Guess which posts on this site receive the most new comments every week. Older ones. Not the latest posts, but the ones that have stood the test of time and still have people looking.

The terms sometimes used to refer to posts that remain relevant, and bring in traffic, for years are “evergreen content” and “pillar content.” I have posts that are a few years old, are still the most popular in terms of traffic, and gain a couple new comments every month. Occasionally a spam comment will appear on those posts, but they’re outnumbered by legitimate comments, continuing a discussion that has been going on for a long time. Does it really make sense to put an end that, and frustrate readers who arrived a little late but still have questions to ask or opinions to voice, just to avoid a few spam comments Akismet happened to miss?

That seems like a wasted opportunity. Instead, you could update your evergreen posts to remain relevant, and add some links to more recent posts on the same subject. Build user engagement and keep the discussion going.

Smaller blogs, especially, can’t count on timely social media-driven traffic. They tend to succeed more with long-tail traffic from search engines. Obviously you won’t get very many comments at all if the form gets disabled just when a post is becoming popular…

Fortunately, there is a nice middle ground. Some posts, especially ones that have attractive keywords in them but become less relevant later down the line, rarely see legitimate comments but are magnets for spam. I have a couple that seem to get a handful of spam messages that sneak past Akismet every week, but never have real comments anymore. With those kinds of posts, you could probably toggle the discussion off without inconveniencing anybody but spammers.

The two primary methods used to combat this issue are contact forms, which have their own issues with spam, and obfuscation. There are plenty of pre-made contact form scripts, the better of which have some anti-spam measures in place (cforms and Contact Form 7 are popular options for WordPress). But what about obfuscation, for those times where it’s better to simply list the address rather than installing a whole form?

I’ve found a couple of good articles on the subject, for those of you who want something a little more complex than simply writing like “my email AT example DOT com.”

A List Apart’s Graceful E-Mail Obfuscation is an interesting read, though their solution is a bit involved and requires a bit of server-side scripting for it to work.

Perishable Press’s Best Method for Email Obfuscation? is a reasonable comprehensive guide, with plenty of clever methods to choose from, and pros and cons for each. I liked the techniques that involved writing the email backwards, or inserting null text in an HTML span, and using CSS to flip the text or remove the span of null text. Those two options don’t play nicely with copy/paste, though.

It has been a minor annoyance for me, since I get a few every week and have to manually remove them.

Fortunately, Jeff Starr (of Digging into WordPress fame) has come up with a solution. Apparently you can put Unicode characters into the WordPress comment blacklist…which of course would include Cyrillic characters. I don’t know why I didn’t think of that to begin with, it’s so simple.

Anyway, his post includes several characters you can copy and paste into your blacklist.

10 Characters for Your WordPress Blacklist [Perishable Press]

Unfortunately, Google’s changes have been affecting legit blogs. One noteworthy example is Cult of Mac, a blog that aims to provide “timely news, insightful analysis, helpful how-tos and honest product reviews about Apple and Apple-related products.”

Cult of Mac has experienced the opposite of Google’s goal: their content has largely disappeared from Google’s SERPs, while content farms and spam-blogs scraping Cult of Mac posts have been pushed to the top.

A lot of our traffic came from Google, which is why the changes are so serious. I’m already seeing a big drop-off in traffic. Over the weekend and today, the traffic is half what it normally would be.

I’m pissed because we’ve worked our asses off over the last two years to make this a successful site. Cult of Mac is an independently owned small business. We’re a startup. We have a small but talented team, and I’m the only full timer. We’re busting our chops to produce high-quality, original content on a shoestring budget.

Indeed, Cult of Mac does break a lot of stories. Along with the Boy Genius Report, Mac Rumors and 9 to 5 Mac, they together are the source of the lion’s share of Apple-related reporting. It’s strange that Google’s algorithm would red-flag them as a content farm. Perhaps it is a result of “splogs” scraping their content; maybe a glitch in Google’s secret algorithm is causing one of the spam blogs to be marked as the original source for some reason or another?

Google has acquired reCAPTCHA, the service that powers some of those squiggly-letter fields (or CAPTCHAs) you have to fill out before submitting a form. (This is usually done to hinder bots attempting to mass-submit the forms for purposes such as spamming.)

The interesting part of reCAPTCHA is where they get their squiggly letters from. The words are from (public domain) books and newspapers that have been scanned. As computers are bad at interpreting images and finding the words within, the scans are chopped-up and served-up through reCAPTCHA, where users help translate the images into plain text. This is done by showing two words, one that reCAPTCHA knows the plaintext for and one it doesn’t. If you type the known word properly, the CAPTCHA validates and the input for the second word is logged.

reCAPTCHA’s unique technology improves the process that converts scanned images into plain text, known as Optical Character Recognition (OCR). This technology also powers large scale text scanning projects like Google Books and Google News Archive Search. Having the text version of documents is important because plain text can be searched, easily rendered on mobile devices and displayed to visually impaired users. So we’ll be applying the technology within Google not only to increase fraud and spam protection for Google products but also to improve our books and newspaper scanning process.

Now that looks like a lot of something. Too bad it’s spam. Yes, this graph is generated from Akismet’s log of the spam comments it has caught over time.

Amazing isn’t it? In one day, such as September second last year, this very blog would have been slammed with 848 spam comments if not for the aid of the Akismet spam filters? Imagine if we didn’t have such defenses; the internet would be an unbearable, and running a blog would be a nightmare. We may complain to no end about the spam messages that slip through, but I think we all know that it could be a lot worse.

I don’t like spam messages of any kind, but at least emails aren’t public. Comment and forum spammers earn the most of my contempt. To me, leaving spam comments is far worse than sending a few spam emails.

Thank you, Akismet developers, for helping to keep the nasty stuff to a tolerable level. Turning your plugin off for even a week would be suicide.

I think I can speak for everybody (who isn’t a bloodsucking scoundrel) when I say spam is a plague. Note that when I say I don’t like spam, I refer to the digital kind and not the tasty, canned lunch meat.

(Spam sketch by Monty Python)

According to Mark Ghosh of Weblog Tools Collection, spammers are paying people to write long and intelligent comments on your posts. These comments look like any other comment, except perhaps a little longer, but the author link points to a spam site.

Since automattic spamming of blogs has mostly been reduced to a trickle due to the likes of Akismet, spammers are now individually targeting blog posts with highly relevant, and in many cases highly convincing comments. I moderated and subsequently spammed a comment today that was over a hundred words long, on the pros and cons of one of the themes on our daily theme posts. I thought the comment was a very well written review of theme until I looked closely. The URI of the poster was a refinancing Made For AdSense page.

In other words: It’s getting far to hard to tell the difference between a legit comment and a spam comment.

Should you delete such comments, or keep the message and just redact the URL? I think the latter is a better option, except for the point that Mark makes:

[There] is lurking danger in just delinking a comment author since if the author was really a spammer, authorizing a comment is akin to authorizing them to post comments on your blog without moderation (they still have to go through Akismet even if the author was previously authorized). So if the comment looks really legit but has a lurking spam link in the URI, and Akismet thinks it is ham then you as the blogger never see it because it never gets put into the moderation queue and the spammer is successful.

So what should you do then? Should you delete the comment? But what if the linked site you think is spam is a legit site, and just looks like spam to you (due to a bad design, bad writing, too many AdSense blocks, etc)?

What if you moderate out the URL and replace the comment email address with a Mailinator dummy email so Akismet won’t give the potential spammer a free pass in the future? Would that work? (I don’t know exactly how Akismet does it’s magic, just that it does. :D)

The Lost Art of Blogging has recently released an informative article on securing your WordPress-powered blog. “Fighting Blog Hacks: Preventing And Eliminating Intruders” covers several things you should do to help avoid having your blog vandalized. They’re mainly simple tweaks, and you should definitely consider implementing them.

A few weeks ago I had the unpleasant surprise of finding out that my blog [The Lost Art of Blogging] got automatically hacked by spam bots, due to a WordPress exploit, and in course also got infected with malware. Google, vigilant as always, was quick on scanning LOAB for any malicious software, found some corrupted code and immediately flagged the blog. What happened next was very predictable: who ever tried to search to for something on Google and found LOAB among the search results wasn’t able to access the blog, as it was “quarantined.” I lost hundreds of visitors daily during the course of two weeks, my rankings were shattered and of course the blog’s reputation was stained; as a side note I’d like to thank all the loyal readers that confidently continued to read my blog during that tough period.

Don’t let it happen to your blog.