Tag Archives: Spam

Disabling Comments on Old Posts, or How to Kill Discussion

With spam comments on the rise, it’s becoming more common of a practice for bloggers to disable commenting on older posts. (WordPress even provides an option to disable comments on posts older than x days.) This drastically cuts down on the spam, as spammers tend to target pages that have an established search ranking. Unfortunately, it also kills the discussion.

Guess which posts on this site receive the most new comments every week. Older ones. Not the latest posts, but the ones that have stood the test of time and still have people looking.

The terms sometimes used to refer to posts that remain relevant, and bring in traffic, for years are “evergreen content” and “pillar content.” I have posts that are a few years old, are still the most popular in terms of traffic, and gain a couple new comments every month. Occasionally a spam comment will appear on those posts, but they’re outnumbered by legitimate comments, continuing a discussion that has been going on for a long time. Does it really make sense to put an end that, and frustrate readers who arrived a little late but still have questions to ask or opinions to voice, just to avoid a few spam comments Akismet happened to miss?

That seems like a wasted opportunity. Instead, you could update your evergreen posts to remain relevant, and add some links to more recent posts on the same subject. Build user engagement and keep the discussion going.

Smaller blogs, especially, can’t count on timely social media-driven traffic. They tend to succeed more with long-tail traffic from search engines. Obviously you won’t get very many comments at all if the form gets disabled just when a post is becoming popular…

Fortunately, there is a nice middle ground. Some posts, especially ones that have attractive keywords in them but become less relevant later down the line, rarely see legitimate comments but are magnets for spam. I have a couple that seem to get a handful of spam messages that sneak past Akismet every week, but never have real comments anymore. With those kinds of posts, you could probably toggle the discussion off without inconveniencing anybody but spammers.

Obfuscating Email Addresses

Posting an email address on a public web page is a recipe for disaster. It’s the way to get a metric truckload of spam. This, of course, makes it unfortunately difficult to allow visitors to a website to contact you without inviting the spammers in as well.

The two primary methods used to combat this issue are contact forms, which have their own issues with spam, and obfuscation. There are plenty of pre-made contact form scripts, the better of which have some anti-spam measures in place (cforms and Contact Form 7 are popular options for WordPress). But what about obfuscation, for those times where it’s better to simply list the address rather than installing a whole form?

I’ve found a couple of good articles on the subject, for those of you who want something a little more complex than simply writing like “my email AT example DOT com.”

A List Apart’s Graceful E-Mail Obfuscation is an interesting read, though their solution is a bit involved and requires a bit of server-side scripting for it to work.

Perishable Press’s Best Method for Email Obfuscation? is a reasonable comprehensive guide, with plenty of clever methods to choose from, and pros and cons for each. I liked the techniques that involved writing the email backwards, or inserting null text in an HTML span, and using CSS to flip the text or remove the span of null text. Those two options don’t play nicely with copy/paste, though.

How to Defeat Cyrillic Spam in WordPress

Lately, I have been getting a lot of Cyrillic comment spam. It tends to slip past Akismet, as well as the built-in WordPress spam filters. They’re always spam, never legit comments. (As this is an English-language blog, there wouldn’t be much point for somebody to post non-English comments, anyway…)

It has been a minor annoyance for me, since I get a few every week and have to manually remove them.

Fortunately, Jeff Starr (of Digging into WordPress fame) has come up with a solution. Apparently you can put Unicode characters into the WordPress comment blacklist…which of course would include Cyrillic characters. I don’t know why I didn’t think of that to begin with, it’s so simple. :)

Anyway, his post includes several characters you can copy and paste into your blacklist.

10 Characters for Your WordPress Blacklist [Perishable Press]

Cult of Mac Caught in Google Content Farm Crossfire

Google recently made some tweaks to their algorithm in order to penalize content farms, which create massive amounts of low-quality content tuned to rank well in Google. If you’ve ever run a search, looking for a solution to a problem, and found the SERP to be full of not-really-helpful results from places like eHow and Squidoo, you know what they’re trying to fix.

Unfortunately, Google’s changes have been affecting legit blogs. One noteworthy example is Cult of Mac, a blog that aims to provide “timely news, insightful analysis, helpful how-tos and honest product reviews about Apple and Apple-related products.”

Cult of Mac has experienced the opposite of Google’s goal: their content has largely disappeared from Google’s SERPs, while content farms and spam-blogs scraping Cult of Mac posts have been pushed to the top.

A lot of our traffic came from Google, which is why the changes are so serious. I’m already seeing a big drop-off in traffic. Over the weekend and today, the traffic is half what it normally would be.

I’m pissed because we’ve worked our asses off over the last two years to make this a successful site. Cult of Mac is an independently owned small business. We’re a startup. We have a small but talented team, and I’m the only full timer. We’re busting our chops to produce high-quality, original content on a shoestring budget.

Indeed, Cult of Mac does break a lot of stories. Along with the Boy Genius Report, Mac Rumors and 9 to 5 Mac, they together are the source of the lion’s share of Apple-related reporting. It’s strange that Google’s algorithm would red-flag them as a content farm. Perhaps it is a result of “splogs” scraping their content; maybe a glitch in Google’s secret algorithm is causing one of the spam blogs to be marked as the original source for some reason or another?

Google Buys reCAPTCHA


Google has acquired reCAPTCHA, the service that powers some of those squiggly-letter fields (or CAPTCHAs) you have to fill out before submitting a form. (This is usually done to hinder bots attempting to mass-submit the forms for purposes such as spamming.)

The interesting part of reCAPTCHA is where they get their squiggly letters from. The words are from (public domain) books and newspapers that have been scanned. As computers are bad at interpreting images and finding the words within, the scans are chopped-up and served-up through reCAPTCHA, where users help translate the images into plain text. This is done by showing two words, one that reCAPTCHA knows the plaintext for and one it doesn’t. If you type the known word properly, the CAPTCHA validates and the input for the second word is logged.

reCAPTCHA’s unique technology improves the process that converts scanned images into plain text, known as Optical Character Recognition (OCR). This technology also powers large scale text scanning projects like Google Books and Google News Archive Search. Having the text version of documents is important because plain text can be searched, easily rendered on mobile devices and displayed to visually impaired users. So we’ll be applying the technology within Google not only to increase fraud and spam protection for Google products but also to improve our books and newspaper scanning process.

I Don’t Like Spam!

Look at this impressive chart:

Akismet Spam Graph

Now that looks like a lot of something. Too bad it’s spam. Yes, this graph is generated from Akismet’s log of the spam comments it has caught over time.

Continue reading →

Spammers Get Trickier

Now that automatic comment spam is becoming less effective, thanks to tools like Akismet, the miscreant marketters are addding a new few tricks to their their arsenal.

According to Mark Ghosh of Weblog Tools Collection, spammers are paying people to write long and intelligent comments on your posts. These comments look like any other comment, except perhaps a little longer, but the author link points to a spam site.

Since automattic spamming of blogs has mostly been reduced to a trickle due to the likes of Akismet, spammers are now individually targeting blog posts with highly relevant, and in many cases highly convincing comments. I moderated and subsequently spammed a comment today that was over a hundred words long, on the pros and cons of one of the themes on our daily theme posts. I thought the comment was a very well written review of theme until I looked closely. The URI of the poster was a refinancing Made For AdSense page.

In other words: It’s getting far to hard to tell the difference between a legit comment and a spam comment.

Continue reading →

Defend Your Blog Against Intruders

Back in December, I wrote an article about recovering after your blog has been vandalized. Of course, you want to avoid having your blog trashed in the first place.

The Lost Art of Blogging has recently released an informative article on securing your WordPress-powered blog. “Fighting Blog Hacks: Preventing And Eliminating Intruders” covers several things you should do to help avoid having your blog vandalized. They’re mainly simple tweaks, and you should definitely consider implementing them.

A few weeks ago I had the unpleasant surprise of finding out that my blog [The Lost Art of Blogging] got automatically hacked by spam bots, due to a WordPress exploit, and in course also got infected with malware. Google, vigilant as always, was quick on scanning LOAB for any malicious software, found some corrupted code and immediately flagged the blog. What happened next was very predictable: who ever tried to search to for something on Google and found LOAB among the search results wasn’t able to access the blog, as it was “quarantined.” I lost hundreds of visitors daily during the course of two weeks, my rankings were shattered and of course the blog’s reputation was stained; as a side note I’d like to thank all the loyal readers that confidently continued to read my blog during that tough period.

Don’t let it happen to your blog.