Main content begins here

Avoiding Corporate Web Site Comment Spam, Plus Other Blog Advice

Tuesday, October 16, 2012

Blog Comment Spam Advice

  1. The only way to stop comment spam is to not accept comments from anyone unless a commenter is a known and trusted person with the role permissions to add, edit and delete comments.
  2. The only way to avoid spending time on comment moderation is to not accept comments from anyone. It's extremely important to educate the client on this, as they often seem to be under the assumption a developer simply installs the blog, enables comments and everything remains peaceful and beautiful.
  3. If one allows commenting, and is ready to invest time in moderation of comments, know that we CANNOT stop spam. There exist only hurdles one can setup to compel a spammer to jump. Some spammers will jump the hurdles, some won't. The hurdles, which can be combined, are:
    1. Disallow anonymous commenting. Make visitors sign in to their account in order to comment, setting appropriate role permissions.
      RESULT: very few real comments since the average person doesn't care enough about the average corporate blog to sign up just to comment. Spammers however will see value in signing up to test your defenses. Comments will remain overwhelmingly spam.
    2. Stop comments from going live immediately.
      RESULT: moderators will need to spend time approving a comment before it goes live.
    3. Make visitors answer a challenge. The challenge can be typing words, answering a math question, etc., usually provided by the CAPTCHA and RECAPTCHA service/modules.
      RESULT: this is a standard and fairly unobtrusive hurdle. Real commenters find it only slightly annoying so it shouldn't severely impact comment rates. Higher end spammers however employ real humans to jump this hurdle.
    4. Run comments through a spam filtering module, of which there exist several of various cost and success. For Drupal, I have only used and am happy with Akismet. Others seem to prefer Mollom, as it is created by the originator of the Drupal project. The only free and seemingly useful module is Antispam which "learns," meaning in the beginning and into the future it will need you to teach it what is or is not spam.
      RESULT: likely good to very good filtering, however if you care at all about the blog you will have the nagging need to check the spam queue for false positives. There's just no avoiding some moderation time if responsible commenting is the goal.
    5. Review comment statistics for actionable manual filtering. This entails reviewing more hardcore user statistics looking for patterns which can be used to create more specific filters for your site's spam fingerprints. This is most popularly used in determining likely questionable IP ranges for blocking.
      RESULT: This is an expensive approach however it can have a strong effect on the amount of spam received. The approach is essentially an unfortunate brute-force IP blocking of the countries which generate the most spam. If your blog has a world-wide audience this may not be practical. Expect unusual costs in setting it up and maintaining the list of ever-changing IP ranges.
    6. Other techniques There are other home-brewed techniques folks use which may be useful to you if you're obsessed with stopping spam and have a bunch of extra hours you want to spend on it. Here is an article on some of those, such as hidden fields and such:
      RESULT: You will likely see results with some of the techniques described at the link above. However, Way Cool Web Design has chosen to take the route of making our sites as Section 508 compliant by default, as possible without impacting budget. This means our decisions on how to approach many parts of a given site are not only governed by "can we achieve Goal B" but "can we achieve Goal B without unduly impacting segments of viewership and without impacting budget". Basically this means we pick the low-hanging Section 508 fruit. Often home-brewed techniques do not take this into account.

Other Blog Advice

Emailing a moderator when a new comment has been created may not always be the best solution for keeping on top of comments. If the comments are infrequent this seems like a good approach, however if every comment generates an email, a manager's inbox could soon be overwhelmed. Instead it may be best to have the moderator add a reminder to his personal calendar, as he might do with any other repeating business-related task, to check/clean/approve the comment queue at an acceptable interval.

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <p> <h2> <br> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

This question is for testing whether you are a human visitor and to prevent automated spam submissions.

We love working with you...

A. T., Partner Hinge
Copyright ©2001-2018 Way Cool Web Design LLC. All Rights Reserved.