk. For example, if you notice that in the past 3-4 hours 10 or more people posted many different variations of “Wow, what an insightful post!” to different threads you might be looking at a bot.

18
January 03, 15h

I can’t tell you how much this pisses me off. The internet could be a truly wonderful resource if it wasn’t for the various peddlers of filth, pharmaceuticals and finance offers. It has got to the point where I spend a significant fraction of my day wading through spam, deleting comments, and adding rules to .htaccess files to try and stay ahead of the junk.

Just imagine what it would be like if none of these measures were necessary? Imagine an email system that didn’t require filtering! Or a blog that could allow people to freely post comments with rich text and hyperlinks! Or an access log that wasn’t stuffed with faked referrals!

I try really hard to accept the reality of it all, but these problems make me boil with rage. Perhaps Web 3.0 will be better?

19
illovich says:
January 03, 15h

“I’d prefer to throw out the throwaway comments and keep the overall dialogue quality high…”

I couldn’t agree more. The only bullshit I’ve ever allowed on my site (which gets likely 1/1000 of the traffic you get) is one time a bunch of eigth-graders found a flash game linked from my blog, and clearly thought they had to come back to my site to get to it – the banter they had back and forth was so funny I had to let it stand.

I’m in the middle of migrating to WP from Movable Type .6 (!!!), and I look forward to having Akismet on my side. I had gotten so sick of blogspam that I removed the ability to place a url in a comment entirely – I felt bad doing it, but I get 5-10 good comments a year, and I was getting thousands of spam posts a month.

My wife takes it a bit further - on our dog picture blog she deletes anything that isn’t a happy, nice thought. She says that the blog is about having fun looking at cute dogs, not bitching about breeders or animal rights, or trying to be cooler than other people.

I think it’s an interesting philosophy to have – it sort of turns me off by default, but with so much bullshit on the web 2.0, I wonder if it isn’t better to have stricter standards of communication.

20
Tony says:
January 03, 15h

While I don’t personally have a site that suffers this problem, I’m really getting sick of seeing it elsewhere. Like Brent said above, it’s like visual pollution, poisoning the digital habitats it infests and destroying the purity and freedom of Internet communication.

What scares me the most isn’t necessarily that the spammers eventually adapt to every layer of protection (although that sucks, too–currently successful methods listed here noted). It’s what the spammers are capable of during the rare instances when they are genuinely threatened.

A couple of articles on the death of Blue Security at the hands of a spammer who effectively held the internet hostage:

http://www.wired.com/wired/archive/14.11/botnet.html?pg=1&topic=botnet&topic_set=

http://www.wired.com/news/technology/0,70913-0.html

Welcome to the digital mafia.

I lost the URL of the wikipedia article, but the spammer behind the Blue Security attacks made comments like:


“if i can’t spam, there will be no internet”,
“you know Ii feel sorry for you and all the world 9000 servers (which) are down :-)”,
“Blue found the right solution to stop spam, and I can’t let this continue.”


The arrogance makes my blood boil, but unlike in the movies the *bad guy won*. And so far, the spammers still are. :(

I would really like to be proven wrong, because I hate being so pessimistic about the whole issue. It’s honestly draining to contemplate or research because what can a person do against someone who can DDoS a top-tier ISP?

I welcome enlightenment and optimism.

21
January 03, 16h

“It feels like there are a growing number of those though. Maybe someone wrote a book or how-to guide that advocated doing it.”

Numerous and sundry SEO blogs have been offering suggestions for months about getting visibility in search engines by leaving comments on high page rank blogs. They suggest older articles. And,

Link-Building spammers are leaving comments with innocuous looking links with sleazy site URLs in hopes of gaining free link popularity. And,

Some “Get-Rich Work-at-Home Pyramid Scheme” companies are supplying bot software (of which a few of the more advanced software by-passes comment boxes, going directly to the ‘Preview’ page with its ‘Post/Submit’ button).

I’ve seen an increase from Romania.

22
January 03, 16h

Your new attitude is quite right, I reckon.

1. Your site, your hosting fee, your rules.

2. It’s nicer for readers not to have dull comments to wade through. Makes it easier to find the good stuff. Most stuff on the web needs a good edit, comments more than most.

3. Anyone not grown up enough to deal with an honest deletion of their me-too comment might not have a great deal to contribute anyway.

23
January 03, 21h

Comment spamming – and email spam – is a pandemic, and it’s getting worse. It irritates me to no end. If any spam form was limited it might be effective (if it didn’t piss us off limited numbers could successfully do it). But, noooo, it has to be done to death. As Rambo said in First Blood: “They drew first blood, Colonel.”

Thank goodness there are decent tools to deal with it, but still, enough makes it to moderation to be a pain – or used to, anyway. Most of it I find is made by ‘bots so I’ve had really good luck with Bad Behavior[1]. I used to see about 200 bogus posts a day before I got it. Now I only see 2-4 per week which is certainly a manageable number. I also maintain a keyword list, moderate any number of comment links, and moderate first time posters so even those don’t get posted. Not allowing it to be posted in the first place is my top priority.

You’re right on the year – I checked a web history[2] I wrote – 2003 is really when the fecal matter hit the rotary oscillator, so to speak.

[1] http://www.homelandstupidity.us/software/bad-behavior/
[2] http://green-beast.com/blog/?p=124

24
Ingo Chao (Göttingen, Germany) says:
January 03, 21h

“If there’s cause for doubt, I’ll simply remove a commenter’s URL and let the comment stand.”

Any case is a doubt. Don’t show the commenter’s URL – until you have read the post or your whitelist says ok. Don’t allow for links showing up either until then.

The URL could be required like the Email adress, but it will not show up by default. Ask them if they really wish to have their URL promoted in the public. In case there are problems with the commenters identification for other readers: encourage them to type in their full name and location.

Change the policy from “deleting” comments to “publishing” comments.

People like me who don’t have the time to read posts before publishing should not have a blog.

25
January 03, 22h

I got so sick of MovableType and spam I changed platforms, and don’t even have comments on the new blog. Ok, so really I just got bored. Plus the new blog software doesn’t have comments, but still. The spam comments were getting really annoying - it’s hard to make it easy for genuine people to leave comments, while protecting yourself from the time suck that is removing/wading through spam comments.

Back when I used b2/wordpress I got around it by having a PHP session variable “person” that had to be enabled (the user went to a page ticked “yes, I’m a person”, clicked save), and with that never had any spam. Never bothered porting the code to my MovableType templates, but if SimpleLog ever releases the version with comments I might hack it back in there.

26
Johan says:
January 04, 00h

how about people that spam and mirror your whole site??

that is content and comments …

27
January 04, 02h

I like Jeremy Zawodny’s comment policy[1] wherein he states that only weblog URLs may be used for signing comments on his weblog. Pointing to any other kind of site is a no-no. That seems like an elegant solution.

[1]: http://jeremy.zawodny.com/blog/archives/002218.html

28
January 04, 13h

What about image-based captchas? I am surprised nobody has mentioned these yet…

I was getting hundreds of comment spams every week. After installing a captcha, I get only a couple per month. It’s very effective.

29
January 04, 16h

Not using a CAPTCHA in this day and age is borderline lunacy. It’s used by Google, Yahoo, MSN et al for a reason.

More detail in my blog post here, including my before and after stats:

http://www.codinghorror.com/blog/archives/000712.html

30
January 04, 21h

Last night I posted a two paragraph comment to this post which I felt was quite relevant and added to the conversation in a quality manner. In it I conveyed my experience with comment spam, how I deal with it, etc. I also verified that 2003 was roughly when this crap started. I spent some time writing it to ensure that it was worded well and spell-checked.

When I posted the comment I was informed that I am a first-time poster (though I’ve posted several times before the site’s redesign so that’s not entirely accurate) and that my comment will be held for moderation.

Now, roughly 24 hours later I do not see my comment. I’m not sure if it lingers in the moderation queue, was deleted accidentally, or disapproved then deleted. If it was [especially] the latter, I feel the policy may be a little too rigid. As pauldwaite said, “Your site, your hosting fee, your rules,” but it’s awfully discouraging to spend time trying to be part of the conversation and not being able to. Anti-spam is one thing, censorship is quite another.

I guess I’d like to know for which reason the post wasn’t approved and posted.

31
January 04, 21h

How odd. This last post wasn’t flagged for moderation.

32
Dave S. says:
January 04, 21h

Mike - relax, Movable Type flags comments with more than one link and I just don’t check it that often. You’ll notice it’s published now.

33
January 04, 22h

Thanks Dave. I noted you wrote “relax.” Sorry if I came across as being upset. I was more concerned than anything.

34
Jason Hilton says:
January 05, 05h

Question for everyone. I know the whole purpose of blog comments are to allow a free and open dialog, but why not offer various levels of freedom?

Offer 2 commentor types. The first is the standard fairly anonymous type (like this one) that runs on a restricted feature set (automatically block all url’s and certain keywords).

The second, a more robust feature set, but requires site registration. This would help combat the bots because you would require users to validate their accounts prior to posting to get the ability to user these features.

Add into all this a poster ranking system, and you could effectively block quite a bit of spam, or offensive posters. Help it to self moderate a bit (have it notify you of someone with a high negitive feedback rating so that you can review them).

What negatives do you see to this type of approach?

35
Lach says:
January 07, 18h

You know, seeing that OpenID is taking off at the moment, tying the commenting into OpenID might be a restrictive, but effective way of handling the spam comment problem.

Require all comments to your site to use an openID. Point people towards one of the free providers, and how to set one up on their own site, so everyone can deal with this. Now that might seem a bit much to do just to comment on one site but once many sites require it, it’s a lot easier to justify creating one.

Now, just because someone has logged in with an openID is no guarantee of non spammer-ness. It’d probably work fine for a little while, until it became a popular authentication method and then the spammers would adjust to suit.

So set the system up with both a whitelist and a blacklist in place. When someone leaves a comment, if their openID is approved, it goes straight up. If you haven’t seen their openID before, it goes on to a pending moderation list which you might review once a day – I can’t imagine it’d be too much work to review it, after a week or so to get most of your regular commentors approved.

If the comment is approved, the openID is added to the whitelist, and you don’t see it again. If it’s not approved, it gets added to the blacklist, and comments from that openID are silently discarded from now on.

More or less, a registration blacklist / whitelist system, but due to the way openID works it’s well worth registering one once several of your favourite blogs implement this system. After you leave your first comment on each site and it’s approved, the system is nearly transparent.

36
January 08, 00h

Me, too. :)

I have been randomly discussing the openID issue with Chris Messina through the wonderful comment system in flickr.
More and more services are adopting it and it’s comforting to see that eventually it may lead to a better method of controlling spam and odd comments (like mine?).

I’m not quite convinced that the ‘me too’ comment is good or bad, though. No matter how much i dread scrolling over them to get to beefy comments.

I would suggest that there are alternatives to simply deleting ‘me too’ comments by using some of the regularly available plugins, such as a rating system to show how many people enjoyed your article. Or even a poll of choices about the article itself, and then a standard tagging system.

While any of these plugins by themselves or together may not be an acceptable means of adding value and stripping dross out of a posting, the tying of them into the openID system may just.

37
Chris says:
January 09, 03h

Jeff Atwood said “Not using a CAPTCHA in this day and age is borderline lunacy.” He clearly hasn’t read why CAPTCHAs are an accessibility problem:

http://www.w3.org/WAI/intro/captcha.php

Don’t use them!

38
Ole says:
January 10, 08h

I’ll rather register on the blog I want to post on then on a 3rd party page. That said, this page seems to get by without any spam and that is really great!

There are many ways to solve the CAPTCHA usability problem. You just have to be willing to solve the problem. European Internet Accessibility Observatory is a project on accessibility.

Is the “me, too” spam in blogs really that big a problem?

39
January 10, 22h

> He clearly hasn’t read why CAPTCHAs are an accessibility problem:

You can make accessible CAPTCHAs, just like you can make accessible AJAX websites.

And I’d also humbly submit that information being inundated and subverted by spam noise is a far, far greater harm to the public good than a minor blip on the road to accessibility.

40
Chris says:
January 11, 01h

How will CAPTCHAs ever be accessible to blind users? Let me know of any links or explanations. Besides, it’s only a matter of time before spam programs are able to decipher CAPTCHAs too. Then what?

41
Ole says:
January 11, 04h

Most CAPTCHAs are easily broken or so poor that they are unreadable. There are lots of projects on this topic, both to make and “crack” CAPTCHAs.

I don’t see a problem for the blind tho, seeing how most blind people can listen to music and hence there can be a provided sound file with the CAPTCHA.

I doubt the spam-bots are any good at Braille. This is an extreme one tho, for those that have no sight and are deaf.

There are solutions to most problems Chris, you just have to be willing to see them and try them out.

42
January 11, 19h

Yes, CAPTCHA is irreversably broken. That’s why Google, Yahoo, and MSN still use them.

Y’know, because they don’t work and all.

As for blind users, you click the “speak the CAPTCHA to me in audio format” text link.

43
Chris says:
January 12, 06h

Ahem. So before you all gang up on me further, I don’t recall seeing links for audio versions of CAPTCHAs on any sites I’ve surfed that use them. I doubt many coders would bother adding a sound file, but correct me if I’m wrong.

Just because “Google, Yahoo, and MSN still use them” doesn’t mean they’re good! Look at Google’s old-school HTML - is that good then? Should we carry on using tables because Google and other big sites are?

And if CAPTCHAs are so functional, why did the WAI (W3C) make a page pointing out their inaccessibility? Were they having a laugh? Or is there a serious point there to consider?

44
Lach says:
January 14, 22h

You can always make people who can’t fill the captcha send you a message. Add a form on your site for them, and link it from the captcha page if they have problems with it. Manually approve or deny entries submitted through the form.

Sure it takes a little bit longer, but anyone who can use the web can fill in a form and not sound like a robot. Maybe you’d have to deal with robots submitting human sounding responses to these eventually. But for now, it’d be worth it.

45
[removed] says:
January 19, 04h

Dave,

I don’t usually comment on weblogs unless i really feel the urge to. For example, i think i posted a comment about your site’s redesign because i was really taken by it (can’t find the the blog post to check if i did or not).

Anyhow, I don’t have a blog of my own, so whenever i make a post i post with my company’s website and the company’s name. Is this what you are talking about as being borderline?

(DS - yes. Leave a name and no link if that’s the case. When I see a commenter leaving their name as CompanyName and linking that to the company site, I assume the link was more important for them to leave than the content of that comment.)

46
Jérémie says:
January 29, 12h

I don’t mean to troll or anything, but why don’t you apply the nofollow attribute for your comments links? Once the spammers notice it, it will get rid of those.

47
Ravi says:
February 19, 23h

Comment spam is a unfortunate residue of the rise of the bloggers as a powerful force to sway opinion - be it on web design or any socio-political issues.

My blog has also been inundated by comment spam to the extent that I had to turn on moderation. Unfortunately, not all blogging engines have access to akismet type of tools that are popular in wordpress blogs and the only way to keep potential spam at bay is to do stringent moderation.

I believe the comment moderator / blog owner needs to have good insight and some mastery over the psychology of human mind to catch clever attempts at link spamming.

48
Thorsten says:
February 20, 09h

“When this redesign launched, I reduced the comment policy to basically “quality over quantity”. I feel no qualms about clicking the delete button anymore.”

You should never have qualms by deleting comments if you think (feel) they don´t meat your quality line. Search terms instead of names in the namefield are automticly spam for me. It is very sad but there are a lot of people filling the internet with waste no one needs and trying to push that waste in searchengine so that every can find it.

49
Nate says:
February 21, 02h

I think the nofollow rule will be applied across the board as user interaction is actively requested. It’s the spirit of web 2.0 and the downside is the use of that trust for spam purposes.

As an ex spamcop for a major SE I know that the links from messageboards and comments aren’t that highly trusted, and in fact some rules are in place not to follow links from these at all or they’re treated with less weight.