It's clear there's been a LOT of spam around lately. By a lot, it's meant up to 50-80 extra comments for my blog on some days. This is what a spam attack looks like via my stats on Blogger. I'd often wondered why there were sudden spikes shown, but it took a rash of notification emails with attendant spam comments, all coinciding with 08:22 one morning for me to twig what was going on. On bad days, those spikes are happening every half an hour or so.
It's not just Blogger with the problem. I see Wordpress has also warned of increased levels of spam and hacking attempts recently.
I've noticed various types of spam comment along the lines of:
- Nice blog, I'll be back for more - really funny if it also compliments your writing on a Wordless Wednesday post ;)
- Asking advice on theme, hacking, plagiarism etc.
- Advising you of a problem with your blog or how you could do better
- Complete gobbledegook with or without explicit wording
- Explicit wording
- Most worryingly this week, I've seen a context derived comment - advice on plant growing on my Garden Bloggers' Blooms Day post. So wrong, it was obvious, but if it gets refined, this kind of spam may get rather hard to spot
All have a link to a blog completely unrelated to the comment content, apart from some of the SEO and explicit ones. It's also worrying that some of the comments manage to get through the spam filter and onto the blog. Guess which type does that the most.... very embarrassing :(
The spam seems to fall into two distinct groups:
- It happens almost immediately after a post is published
- It's on old posts from months, even years ago. Most of them don't get trapped by the comment moderation I've set for after 15 days... There's often a number of these coming in 1 after the other within a few seconds. It's made me wonder if LinkWithin is being used in some way to find successive posts to leave comments on.
Why is it happening? I can think of three distinct reasons:
- Link sellers/spambloggers who try to establish backlinks from reputable blogs to up the Google Page Rank for their shadier offerings
- Shady blogs trying to tempt the curious to click on their links (either on the comment or via their entries in the blog's stats) either just for kicks OR in the hope that a) they like what they see and make a purchase and/or b) the shady blog can download malware onto the blogger's computer. NB an example of this type is shown at the top in the above Print Screen from my Blogger stats. Whatever you do, DON'T click on any links from unknown sources when looking at your Blogger stats. That's exactly what they want you to do.
- Email farming (this again is via Nitecruzr) - collecting any subsequent commenters' email addresses if they leave it in the process of commenting. Any email addresses can be then be linked with the bloggers' URLs and hackers can then look through the blogs for personal information which might possibly be used as passwords. They then use a program to go through hundreds of email/blog/personal information combinations to see if a blog can be opened into its admin area. If successful, those blogs can be hacked for all kinds of dodgy purposes. Unbelievable? Possibly. BUT I've already had an email from Google advising me of a possible hacking attempt on my blog...
|Here's hoping, one day...|
- Make sure you mark any spam comments which have got through as spam ASAP. Don't just delete them as this doesn't give Google the opportunity to learn about new spam sources, then seek out and destroy them.
- The Google Forum has a problem rollup thread which is collecting information for their spamwars. Completing the questions in relation to your spam experiences gives them much more information to go on, rather than just reporting comments as spam. I add information on there whenever I detect a change in the way spam is hitting my blog.
- Add extra comment security from the blog Settings options in Blogger:
- Don't allow Anonymous commenters. Stops the spam in its tracks, BUT it will also stop some of your WordPress commenters, as owing to a Blogger bug not all of them can comment using the OpenId option. If I did this I'd also stop my dear friend Lu - who has no online account -from commenting :(
- Use Word Verification. Stops most of the spam in its tracks, but it hacks off an awful lot of commenters because the letters/numbers given are almost impenetrable at times
- Use Comment Moderation all the time. I don't know how effective this is at trapping the spam, but seeing it's not been that effective for my posts older than 15 days setting, I'm not holding my breath. It also means that subsequent readers can't respond to your comment conversation, unless you're very quick to publish the pukka comments
- Add extra comment security from the Options item in the Post settings at the individual blog post level. I do this for posts which attract spam if they're older than 3 months. It's a tip I got from Diana at Elephant's Eye - thanks Diana! I disable both the Reader comments and Backlinks options for completeness. It's a shame to disable commenting in this way, but as I rarely get any comments on a post after a month or so, it's worth it to preserve my own sanity
- Install another commenting service such as Disqus. Blogher recently discussed the three most popular ones available. Personally, I loathe Disqus as it's so unwieldy and I give up commenting, no matter how good the post is. Commentluv is great, though I don't know if it's available for Blogger and I haven't used Livefyre. NB Nitecruzr has posted about the potential pitfalls of installing a third party comments service...
|Picture of the other spam, for a bit of light relief - courtesy of Matthew W Jackson & wikimedia|
As you can see, there are plenty of options available, but they're not entirely satisfactory. For now I'm not implementing any of the extra comment security options because I still want everyone to be able to comment. However, if the spam gets really bad again, or I'm away, you may find I've disabled Anonymous commenting for a while.
Additionally if you're worried about your blog's password (irrespective of blogging platform), change it to a strong one which is also non-personal, plus consider two-step authentication for additional security. WordPress users also need to check that their blog access doesn't include the id Admin as this is being subjected to lots of hacking attempts at the moment. If it's there change it.
Going forward I'd also like the options WordPress.com has to approve first time commenters and the ability to block specific URLs, IP addresses and words. At least that way, I can deal with the spam which I find is increasingly getting around Wordpress's Akismet...
Have you noticed an increase in spam lately? How are you dealing with it?