5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog

by Jeremy Schoemaker on September 29, 2006 · 174 comments

spamUnless your Lisa Picarille from Revenue Magazine ( check the trackbacks on this whoper )you know that you would have to be a idiot to automatically approve all comments and trackbacks on your blog right? Well Even that is a pain in the ass so I made a list of ways to stop the spam before it gets that far.

I have come up with the 5 easiest and best ways to fight comment spam. These are ways to stop spam from ever getting to your blog…. btw if you dont know what akismet is then stop right now and set that up first. This is just to help you stop the spam from even getting the that level. The first 2 require editing of the .htaccess. The rest are wordpress plugins.

5) Deny Access to No Referrer Requests

When humans comment on your blog they have read the post and leave a comment. This of course leaves the referal from your blog. One easy way to block spammers is to check for the referal. Simply paste the lines below into your .htaccess file in the root of your webserver.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*shoemoney.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://whereyouwanttosendthem.com/$ [R=301,L]

What you need to edit:

RewriteCond %{REQUEST_URI} .wp-comments-post\.php* – If you are not running a wordpress blog then you will want to change that to the file that gets the post for comments.

RewriteCond %{HTTP_REFERER} !.*shoemoney.com.* [OR] – obviously you want this to be your domain.

RewriteRule (.*) ^http://whereyouwanttosendthem.com/$ [R=301,L] – this is where you are redirecting them too. This probably does not matter since the automated spambots will not follow redirects.

Done!

4) Kill tor anonymous proxies

Thats cool people want to surf anonymously and all that but being that about 75% of my comments come from tor proxies its much easier just to block them.

simply go here and copy this to your .htaccess to block all the tor servers

3) Stop Comments On Older Posts

Spammers target older posts for 2 reasons.

A) they show up in search engines and thus they know:

  • search engines value the page pr wise
  • it could be relavent to the keyword they are trying to spam

B) You wont see it. – since the post is old its unlikely that you would ever notice thus greater chance of sneaking it by you.

You have a few options to fix this-

You can manually disallow comments for posts after x amount of days (ick)

If you have wordpress you can download this plugin
which will automatically close off comments and trackbacks after 21 days.

If you have some h4x0r skills you can setup a cron job (thats a automated task to us ninjas) that will edit your database directly checking for past posts and setting the comments and

2) Blacklist Repeat Offenders:

When some spammers do get in you can blacklist there ips so they wont ever be able to again… this process does suck a bit but its a option.

Again edit your .htaccess file:

order allow,deny
deny from 192.168.1.1
deny from 192.168.1.*
allow from all

Remember * represent wildcards

1) Rename your comment file

The default for wordpress is wp-comments-post.php by simply renaming this file to say… wpc.php then changing your theme to reflect the different location for the comment file you will ward off a TON of spammers. This will kill 100% of the automated spam bots.

Your probably saying to yourself… well so what? How could this effect my revenue! Well the answer is all the hardwork and time you have spent building the reputation of your site can be QUICKLY destroyed by giving these spammers NAKID (no link condom) links. You know what they say… Imagine everyone you link to and who they have linked to and who they have linked to …. eek!

A good resource I like to read from time to time is SpamHuntress

full disclosure

About the author...

– who has written 2856 posts on ShoeMoney.com.

Jeremy "ShoeMoney" Schoemaker is the founder & CEO of the ShoeMoney Blog, Elite Retreat Internet Conference, & the PAR Program. In 2013 Jeremy released his #1 Amazon Best selling Autobiography titled "Nothing's Changed But My Change" - The ShoeMoney Story. Jeremy currently lives in Lincoln Nebraska with his wife and 2 daughters.


Michelle recommends you check out these amazing posts:

  1. BuyMyShitButton Why Nobody Buys Your Product or Service
  2. hogan Shawn Hogan Speaks Out On FBI Charges
  3. shutterstock_68611039 How To Profit From Invading Your Users Privacy

{ 115 comments }

1 Tom

But you didn’t wear a condom last time we met up!

2 Randy

Thanks for the info ShoeMoney.

3 ToddW

Wow that’s a great list.

I never thought about the No Referrer thing for WP Spam! Thanks!

4 Dino

Cool great tips! ;)

5 Kyle

Just a couple type-o’s… not sure if you care.

2nd word in the post should be “you’re”, not “your”.
2nd bullet under #3 should be “relevant”.

Please delete (don’t post) this comment.

6 BasementGuru

Nice post shoe! I just dugg this! Let the traffic flow!

7 wes

thanks for the info., how do you get the inline digg button next to the article?

8 pk

Thanks for the advice. I am in the process of setting up a support blog and your post has come at the right time. Cheers!

9 Internet Security & Privacy Blog

Thanks for the tips. When I start getting enough traffic and interest in my blog that people are leaving comments on my posts, I will certainly implement those tips.

10 Caleb

Hey Shoe,
Do you have any idea why sites like blogger.com make it so easy for comment spam to happen? Is there a good reason that they haven’t enacted such controls across the board over there? I mean I know it’s not just waving a hand and -poof- they can eliminate it all, but the impression I have is that more could be done. Any thoughts?

11 Tyler Banfield

Awesome tips Shoe! I’ve been using Akismet (which works great), but I am definintely going to try out a couple of these tips…

12 Sam

Why don’t you just use SpamKarma?

On my blog, it has approved 306 comments, rejected 20,826 spams and asked me only what should be done for 22 messages (which were really borderline and forced me to think about them) in more than one year. And I check my log: it has never sent a legitimate comment to hell.

13 Chip

I wonder if it’s helpful to think of #5 as a lightweight Turing test–a way to prove it’s a human and not a bot. That’s what captchas do, but at enormous cost and difficulty. I use a solution that’s probably midway between the two in terms of complexity: forced preview.

14 joey

Hey thanks for the tips! Rewrite rules always trip me, but will try these out!

Posted this article at howtohut

15 Stefan Juhl

I’d skip #3 since you’d end up kind of missing out on valuable trackbacks etc.

16 steve

I suggest you make sure you use the correct spelling of “you’re”, especially when you’re insulting someone else ;-)

17 kevom

The ‘No Referrer’ rule will kill people with ‘Privacy Control’ over the browser (ie norton)

18 karmadude

Just what I was looking for, thanks for the cool tips. Now if the spammers are reading this, I wonder, how long before they figure out ways around these tips.

19 gunbuster

This is much easier:
http://www.klmn.net/gunbuster/2005/10/26/blog-spam/

Requires changes to 2 files, no need to modify .htaccess either.

20 Daniel Lowe

I just have a field on my site that says “To combat comment spam, please enter the word ‘elbow’ in this field.” It works 100% of the time, and if someone automates it, I’ll just change the word.

21 Brajeshwar

Thanks for the list specially the .htaccess hacks.

22 chris

You’re missing one, which is captchas… many websites as drupal enable you to do that.

23 Stu

On my blog the comments have a subject, I found that almost all spammers will put the same name as subject, so simply denying that prevents a great deal of spam.

24 Arne

“5) Deny Access to No Referrer Requests”

I read this post via Mozilla Thunderbird and that certainly didn’t send a referrer. I guess I’m not welcome here when you wouldn’t want me to post. :p

25 FyreGoddess

Before I had image verification on my blog, I had problems with spam. Akismet is good, but it’s not flawless, so certain spam would get through, likewise, certain legit comments would wind up in the Akismet blocked list. Since I didn’t want to go through the hassle of always having to go through hundreds of spam comments, I just added a verification plug-in.

Some of my handful of readers may not like it, but they cope, and I no longer have *any* spam. I turned off Akismet so it would stop with the false positives.

Robots can’t read images and it’s much less work on the admin end of things.

26 Markus

Awesome. Just saw you made the Digg front page with this. The Shoemoney empire is growing!

27 David

You forgot the most important (and easiest) way for eliminating (in my case) literally 100% of all spam I was getting.

(drumroll please)
Akismet

28 mitemous

renaming your comment/trackback scripts will also prevent a vast amount of blog spam..

29 Markus

you might want to reread the post

30 pdajunkee

visit my site for the best prices in prescription drugs

ha ha… just kidding, great article!

31 Matt Martin

Another front page Digg story already?! Congrats!

32 Ken Savage

Hey Jeremy, can you share what kind of referral traffic you’re getting from Digg and Del.icio.us?

33 Don Messerli

I’m running WordPress and have it set so that a user must be logged-in to post a comment. I’m getting spam comments from non-users. How can this happen?

34 kwa

Revenue Magazine appears to use b2evolution for their blogs. That blogging tool has been known for very bad support for anti-spam plug-ins.

Now, about your toughts, I would like to comment those :

5) Deny Access to No Referrer Requests

I’ve already seen some visitors using privacy protection tools removing their browser’s referrer information, making it empty or modified. Preventing those people from commenting your blog appears to lead to block false positives.

4) Kill tor anonymous proxies

Using DNS BLs and so also leads to false positives. Hijacked computers are often used as anonymous proxies or identified as such. However, these computers also often use dynamic IP addresses, so the next Internet user having the same IP address a couple of days laters might be blocked. I encountered a false positive on a blog where the user was unable to post comments, while the user was previously known as for commenting my blog.

1) Rename your comment file

I haven’t seen any change in spamming load after renaming my comment file. Spammers came back in hours.

Don’t forget the .htaccess file is parsed for every file open by your web server. Once I had a .htaccess file full of anti-spam techniques (about 3.000 lines of spamming referrers and open proxy IPs), 80% of a page load was spent by the server to parse the .htaccess file…

35 DA

Wait a minute:

Aren’t you going to deny access to ALL robots because they don’t send referrer? I would not do that.

36 LV.

good tips.

37 rZeta

Nice HowTO, that’s a great list, very complete. Congrats!

38 rZeta

Great info, that’s a very complete list.
(My last comment -same as this- hasn’t been added?)

39 Greg

Here is a little secret. One of the major spam programs has some generic built in searches for Google. Here is the MAIN thing it searches for (not in quotes):

powered by wordpress
welcome to wordpress

So get rid of those phrases at the bottom of your site and the spam will go down a bit. Keywords can be added to vay the search but those at the top of the SE will be getting hammered with spam. I am guessing other spam bots look for similar generic wordpress text. :)

40 John_Loch

I’ve read these tips before. They’ve been around for eons. And unfortunately they don’t count for squat. They can all be dealt with using automata VERY easily, and are bypassed every day.

The ONLY way to be certain you’re going to nail it automatically, is to use CAPTCHAS. And quite frankly, its far more cost effective than banning from blacklists… Oh no, lookout.. SHOEMONEY CAPTCHA BANNERS.. made spcially for mini-me’s ;)

41 Steve D.

I guess my comment is somewhat inline with KWA’s. I understand the need to fight spam, and you’ve got some great ideas, but it seems a shame to disallow anyone using the tor servers…especially with the tor version of firefox out there now. Just my two cents.

-Steve

42 stu

if you look it only blocks post requests, normal robots don’t post to your blog at least not the ones i’ve seen.

43 ShoeMoney

what about a adsense captcha =P

44 Shane

I’ve been using Spam Karma on many blogs for several months now and couldn’t be happier. You just install it and activate it. That’s it. It’s stopped thousands of spams, only let one through, and only blocked a couple of legitimate comments.

I can’t imagine anything better.

45 Silver

Akismet absolutely rocks! I’ll have to try your other stuff, too, but Akismet is simply a great gateguard.

46 Lochlin

saw a copy at of this post at http://super-des.blogspot.com
damn copy cats!

47 Super Des

Thanks for this info

48 iCan Marketing

I am wondering if I should still approve comments on my blog if all these saftey features are in place, what do you do?

49 jeremy Sabourin

Very helpfull

50 chris

regex!

51 Svetoslav Marinov

Hi,

you are blocking LAN IPs this is just an example right ?


order allow,deny
deny from 192.168.1.1
deny from 192.168.1.*
allow from all

.htaccess file should be regularly updated to prevent SPAM attack.

Svet

52 coffee

Deny Access to No Referrer Request

I know I’m a little late to the party, but, was reading through older posts here and found the above tid-bit.

I have to say that this *may* not be a good idea. I do much programming with “widgets” on third party sites, and the widgets are heavy users of the referrer. One thing that I’ve discovered is that ad blocking software on browsers tend to not send a referrer. Also, some personal firewals (try Microsofts default firewarl) tend to block the referrer.

This is a lame attempt to solve the problem of viewing ad’s on a site, but one deployed none the less.

If you block no referrers you may be blocking VALID attempts for access.

–Random comment :)

53 Little Money

Great tips! But my site is so small that i dont have much trouble with spam :D In the future i’ll implement these. Thanks

54 mike

A client contacted me a few days ago and requested that I add a few additional SPAM impediments to his Wordpress blog. These improvements were based on a post over at Shoe Money that has some excellent pointers

55 Jenny Breen

Thanks for sharing the great info Shoemoney! I hate spammers!

56 Sam2K

Combine this with Akismet and it sounds like a great way to keep under control.

57 AdultTube

Very interesting :)

58 Gecko Tales

I indiviudally approve every comment, but I don’t get hundreds of comments a day like you do.

59 Kurye

Thanks for this informations. yararli bilgiler icin cok tesekkurler. (escuse me my english is bad.)

60 Whatever-ishere

thanks for the GREAT post! Very useful…

61 gizzmo

i am a high school students….does anyone know wat any proxies are??????????????

62 Michel

This is a nice post about book Gift cards and its a very needed information.
Thanks for such an important post.
Thanks

63 Ramiro

Thanks for the tips. After searching for information about this topic I must say this is straight to the point. Very useful.

64 aspeseeKigree

If anyone is looking for a no nonsense way to make money fast, these guys are the best
it took me a few days to get going, but they were very helpful. Two weeks in and i just
got my first $1,000 check. This works by spreading the word, so I’m spreading the word.

Check it out here: http://www.17getmoney.info

65 PsyMonk

Интересно. Значит надо какие-нибудь поправки вносить.

66 Blog spam expert

Given some of the comments on this blog your spam filters could do with some tightening! Spam is like an arms race – the more defences you put up the more effort spammers will put into cicumnavigating you.

The trick is to use a range of different techniques – IP blocking, response tokens, keyword filtering, etc.

I also think that tools such as Wordpress provide pretty poor spam support all told. Askimet helps, but they could do more with their basic comments template to help deter spammers.

67 Chuck

Hello Sir,

I have a question please. Could you tell me where within my htaccess file I place the list of anon proxies list? I use wordpress and I don’t know if that list goes before the standard wordpress htaccess stuff, or after it. Thank you

68 Suzi

Sure, spam is a pain. I often think, why the heck people spend so much time putting out this rubbish. Nice blog.

69 PhillDoc

Interesting article as for me. It would be great to read a bit more about that topic.

70 эротика

классный сайт)

71 FrankP

Any quick way of blocking it is welcomed by me.

72 секс видео онлайн

интересно…

73 Quick Loans

This kind of thing needs to be stopped before it gets out of hand. So good work for posting about it.

74 софт

я так не думаю…

75 hotfiledownloads

I can look for the reference to a site on which there is a lot of information on this question.

76 Bush
77 Helga
78 Bush
79 Seth Haeuser

hello, Thank You for this blog. we are reading at blogs to see how others are running them and how they look. Thought i’d post “Good Looking”

80 ways for teens to make money

Earning money on the internet is often hard at first but Its those that be persistant to it that always succeed.

81 Ute Boscarino

I really enjoy what you write on here. I try and visit your blog every day so keep up the good writing!

82 Add your Site

I think we are just redesigning what a business plan is or maybe I really am not sure what a business plan is. But if you are building a powerpoint on how your company is going to make a ton of money and you need to invest in me. To me that is a business plan. So you need some structure.

83 Ed Levitra

Your posts help me many times to take good decisions. Thanks – ED Levitra, Pharmacist from Washington

84 Tanner

WOW!!! Im soo glad I just read this post, I get so many spam comments on one of my blogs about baby clothing Its super annoying. I cant wait to change my comments file name (stupid spam bots!) Thanks for the info. Jeremy!!!

85 seobridging

The Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog sure, it’s focused on blogs, but there are some great tips for forum owners in general if you don’t mind getting . Thanks for sharing info.

86 mra

Really these info are great. So many great tips are available online but only the people like shoemoney can bring them to their user. Thanks for this to check the spammers on blog comment.

87 Russel Rodrigeuz

How are you getting on using wordpress? I suck at html and coding so for me wordpress has been a god send.

88 Como Sacar Abdominales

Earning money on the internet is often hard at firtst but. Its those that be persistant to it that always succeed

89 Finca Mallorca

Thanks for post! it is very helpful information. :)

90 kalkulator oc i ac

It’s funny that you described it

91 GolfFitness

In wordpress, there is a file that named wp-comments-post.php. To stop blog spam from hitting your blog, you need to change the file name to something else like wpc.php. Then you have to change your theme to reflect the new location of wordpress comments file. It will kill 100% automated spam bots.

92 Julio

Thanks for sharing shoe!

Do you know if the proxy blacklist gets updated daily, weekly or monthly?

93 Andres

Great tips on comment spam! I’ll be sure to utilize those! :)

94 Gibson

Thank you for the wonderful and insightful post, will definitely be recommending your blog to my friends – My hubby is actually into this kind of thing, he’ll be chuffed! :D

95 Spam Terminator Level 1

Why is there so much spam on your site- about how to block spam automatically? I know that it’s extremely easy to go back and remove them, especially if they show up on the last page (first page read)… what’s up? do these techniques no longer work? I don’t expect you to publish this, just wanted to ask and alert you that there is 10+ spam messages for everything from teens making money online to viagra (but not viagra?) lol… kudos for trying to help the little guys defend against the goliath spam bots :) – that is all- Please pull up to the next window and pay the cashier.

96 Black Market

The irony. So much spam on this post.

97 Sahil Kotak

I use Akismet plugin and it works best for me!

98 Rodney

Those are some great tips.. You can also make your post nofollow.. most blogs already come like that tho, ex. Blogger…

99 Brian

Wow this is pretty awesome stuff. I am starting to get hit hard on some posts. I will look into some of these now.

100 James

How ironic that there is so much spam on this post. I can only imagine the amount that you have to deal with on a daily basis.

I love the idea of renaming the comment field from the default wordpress one. I’ll have to try that out.

101 Inboxnetbiz

Wow, great post. I thought spamming existed in emails only since they use autoresponders. Wonder how they can spam blogs too? Your post certainly enlightenment on the technicals of how it works.

102 monster on ear headphones

Thanks For Sharing,
Bradley Nordstrom

103 Maidul

This is a great list for combating spam.I list some plugin also to combat spam you can check them also
http://techsloution4u.com/wordpress/best-ways-to-fight-spam-on-your-wordpress-blog.html

104 Aswin Vayiravan

Nice ways to block spam , but i wholly rely on the akisme
t plugin

105 westseyi

Wonder how they can spam blogs too? Your post certainly enlightenment on the technicals of how it works.
http://www.shoemoney.com

106 Search

I really like what you guys are usually up too. This sort of clever work and coverage! Keep up the fantastic works guys I’ve incorporated you guys to my own blogroll.

107 Apartment Recycling
108 ray ban sunglasses

As classic as they come, these iconic Ray-ban shades will keep your little one’s peepers looking cool and protected. With a partial metal frame and black plastic arms, the distinctive branding on the right lens complete the accessory for a timeless summer look.

109 cheap sunglasses

When you are enthusiastic about finding out much more about classy metallic clutches, browse right select your choice. Examine this source to understand the way all these cool and trendy wholesale handbags donate the style enterprise.

Shoemoney 110 ray bans on sale

hello.thanks for your posted,i really love your site,thanks

Shoemoney 111 louis vuitton outlet

hello.thanks for your posted,i really love your site,thanks

Shoemoney 112 ray ban sunglasses

hello.thanks for your posted,i really love your site,thanks

113 urgent payday loans

The loanword sum can be returned back a course in some new spot I have ne’er heard of, and thither’s no map to
find out where it is. fast payday loans uk The lender will reappraisal your loanword application program and
you exist.””Censorship reflects a society’s lack of authority in itself.

114 permanent weight loss pills

A blog like yours ought to be earning much money from adsense.

Previous post:

Next post: