Xaprb

Stay curious!

Three steps to stopping blog comment spam

with 8 comments

This is part knowledge share, part appeal: fellow bloggers, I’d comment a lot more on your blogs (and I want to!) if I could. Please, make it easy for me to comment — don’t make me log in (I won’t do it) or moderate me. I’ve found a solution that works really well for me; maybe it’ll help you too.

I get a lot of comment attempts on this blog. Even years ago, when it wasn’t getting much traffic, I would get hundreds or thousands of spam comments every time I logged in to check my moderation queue. It became a ritual I’d do several times a day, like checking email, and I’d have pages and pages of comments to delete.

Today I get just a few spam comments a month. I have a three-part recipe that has proven to virtually eliminate spam comments. None of the three works in isolation, but together they are very good.

Here it is:

  1. Akismet. Akismet is very, very good at detecting spam and putting it into the moderation queue. It rarely has a false positive or false negative. All you have to do is sign up for a Wordpress account (takes 15 seconds) so you get an Akismet API key.
  2. WP-Gatekeeper. This lets you add a simple question-answer, like a CAPTCHA but without obnoxious accessibility problems or unreadable images. Even the biggest sites on the web use unreadable CAPTCHAs, and it drives me nuts. See Yes, I’m Human. No, I Can’t Decode YouTube Captchas.
  3. Bad Behavior is the keystone in the arch. It actually denies access to the site, based on the request’s HTTP headers and other metadata.

This trio of plugins, all of which are very simple to install and configure, mean that very few spam-bot requests ever reach the site. The remaining requests are easily quarantined into the moderation queue if they are spam.

This also makes it really easy for humans to comment on my blog. You just answer the goofy question and that’s it. Your comments don’t get moderated unless Akismet thinks they are spam.

On a related note, the Subscribe To Comments is the other feature I appreciate the most on other people’s blogs. I don’t want to subscribe via RSS, and I don’t want to check back; subscribing to get email when there’s a response is great for me.

Written by Xaprb

October 11th, 2008 at 12:23 pm

Posted in SQL, World Wide Web

Tagged with ,

« Would Tufte approve of mixing units on a graph?
How to change the default database in MySQL »

8 Responses to 'Three steps to stopping blog comment spam'

Subscribe to comments with RSS or TrackBack to 'Three steps to stopping blog comment spam'.

  1. I also like to possibility you (whoever) add to the mysql performance blog to be notify to the thread without commenting it.

    Email is the best way to be notified if you have not set a comment system like disqus of cocomment for example.

    If it is cool for you not to have spam, but it would be cool for the commentators to have their comments stored in a central way. You are not the only blog I follow and it is important for me to be able to find my comments.

    frederic sidler

    11 Oct 08 at 5:26 pm

  2. Thanks for the suggestion. I didn’t know about disqus and I think the concept sounds like something I’ve been wanting too. I’ll look into this on my own blog. Percona’s mysqlperformanceblog.com already has the ability to add to the notify list without commenting.

    Xaprb

    11 Oct 08 at 6:21 pm

  3. I wondered what plugin you were using for the challenge question. I thought it was the one from meyerweb, but I was scared off because it seemed like it wasn’t updated in a while.

    I settled on is_human(), which seems to be working pretty well at limiting the spam.

    Gregory Haase

    11 Oct 08 at 9:15 pm

  4. Good stuff. I activated the plugins aside from the gatekeeper. Registration on my site, for comments, was a result of too much spam, of course. So we’ll see how these work out.

    themattreid

    15 Oct 08 at 1:09 am

  5. I consider moderation to be essential. You are responsible for the content of your blog, as the publishing editor of it, even for a stray comment by an an obnoxious reader (even if they are human). Even if you monitor your blog 24/7 and delete every inappropriate, or even just boring or off-topic comment, immediately, such comments may be available for a moment.

    The bigger problem I see is that there is no consistency to how one comments on a given blog. There ought to be a standard for blogs, like there is for HTML. Having a standard way to screen and moderate comments would go a long way to focusing efforts on improving that functionality and reducing the annoyance of so many ad-hoc solutions.

    Richard

    15 Oct 08 at 11:13 am

  6. I moderate comments in that they come to me by email. I read them and if they’re inappropriate I delete them. My blog is not a free speech zone. But I don’t want to log in or otherwise explicitly authorize each comment.

    Xaprb

    15 Oct 08 at 11:15 am

  7. Hi,
    Just did a search on reducing spam comments, and this post was #3 result. I am receiving up to a thousand spam comments per day, so I think I will be trying out that gatekeeper you mention above. Thanks for the info.
    I also like the followup comments by email, and wish more blogs would have it.

    Tim

    30 Nov 08 at 11:57 pm

  8. I think the problem is spamming scripts are being written that target prominent blogging/comments systems such as Movable Type. Friends running MT have been targetted, but I’m running an obscure comments system called DotComment, which has had nothing in the way of spam (so far!). Perhaps modifications need to be made to the MT (and other) commenting systems to make them less susceptible to this kind of hacking. Cheers, AJ.

    AJ @ Web Hosting, UK

    29 Dec 08 at 7:43 pm

Leave a Reply