After clearing out my comment spam filter on this site this morning, I decided it was time to attempt to curb the amount of spam this site is getting. In the first few months of this blog being around, I got around 1000 spam. As of today, the site’s up to about 100 comment spam per day. Which would be fine if it were all spam — but unfortunately I have to go through all that spam to make sure that there aren’t legitimate comments buried in there. This is a tedious task that I don’t really like doing.
While I can still remember my first spam comment I received (which was not as long ago as John Chow’s first spam comment), I knew that eventually, as this blog got more popular, spam would become a bigger and bigger problem. So my first step to combat spam is to introduce a challenge question (which I achieved by installing the WordPress Challenge plugin), which appears at the bottom of the comment box. The question is pretty simple — what year is it?
Hopefully this will reduce the spam comments and keep me from having to clean out the spam filter on a daily basis. If this one measure doesn’t stem the tide of spam, then there are some other measures I’ll try to reduce the junk that makes it into the filter (Akismet, WordPress’ native spam filter, is very good however at picking up spam comments, I’m just tired of cleaning out the filter). If you have problems, comments or questions about this new spam-fighting measure, leave a comment below. Thanks again for reading.
Update: The spam kept coming in — we’re now up to 1590 spam comments (if you’re keeping track, that’s 58 in the last few hours). I decided to take another step to block spam at its source by installing Bad Behaviour. So far, I haven’t had a single spam comment make it past Bad Behaviour, making it at the top of my list for ways I’d suggest to stop spam. I’ll keep you updated on how the battle with spam is going.
Like this post? Subscribe now to the full RSS feed.
March 17th, 2007 at 2:51 pm
Hey Lucas, you’re on WordPress right? How do you get a challenge question into your comment form? Is it a Plugin, or do I need to do some custom work?
March 17th, 2007 at 3:07 pm
Knocking spam dead…
Blogging can indeed be a nightmare, without the right tools. Why? Spam.
Yes indeed – Spammers and their spambots, can make life a living hell for any popular blog. The aim is usually to gain links to their websites. Thus, they post irrelevant content i…
March 17th, 2007 at 3:11 pm
Yep, I’m on WordPress — this post would probably be lots more useful if I would’ve included the link to the actual plugin!
I updated the post to include the link to it — I’m using the fact that it’s Saturday as an excuse for forgetting the link. 
I just installed the plugin, and then went into the my stylesheet and styled the input box to be the same as my other input boxes for comments. Let me know if you need any help getting this installed or fitting with your theme.
March 17th, 2007 at 10:40 pm
That’s not so bad, I’ve just got 245 in the last 6 hours *sigh*
I’m not really a fan of capchas (challenge questions, etc). A nicer alternative is with a negative capcha – where author’s email field is named something else, and the default field is hidden with CSS. Users will never see a challenge question, but any robots spidering for comment forms will give themselves away. I should install something like that too…
March 18th, 2007 at 6:22 am
Lucas,
I do two things to reduce comment and link/trackback spam: a) use CAPCHA (sucks, but very effective); and b) Typepad allows authors to close comments and trackbacks per post, and I close comments after 30 days and trackbacks after 90. Nobody comments or links to posts much past 30 days, in my experience.
Of course, I don’t get the traffic that the A-listers and other popular blogs get, so perhaps I’m not as attractive as a ‘target’
March 18th, 2007 at 8:49 am
Wow, Tony, and I thought I had lots of spam. Another similar trick to fool the spambots is creating fake comment forms. I haven’t tried that particular trick.
Bob — I thought about closing trackbacks and comments after a certain period of time, but was worried I’d be shutting out people that wanted to still comment on something. I can be pretty stubborn, and I was determined not to allow some spammers to make me have to close my comments and trackbacks.
I’ve got to say though — since installing Bad Behaviour last night, it has blocked 125 spam connection attempts (so I don’t even see the spam those bots are trying to write), and only 1 spam comment has actually made it by Bad Behaviour, and was picked up by Akismet. I don’t mind cleaning out Akismet once in a while, but having to empty it a few times a day was getting ridiculous.
I very highly suggest installing Bad Behaviour (there’s also no configuration required, just install and activate) — it’s reduced my growing spam problem to a tiny trickle.
March 18th, 2007 at 10:51 am
I guess this is a good way to stop the bots for now. A good thing that they cannot ‘read’ and answer questions. Who knows what may develop in future? I hope not..
March 18th, 2007 at 1:58 pm
Lucas, levels of spam just grow exponentially as your blog gets more exposure into the “wild”.
I also notice that I get much more trackback spam than I do for “comments”. Those are generally more difficult to fight as they always come from an external domain and don’t even have an email field. If anyone has suggestions against those in particular, I’d like to hear.
March 19th, 2007 at 12:14 pm
I’m curious as to everyone’s opinions. How are the spammers targeting specific sites? Is there something specific about certain sites that attracts spammers more than others. I’m curious because despite poor tools on the Blogger platform, I’ve been rather fortunate. Since I first went live with my blog about a year ago, I’ve had comment moderation turned on. I’m wondering if this may have something to do with it…
March 19th, 2007 at 1:38 pm
@Robert – Google has only 89 of your pages indexed, so that’s less exposure to spam spiders.
Fun fact – Techcrunch gets over 15,000 spam comments per day. I think what they are doing now is turning off comments on older posts to prevent the exponential growth of spam levels.
March 19th, 2007 at 10:18 pm
When I change my site from a static one to WordPress, spam is my biggest problem.
Fortunately the number is not as alarming as yours
March 20th, 2007 at 6:30 am
Any feedback on how Bad Behaviour has behaved in terms of false positives?
I’m a false positive paranoid meaning I spend the first 20 minutes of each day running through the ~2000 spam emails that make it into my 99% sure spam folder. Only the truly ‘enhancing’ emails get directly binned.
Also, did the year question make no difference at all? I would have assumed some of the dumber bots would have keeled over.
March 20th, 2007 at 6:43 am
Good question Steve — I was also worried about the false positive situation. Bad Behaviour only indicates how many connection attempts it has blocked (at this point, 257). I used to go through all the spam messages just like you do, but then I just decided it was getting ridiculous to spend my time doing it.
As I said above, I looked at closing comments and trackbacks as one possible option. But then the spammers would have won.
While there’s no direct way that I can tell if there are false positives being caught in Bad Behaviour blocked connections, all I can say is that I get the feeling (from the number and flow of comments) that there haven’t been any false positives.
One other interesting benefit has been that the number of connection attempts seems to be dropping off — it’s almost as if the spammers have figured out that the spam’s not getting through, and the bots are starting to give up.
August 7th, 2007 at 10:57 am
I’m starting to get more spam too in my comments (more than my actual comments), so I’ll probably need to incorperate something like this. Thanks for the post.
August 7th, 2007 at 4:09 pm
My pleasure John — glad to hear it was useful to you.
March 14th, 2008 at 12:42 am
Strange how there’s no Challenge question, Captcha or Bad Behavior test on this Reply form…
March 14th, 2008 at 11:10 am
Good catch Tom. I decided to experiment with removing the challenge question, and I haven’t had any spam make it through the filter so far (knock on wood).
I had to remove Bad Behavior, because it was causing long, long load times in the WordPress admin interface. I’ve thought about reinstalling it and seeing if it’s better now, but just haven’t gotten around to it.
April 29th, 2008 at 1:43 pm
[...] while ago, I had decided to go with a challenge question as well as Bad Behaviour (which are both ways to block comment spam before it even happens). Unfortunately, however, Bad [...]
November 4th, 2008 at 6:19 pm
I’m running a web site on wordpress as well …i go crazy cause of those spam comments . It takes a lot of time to go through all of them and sort ‘em out.
Is it just happening to me …?…I get less spam comments on wordpress than on blogspot !
June 16th, 2009 at 4:24 pm
Is part of the bussyness mio amigo. Is going to be a matter of time before the globalisation will acaparate the internet side, coming in with some good stuff like creating a global list of spammers. Somebody shoul do something about that. My goodness. I am having a good ideea. Maybe i will by a domain that could create a list with those spammers that shoul have denied acces to the web industry.