I came back from my hiatus, opened up the comments again, and immediately got slammed by comment spam. I'm talking 75 or so per day. Porn, online casinos, viagra - you name it, I was spammed by it. (Apparently there's a large market for online backgammon too - who knew?) I had been using the MT-blacklist plugin to keep things under control before, but it just wasn't keeping up anymore.

Spammers have become too versatile. They register domain names like crazy, and even using regular expressions, it's impossible to build a comprehensive blacklist that works for any extended period of time. Jay Allen's work on MT-Blacklist was great when it was released, but the time has come to move on.

The new approach I'm using is based on the SpamLookup plugin for Movable Type. It handles the problem in a way that is threefold. First of all, it uses a centralized blacklist, as before. This is really only effective against older, known spammers, and is just a minor part of the defense. Secondly, it requires an additional input field that (ostensibly) checks to see whether you're a human or not. It also uses a crazy javascript function to generate the code for the question, which makes it much harder for machines to parse the text. (the javascript was generated by the Enkoderform site.)

Lastly, and perhaps most importantly, I implemented the nofollow tag on all comment links. This attacks spammers where it hurts - their business model.

See, the purpose of spamming blogs like mine isn't to get the one click per year that will result from people visiting my site and accidentally clicking an online poker link. That's chump change. They're interested in raising their rankings in the major search engines, namely Google.

Google's algorithm is based in part on a system called PageRank, where a site's ranking is determined by how many other sites link to it. After spamming lots of blogs, that online casino site suddenly has a lot of karma, and it will jump to the top of the listings, garnering their site a lot more traffic.

The nofollow tag was created to combat this practice. It adds the rel="nofollow" attribute automatically to all links in my comments and trackbacks. This more or less tells google to ignore that link when calculating a site's PageRank. If lots of people implement this (as Moveable Type and Blogger have) then suddenly, comment spam won't affect PageRank, and it will hopefully help eradicate the problem.

Another method that I considered, and have implemented on other sites, is by using a CAPTCHA to prevent automated spam. This is similar to the question challenge that I implemented because it offers a problem that is easy for a human to solve, but difficult for automated bots to do. As of right now, it doesn't appear to be necessary. In the last 24 hours, I've had zero comment spams, and I'm hoping it stays this way.

If you have any problems leaving comments with the new system (i.e. they don't show up), let me know.


comments powered by Disqus