Fighting WordPress Spam – Part 2 – Spam Wars!

with 2 Comments

I am kinda a fan of the Star Wars Movie Series. I know all the major players at least. And when I opened my slow, inactive website and saw 322 comments – all of which were spam – I knew it was time for:

Spam Wars: The Webmaster Fights Back!

I operate a couple dozen WordPress sites, some as CMS or Content Management Systems, and some as blogs. All are pretty much open to comment, lately I have been deleting thousands of comments a day. Nearly all are spam. It is now time for Spam Wars!

If you read Fighting WordPress Spam – Part 1 – What is Spam? you know that I think there is more kinds of spam that just “Link Hogs”. A Link Hogs, is just a “pork” comment with a lot of links in it that are not related to your topic in your post or page.

Generic Comments are ALWAYS SPAM!

Generic Spam is a comment that COULD apply to your post. And it could also apply to many other post world wide!

“It saved me MUCH TIME! :)”
If you see that. a spam Bot just wasted your time – it is really spam.

“thanks !! very helpful post!Linwood Koogle
That link and the the link to his post name, Linwood Koogle, both led to his shopping cart!

“Find Jobs in My State…”
There was no link in that one, just the linked name… “arizona scottsdale installation maintenance repair jobs” Obviously after Google SERP Ratings!

“What is the major difference between the actual iphone 4 and iphone 5 that will be coming out for States?
i would really like to figure out if it’s worth it to acquire the iphone4 or if i must wait for i phone five.”

That comment was posted on a site from an inspirational speaker! I guess iphones inspired him. This was an out of place comment that had nothing to do with the blog post topic. The user name was “iphone 5” and it linked to a site willing to (for a price) reserve and sell you an iphone 5! Maybe! – It was likely a scam and that is what scammers do, they use spam. You send them money, you get nothing!

The next two were generic comments. They came in 3 hours apart from their Spam Bot. They had different email address, slightly different names, slightly different posts, and even different IP addresses. What they had in common was two things. First, they both linked to the same website, and second, they had the same topic – if successful, this would just help them get better search engine results page (SERP) rankings. See if you can see it…

“Thank you for your site! I really value what you’re posting here.”
From: make money filling out forms online

Hey! I’ve just stopped by to thank you for this full info. Take care!
From: ways to make real money online

Remember these are scams that go to a website called “Make money online”. They are obviously after SERP results for Make money online… Here is the first thing I see on their page, their description…

Description
How to make money online. More new ways to make money online. Who can making money on the internet.

The WHOLE reason people spam is so you link to their website. This actually is the main reason for Internet spam in the first place, even email spam. So our job is to prevent linking to their website. Also, for the sake of our readers, our job is to prevent a lot of meaningless “pork” comments too!

Fighting Spam

Now we come to the fun part – Fighting Spam!

There are many approaches to this topic. Here are a few.

Block the Spammer from Viewing My Site!

Some try to block spammers from viewing their website! Now wouldn’t that be nice! Obviously, you have to be able to filter out who, Bot or human is viewing your site, and then decide who is likely to be a spammer.

It is like the debate do guns kill people or do people kill people? Does a loaded gun in the hands of a 5 year old kill people, or did the 5 year old kill his brother “playing” cops and robbers? Amazingly, before there were guns, no one was killed by them!

Try to figure out who the spammer is in advance and you will surely be blocking real readers. Or block a friendly Bot you want like Google or Yahoo! I have a better idea that will stop ALL spam 100% – just shut down your website! 🙁

Filter the comments

Akismet is a very popular filter of this kind. However, it also uses your bandwidth. And if you are making $2 a month on adsense adds, you need to pay them $5 a month for the service. However, setting aside the five bucks issue, there is a hit on your bandwidth for each spam. That can both cost you more time and slow down your site. It may be a good option of a super fast server with a reasonable site. But if you have a blog for 4,000,000 Full Gospel Business Men’s Fellowship users in 160 countries (www.FGBMFI.net) you may want something less bandwidth heavy.

Bots Can’t Find Me!

“Bots” or “Internet Robots” are computers that post most span on WordPress sites.

Simple Bots have a hard time with “transactions!” On the other hand, humans cannot live without transactions! From buying food to “buying” love – we make transactions daily – hourly even. But Bots are rigid. They do not deal well with the likes of sessions, cookies, and javascript – things that are designed to be used by browsers with humans looking at a screen.

This method exploits the limitations or weakness of the Bot to prevent it from posting spam.

The idea is to just write your comment section using any or all of these and Bots can’t find you!

Problem is, sometimes humans cannot find you either! In some browser you can turn off any or all of these! To be effective you really need to use a combination of these. Historically, these do not work well across platform, and they become a nightmare to maintain. Therefore, they tend to be abandoned often.

An alternative to this may be to use some of this, in a simple or easy method, rather than a complex, stop all spam method. A simple critical point reveled by bot behavior. Or a simple cookie, rather than an all encompassing one may be more effective and easier to maintain.

Captured By CAPTCHA!

A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is not generated by a computer.

It is a contrived acronym based on the word “capture” and standing for “Completely Automated Public Turing test to tell Computers and Humans Apart”.

Often this puts a distorted picture of letters and ask the user to type them in a input box. If the site is valuable enough, OCR or Optical Character Recognition may be used to “read” the image. Likewise there are problems for visually challenged people.

Audio CAPTCHA’s make the challenge with sound and have the same problem with the larger deaf community. Often these are an either/or CAPTCHA. Nonetheless, advanced in computers makes the challenge harder and harder for real humans to detect and respond properly.

That can mean your readers get frustrated and go away! Likely not what you want.

Logic and Reason!

A variation of the CAPTCHA is the logic and reason challenges. Computers do not actually reason – at least not like humans at this time. The question “How do you spell orange?” or “What day follows Sunday?” Are generally easier for humans and harder for computers. On a single site it works well, across a lot of sites, spammers start adapting programmers.

The problem here is that these are easy to program, and also it requires knowledge of the language (in this case English).

How do you spell TWO!

Computers are great at solving math problems! However – the the information must be delivered in the right way. The equation 2+2 is simple math, but the computer must receive the numbers as numbers (not strings which are printed numbers) and know that the + means to add them.

That alone confuses the Bots. To make it more confusing, you can use other letters or punctuation to confuse the Bot even more. Here are a few examples…
2+2
2 + 2
2&2
2 & 2
2 plus 2
2 and 2
two+two
two + two
two&two
two & two

ALL of the above (and many many more) all add up to 4! Or perhaps four! The point is to make your site as different as you can. A spammer wants a million sites he can attack. If you use the same as everyone, that makes it easy for him. If you us some pattern that is different, spam Bots have a hard time learning it!

The computer needs an exact method of input, so I am sure you can think of many more ways to say two plus two.

This is one of my favorite challenges and you would be surprise how well it works.

I use the Math Comment Spam Protection

Bot Behavior!

One of the best Computer Techs I have known, had a degree in Human Psychology! Actually this helped them analyze the behavior of the broken computer. The computer behaves indifferent ways with different problems.

It got me thinking that Bots do this also. Not the Bots per-say but the people who program the Bots. If we analyze the Bot Behavior – Bot Psychology 101 – it may be possible do discover things Bots do, or don’t do, that is different from that of humans. To exploit this without unduly influencing the behavior of humans.

The advantage of this is that while a CAPTCHA modifies a human to behave differently, either take the time to figure it out, or get frustrated trying and leave the site! This would just have a minimal human input, like, or even less than, the Math Comment Spam Protection

Spam Wars: What Works?

I have decided to take a two part approach.

The first step will be to use the Math Comment Spam Protection Plugin I have had this on a test site for 48 hours that was receiving 3-4 spam per hour. That number dropped to zero. So basically I did NOT receive about 200 spam on that one site in the last couple days. I will add this to all sites.

My second step will be to analyze Bot Behavior – Bot Psychology 101 – and see if I can find a way to minimize my effect on human behavior, keep my CPU time low, keep my bandwidth low, and maximize my negative effect on Bot spammers. 99+% of spam comes from Bot spammers. I am still working on this so stay tuned for part three.

Spam Wars: Combining Ammunition!

Most army training includes some kind of harvesting ammunition! In other words, picking up guns, bullets, mines and bombs that were the enemy’s and using them to fight the war. In Star Wars they did this with an imperial shuttle craft.

It is likely a combination effect may be better. Bot Behavior – Bot Psychology 101 – combined with very simple JavaScript and a very simple cookie and a simple “Math Comment Spam Protection” could actually be the best protection and give 99% of your users (those with JavaScript and cookies enabled) a fairly easy way to post on your site while blocking 99+% of spam.

Blocking 100% of Spam!

Please let me assure you that there is NO WAY to block 100% of Spam with a computer program – that is what humans are for. You should really spend some time to look at your comments and determine if they are valid or if they are spam. If you are blocking 99+% of spam, then you will have more time to look at the real comments.

Nothing here will stop the human spam. If a person sits at a computer, and makes a comment, and includes an unrelated link to his website, no program on earth will stop that. ALL spam programs are based on patterns and Bot limitations and things like that which happen many thousands of times a day. A single, hand written post will always get through.

That is why you need to read your comments!

Spam Wars: Happiness!

I will close with a quote from one of my most recognizable spam Bots:

Spam Wars: “It Saved Me MUCH Time!” 🙂

2 Responses

  1. Lan
    | Reply

    Did this work for you?

    Post Your Comments and let me know. I am still working on Spam Control!

    “May The Force Be With You!”

  2. […] Spam Wars: Part One of this series I addressed what Spam is. In Spam Wars: Part Two I started to define Bot Psychology 101 – understanding how Bots are actually programed in […]

Leave a Reply