Seen at the Festival of the Tree

...if you would be happy all your life, plant a garden ~ Chinese proverb

Monday, 22 April 2013

What Spam Looks Like

No, not that tinned pink meat of a dubious nature, the other spam...

It's clear there's been a LOT of spam around lately. By a lot, it's meant up to 50-80 extra comments for my blog on some days. This is what a spam attack looks like via my stats on Blogger. I'd often wondered why there were sudden spikes shown, but it took a rash of notification emails with attendant spam comments, all coinciding with 08:22 one morning for me to twig what was going on. On bad days, those spikes are happening every half an hour or so.

It's not just Blogger with the problem. I see Wordpress has also warned of increased levels of spam and hacking attempts recently.

I've noticed various types of spam comment along the lines of:
  • Nice blog, I'll be back for more - really funny if it also compliments your writing on a Wordless Wednesday post ;)
  • Asking advice on theme, hacking, plagiarism etc.
  • Advising you of a problem with your blog or how you could do better
  • Complete gobbledegook with or without explicit wording
  • Explicit wording
  • Most worryingly this week, I've seen a context derived comment - advice on plant growing on my Garden Bloggers' Blooms Day post. So wrong, it was obvious, but if it gets refined, this kind of spam may get rather hard to spot
All have a link to a blog completely unrelated to the comment content, apart from some of the SEO and explicit ones. It's also worrying that some of the comments manage to get through the spam filter and onto the blog. Guess which type does that the most.... very embarrassing :(

The spam seems to fall into two distinct groups:
  • It happens almost immediately after a post is published
  • It's on old posts from months, even years ago. Most of them don't get trapped by the comment moderation I've set for after 15 days... There's often a number of these coming in 1 after the other within a few seconds. It's made me wonder if LinkWithin is being used in some way to find successive posts to leave comments on.

Why is it happening? I can think of three distinct reasons:
  • Link sellers/spambloggers who try to establish backlinks from reputable blogs to up the Google Page Rank for their shadier offerings 
  • Shady blogs trying to tempt the curious to click on their links (either on the comment or via their entries in the blog's stats) either just for kicks OR in the hope that a) they like what they see and make a purchase and/or b) the shady blog can download malware onto the blogger's computer. NB an example of this type is shown at the top in the above Print Screen from my Blogger stats. Whatever you do, DON'T click on any links from unknown sources when looking at your Blogger stats. That's exactly what they want you to do.
  • Email farming (this again is via Nitecruzr) - collecting any subsequent commenters' email addresses if they leave it in the process of commenting. Any email addresses can be then be linked with the bloggers' URLs and hackers can then look through the blogs for personal information which might possibly be used as passwords. They then use a program to go through hundreds of email/blog/personal information combinations to see if a blog can be opened into its admin area. If successful, those blogs can be hacked for all kinds of dodgy purposes. Unbelievable? Possibly. BUT I've already had an email from Google advising me of a possible hacking attempt on my blog...
Here's hoping, one day...
In the same boat? If yours is a Blogger blog, here's some options for what you can you do about it:
  • Make sure you mark any spam comments which have got through as spam ASAP. Don't just delete them as this doesn't give Google the opportunity to learn about new spam sources, then seek out and destroy them.
  • The Google Forum has a problem rollup thread which is collecting information for their spamwars. Completing the questions in relation to your spam experiences gives them much more information to go on, rather than just reporting comments as spam. I add information on there whenever I detect a change in the way spam is hitting my blog. 
  • Add extra comment security from the blog Settings options in Blogger:
    • Don't allow Anonymous commenters. Stops the spam in its tracks, BUT it will also stop some of your WordPress commenters, as owing to a Blogger bug not all of them can comment using the OpenId option. If I did this I'd also stop my dear friend Lu - who has no online account -from commenting :(
    • Use Word Verification. Stops most of the spam in its tracks, but it hacks off an awful lot of commenters because the letters/numbers given are almost impenetrable at times
    • Use Comment Moderation all the time. I don't know how effective this is at trapping the spam, but seeing it's not been that effective for my posts older than 15 days setting, I'm not holding my breath. It also means that subsequent readers can't respond to your comment conversation, unless you're very quick to publish the pukka comments
  • Add extra comment security from the Options item in the Post settings at the individual blog post level. I do this for posts which attract spam if they're older than 3 months. It's a tip I got from Diana at Elephant's Eye - thanks Diana! I disable both the Reader comments and Backlinks options for completeness. It's a shame to disable commenting in this way, but as I rarely get any comments on a post after a month or so, it's worth it to preserve my own sanity
  • Install another commenting service such as Disqus. Blogher recently discussed the three most popular ones available. Personally, I loathe Disqus as it's so unwieldy and I give up commenting, no matter how good the post is. Commentluv is great, though I don't know if it's available for Blogger and I haven't used Livefyre. NB Nitecruzr has posted about the potential pitfalls of installing a third party comments service... 
Picture of the other spam, for a bit of light relief - courtesy of Matthew W Jackson & wikimedia

As you can see, there are plenty of options available, but they're not entirely satisfactory. For now I'm not implementing any of the extra comment security options because I still want everyone to be able to comment. However, if the spam gets really bad again, or I'm away, you may find I've disabled Anonymous commenting for a while.

Additionally if you're worried about your blog's password (irrespective of blogging platform), change it to a strong one which is also non-personal, plus consider two-step authentication for additional security. WordPress users also need to check that their blog access doesn't include the id Admin as this is being subjected to lots of hacking attempts at the moment. If it's there change it.

Going forward I'd also like the options has to approve first time commenters and the ability to block specific URLs, IP addresses and words. At least that way, I can deal with the spam which I find is increasingly getting around Wordpress's Akismet...

Have you noticed an increase in spam lately? How are you dealing with it?


  1. We may get to the point where the default setting is for blog comments not to allow URLs at all. Which would stop the spammers in their tracks, but also be a bit harsh on genuine bloggers.

  2. Emma - I've been coming to that conclusion too. It'd be a sad day if and when it happens. I did toy with the idea on disabling backlinks on posts, but that's harsh on genuine bloggers too.

    BTW I'd put money on the first comment being spam, I'm so glad it's you :)

  3. I use Wordpress and have blocked quite a few IPs which has helped a great deal. I got it down from about 300 spam comments per day to around 50-80 by blocking about 10 IPs. It is a little time consuming to work out who are the worst offenders though. I also use Askimet as a spam filter and it works really well - it captures pretty much all of it. I think comment moderation for first time commenters is excellent and means that my regular commenters can put up their comments straight away but anyone new is held for moderation. As a wordpress user I have to say I do get mildly irritated (actually that probably over states it) by not being able to put a URL on many Blogger sites. I know why people do it but I would prefer to enter a URL which allows me to track traffic better. I use a Blogger id which just lists my blog but then it shows on stats as Blogger referral.

  4. Hi Liz - yes that extra ability to block IP addresses etc works really well, which is what I'm also asking Blogger to give us, now they have a spam similar to Akismet.

    Interesting to see you've experienced bloggers who're blocking URLs already. I've not seen that at all, but Emma and I have been discussing that on Twitter this morning. It's something we're both considering, but reluctantly so.

    BTW I get mildly irritated by WordPress's insistence on adding my Gravatar instead of my blog's URL. I have to change it every time I leave a comment on a WP blog ;)

    1. Oops that should say spam filter - fingers can't keep up with my brain, yet again ;)

    2. Wordpress adds my gravatar too despite my having a Wordpress blog and I agree entirely - really annoying.

  5. I have had so much spam on my Wordpress site lately that I've added a simple captcha to the comment section as an experiment. I have a wonderful plugin, Akismet, that filters the spam but I still have to go and delete it. I have other things in place too ... no links in comments, comments only show after 1 has been approved, blocked IP etc, I put the captcha on last night and not one piece of spam was there this morning. Not totally sure I will keep it though as it does discourage some from commenting. Time will tell.

  6. Oh, heck. Over on Typepad, I've been getting virtually no spam and when there was a bit of a flurry a couple of months back they seemed to sort it out quickly. But from this month, Typepad in Europe will be free but unsupported - what effect will that have, I wonder.

  7. Yes I have and I use Wordpress and Akismet though they don't make it onto the blog due to all the options I have to flag them for urls and first time commenters. They are posting comments on picture links which is a back door but one that is secure so far.

    I also check the comment with the name, email and url to make sure they match...but as you said they are getting clever.

  8. I have to say that I have noticed a slight increase in spam recently, there has even been a couple of them that has not been caught and made it onto my blog.
    I don't want to put a captcha on as I loathe these and am often put off commenting on blogs.
    I'm pleased I read this as it's given me options that I didn't know were there. Thanks ever so much :)

  9. Thanks for thinking of me - but perhaps I ought to change my ways to make life a bit easier for you!

    I had no idea it was such a problem. What a pain.

    And the genuine spam looks genuinely revolting!

  10. This has made for very interesting reading, VP. I had small flurries of spam on very much older posts but it seems to have died down recently - perhaps the spammers have worked out that my blog isn't reaching that many people, haha!! I've left moderation on and admit that spam comments have been swiftly deleted in the past. Next time it happens, I'll flag it up on the Google Forum you mention. Thanks for all the good advice!

  11. I been trawling thru the discussions about the new G+ commenting system on Blogger. That's a whole new can of worms.

    I hate having to login to comment (I make an exception for WP as that covers a bunch of blogs I read). I hate to battle with Captcha. I prefer to leave my commenters free to use Anonymous - but since I moderate all comments, I look VERY hard at any Anon.

    I regret genuine comments which get hidden in the spam filters then automatically deleted, if we don't go and retrieve them.

    The new spam looks so friendly and convincing, till you hit the embedded link for what!?

  12. My Blogger blog's SPAM quadrupled after I became a member of BlogHer.
    At least 99% of the Anonymous comments are SPAM but I quickly review them all before deleting by just scrolling through the SPAM list.
    Most of it comes from Europe advertising something. Some of it is awful to even scan - makes my sensitive eyes hurt.

  13. We have been getting a regular flow of spam, although not to the same degree as you have. The vast majority of it follows the same pattern, with some badly worded comment followed by "Check out my blog XYZ".

    We are only getting this type of spam on older posts and I am fairly certain it is produced by automated software. I turned anonymous comments off for a while and it reduced, but didn't stop.

    We also get comments that do at least look like they are manually added, they usually link back to an online garden center/nursery. So whilst I do normally delete as they rarely add anything to a post they don't seem quite so bad as the automated stuff.

    We have avoided adding the Captcha image as I find it annoying when I am replying to other blogs so assume others find the same.

    I hope your huge spam level does fall but other than turning off comments for a period or adding the Captcha image I'm not sure what else can be done.

  14. I dont have too many problems with spam on wordpress - generally they are all caught and it is rare for one to slip through the net. I hate CAPTCHA mainly as I often cant see what I am meant to be copying which is deeply annoying and a reminder that I am getting old. I have to login to google in order to comment on blogger blogs and that can be irritating but its just one of those things.

  15. Can't but help think of the Monty Python spam sketch but this is no laughing matter :( I reluctantly decided not to allow anonymous comments which did the trick by and large but still get the occasional spam particularly on older posts. It seems to hit the same few posts so I've been able to disable comments on those posts. Good luck with the battle and thanks for all the information VP.

  16. This is a really useful post, thank you for your tips.

  17. CG - Blogger now has a spam filter like Akismet, but some is getting through and even if it captures it, deleting dozens of comments is no joke! Quite a few WP people are using a captcha now, which suggests it's becoming quite a problem for WP users too.

    Helen - ooo I didn't know they were doing that. Keep me posted on how it works out...

    Donna - much of the spam I get on the WP blog I look after is on the pictures too. V annoying :(

    Angie, Caro and CJ - glad to help :)

    Lu - you might have something which can help already - let's discuss it down the pub!

    Diana - I almost added Google+ to the post, but decided not to because I don't know that much about it. However, from what I've seen via other people it's not the ideal solution, yet. I'm really pleased I didn't mention it!

    Martha - welcome! Have to say I haven't got on that well with Blogher - I was forced to use it for NaBloPoMo in 2011 and loading posts onto it was a real pain. It was one of the reasons why I didn't take part in NaBloPoMo last year.

    Gaz, I get quite a few of those manually added comments designed to link back to a business too :( I did take off anonymous comments when I was away for a few days. It was such a relief not to have a bulging inbox of junk when I got back. It took 12 hours for them to find Anonymous was allowed again.

    Helen - we have a have follow a similar login process for WP blogs and for Typepad too. It's the 'joy' of not using a particular blogging platform!

    Anna - I'd love to disable Anonymous but feel I can't because it'd block quite a few of my regular commenters.


I love reading your comments and welcome thoughtful conversations :)

Help me to help you: If you're having problems leaving comments, contact me using the Contact Form at the foot of this page, or via vegplotting at gmail dot com, or @malvernmeet if a quick tweet is more convenient for you. That way I can get things sorted.

Comments aiming to link back and give credence to commercial websites will be composted!

Sorry - anonymous comments are disabled currently owing to continued problems with spammers.

Related Posts Plugin for WordPress, Blogger...