Eliminate Firewalls?
Review: Cybersecurity Guide for US Government Agencies

Is it Spam? This week in Comment Spam

Every web, blog or social site is interested in attracting visitors. Generally, visitors find sites by using search engines. Improving the likelihood that your site will be among the links a search engine returns is thus extremely valuable to every site, especially ones that earn revenue from visitors. The higher your ranking is, the more likely your web site or hyperlink will appear on the initial page a search engine presents to users.

Like any other digital commodity that legitimate businesses value , criminals will inevitably attempt to profit by game ranking systems: this misbehavior is called spamdexing. Sites that allow comments are frequent targets for spammers who submit comments that serve no other purpose than to insert a hyperlink that points to a spammer's site. Comment spam shares many characteristics of mail spam, as these samples from my comment moderator panel at Typepad  illustrate:


If published, these comments would include hyperlinks to health improvement products. Some may be scams. It doesn't matter. The comments contribute nothing or may pose a risk to your visitors. And the mere existence of comment spam on your blog or site can suggest that you don't pay attention to comments.  

Show your visitors that you pay attention to your blog:


Moderate comments. Set up your submission form so that you can review comments before you publish them.

Require a sign-in or CAPTCHA for comments. These don't dissuade all comment spammers but they may defeat automated spamdexing.

Delete questionable comments. Treat this as a coarse filtering activity and be aggressive. You're better off having fewer comments at your site than frivolous, unrelated, poorly composed ones. 

ModerateReport Spam. Many blog or web publishing platforms have a comment moderation panel. If you're confident a comment is spam, report it. If you're uncertain, you can err on the side of caution and delete, or you can check the embedded links against comment spam block lists.

Projecthoneynet.org offers an IP check, and a directory of comment spammer IPs so extract the domain name from the URL, use dig or nslookup to resolve the name to an IP address, and check it. If you are being targeted for comment spam or the volume is too large to manage without automation, consider implementing some of the other Projecthoneynet services: subscribe to and use the Blacklist (http:BL), install a honeypot, or if you don't have administrator privileges and cannot install a honeypot, consider a Quicklink


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.