But you didn’t wear a condom last time we met up!

Thanks for the info ShoeMoney.

Wow that’s a great list.

I never thought about the No Referrer thing for WP Spam! Thanks!

Cool great tips!

Just a couple type-o’s… not sure if you care.

2nd word in the post should be “you’re”, not “your”.
2nd bullet under #3 should be “relevant”.

Please delete (don’t post) this comment.

Nice post shoe! I just dugg this! Let the traffic flow!

thanks for the info., how do you get the inline digg button next to the article?

Thanks for the advice. I am in the process of setting up a support blog and your post has come at the right time. Cheers!

Thanks for the tips. When I start getting enough traffic and interest in my blog that people are leaving comments on my posts, I will certainly implement those tips.

Hey Shoe,
Do you have any idea why sites like blogger.com make it so easy for comment spam to happen? Is there a good reason that they haven’t enacted such controls across the board over there? I mean I know it’s not just waving a hand and -poof- they can eliminate it all, but the impression I have is that more could be done. Any thoughts?

Awesome tips Shoe! I’ve been using Akismet (which works great), but I am definintely going to try out a couple of these tips…

Why don’t you just use SpamKarma?

On my blog, it has approved 306 comments, rejected 20,826 spams and asked me only what should be done for 22 messages (which were really borderline and forced me to think about them) in more than one year. And I check my log: it has never sent a legitimate comment to hell.

I wonder if it’s helpful to think of #5 as a lightweight Turing test–a way to prove it’s a human and not a bot. That’s what captchas do, but at enormous cost and difficulty. I use a solution that’s probably midway between the two in terms of complexity: forced preview.

Hey thanks for the tips! Rewrite rules always trip me, but will try these out!

Posted this article at howtohut

I’d skip #3 since you’d end up kind of missing out on valuable trackbacks etc.

I suggest you make sure you use the correct spelling of “you’re”, especially when you’re insulting someone else

[...] Shoemoney, one of the most recognized face in the SEO universe, has written five 5 simple tips to stop spammers from targetting your blog. His suggestions includes disabling comments on old blog posts as they are the most frequent targets of comment spam because of two reasons: A) they show up in search engines B) You wont see it. - since the post is old its unlikely that you would ever notice thus greater chance of sneaking it by you. [...]

The ‘No Referrer’ rule will kill people with ‘Privacy Control’ over the browser (ie norton)

Just what I was looking for, thanks for the cool tips. Now if the spammers are reading this, I wonder, how long before they figure out ways around these tips.

This is much easier:
http://www.klmn.net/gunbuster/2005/10/26/blog-spam/

Requires changes to 2 files, no need to modify .htaccess either.

I just have a field on my site that says “To combat comment spam, please enter the word ‘elbow’ in this field.” It works 100% of the time, and if someone automates it, I’ll just change the word.

Thanks for the list specially the .htaccess hacks.

You’re missing one, which is captchas… many websites as drupal enable you to do that.

On my blog the comments have a subject, I found that almost all spammers will put the same name as subject, so simply denying that prevents a great deal of spam.

“5) Deny Access to No Referrer Requests”

I read this post via Mozilla Thunderbird and that certainly didn’t send a referrer. I guess I’m not welcome here when you wouldn’t want me to post. :p

Before I had image verification on my blog, I had problems with spam. Akismet is good, but it’s not flawless, so certain spam would get through, likewise, certain legit comments would wind up in the Akismet blocked list. Since I didn’t want to go through the hassle of always having to go through hundreds of spam comments, I just added a verification plug-in.

Some of my handful of readers may not like it, but they cope, and I no longer have *any* spam. I turned off Akismet so it would stop with the false positives.

Robots can’t read images and it’s much less work on the admin end of things.

Awesome. Just saw you made the Digg front page with this. The Shoemoney empire is growing!

You forgot the most important (and easiest) way for eliminating (in my case) literally 100% of all spam I was getting.

(drumroll please)
Akismet

renaming your comment/trackback scripts will also prevent a vast amount of blog spam..

you might want to reread the post

visit my site for the best prices in prescription drugs

ha ha… just kidding, great article!

Another front page Digg story already?! Congrats!

Hey Jeremy, can you share what kind of referral traffic you’re getting from Digg and Del.icio.us?

[...] Recently I have been getting about 100 spam posts a day on my blog, it is getting annoying to the point that I simply ignore all comment posted notification e-mails and just check for valid comments once a week. Shoemoney has written a very informative article on simple ways to stop blog spam and I have implemented 2 of the 5 htaccess updates he recommends. [...]

I’m running WordPress and have it set so that a user must be logged-in to post a comment. I’m getting spam comments from non-users. How can this happen?

Revenue Magazine appears to use b2evolution for their blogs. That blogging tool has been known for very bad support for anti-spam plug-ins.

Now, about your toughts, I would like to comment those :

5) Deny Access to No Referrer Requests

I’ve already seen some visitors using privacy protection tools removing their browser’s referrer information, making it empty or modified. Preventing those people from commenting your blog appears to lead to block false positives.

4) Kill tor anonymous proxies

Using DNS BLs and so also leads to false positives. Hijacked computers are often used as anonymous proxies or identified as such. However, these computers also often use dynamic IP addresses, so the next Internet user having the same IP address a couple of days laters might be blocked. I encountered a false positive on a blog where the user was unable to post comments, while the user was previously known as for commenting my blog.

1) Rename your comment file

I haven’t seen any change in spamming load after renaming my comment file. Spammers came back in hours.

Don’t forget the .htaccess file is parsed for every file open by your web server. Once I had a .htaccess file full of anti-spam techniques (about 3.000 lines of spamming referrers and open proxy IPs), 80% of a page load was spent by the server to parse the .htaccess file…

Wait a minute:

Aren’t you going to deny access to ALL robots because they don’t send referrer? I would not do that.

[...] Link here. [...]

good tips.

Nice HowTO, that’s a great list, very complete. Congrats!

Great info, that’s a very complete list.
(My last comment -same as this- hasn’t been added?)

[...] 30/9 - Stop Spam for Your Site September 30, 2006 [...]

[...] via Black Hat SEO (equals spammer?) Mr. Shoemoney (i guess he knows best) [...]

Here is a little secret. One of the major spam programs has some generic built in searches for Google. Here is the MAIN thing it searches for (not in quotes):

powered by wordpress
welcome to wordpress

So get rid of those phrases at the bottom of your site and the spam will go down a bit. Keywords can be added to vay the search but those at the top of the SE will be getting hammered with spam. I am guessing other spam bots look for similar generic wordpress text.

I’ve read these tips before. They’ve been around for eons. And unfortunately they don’t count for squat. They can all be dealt with using automata VERY easily, and are bypassed every day.

The ONLY way to be certain you’re going to nail it automatically, is to use CAPTCHAS. And quite frankly, its far more cost effective than banning from blacklists… Oh no, lookout.. SHOEMONEY CAPTCHA BANNERS.. made spcially for mini-me’s

I guess my comment is somewhat inline with KWA’s. I understand the need to fight spam, and you’ve got some great ideas, but it seems a shame to disallow anyone using the tor servers…especially with the tor version of firefox out there now. Just my two cents.

-Steve

if you look it only blocks post requests, normal robots don’t post to your blog at least not the ones i’ve seen.

what about a adsense captcha =P

I’ve been using Spam Karma on many blogs for several months now and couldn’t be happier. You just install it and activate it. That’s it. It’s stopped thousands of spams, only let one through, and only blocked a couple of legitimate comments.

I can’t imagine anything better.

Akismet absolutely rocks! I’ll have to try your other stuff, too, but Akismet is simply a great gateguard.

saw a copy at of this post at http://super-des.blogspot.com
damn copy cats!

[...] A client contacted me a few days ago and requested that I add a few additional SPAM impediments to his Wordpress blog. These improvements were based on a post over at Shoe Money that has some excellent pointers. [...]

[...] Danke an Shoemoney: 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog [...]

[...] A great list of easy ways to stop comment spam before it ever hits your blog.read more | digg story [...]

[...] October keith.schilling09:29 amAdd comment No not me..but its funny how well known SEO gurus can play off one another.  Take for example Shoemoney’s post on defeating comment spam on blogs.  Then you have Jaimie shooting back with how to get away with spam.  Both have diggs to drive traffic to their sites…both great at making them link baits. [...]

[...] Е�?ли shoemoney пишет про то как �?пам о�?тановить, �? напишу про то, каким образом его можно продолжить. �?е поймите мен�? превратно. Я ненавижу �?пам, кроме тех �?лучаев, когда он �?мешит или впечатл�?ет мен�?. И по�?кольку дни идут, и в�?е больше людей мен�? читает, �? заметил, что количе�?тво �?памеров, обращающих на мен�? внимание, неуклонно ра�?тет. [...]

[...] �?емного �?умбурна�? но забавна�? и, может быть даже в чем-то полезна�?, �?тать�? про �?пам в блоги. Затрагивает�?�? тема �?оциальной инженерии в �?паме. Е�?ли shoemoney пишет про то как �?пам о�?тановить, �? напишу про то, каким образом его можно продолжить. �?е поймите мен�? превратно. Я ненавижу �?пам, кроме тех �?лучаев, когда он �?мешит или впечатл�?ет мен�?. И по�?кольку дни идут, и в�?е больше людей мен�? читает, �? заметил, что количе�?тво �?памеров, обращающих на мен�? внимание, неуклонно ра�?тет.   �?айдено на:   zvonko.biz Ваша оценка:    (Голо�?ов пока нет)  Loading … 10 отговорок заказчика, которые должен знать каждый фрилан�?ер ← → [...]

[...] 2. 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog - sure, it’s focused on blogs, but there are some great tips for forum owners in general if you don’t mind getting your hands dirty with .htaccess [...]

[...] 2. 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog - sure, it’s focused on blogs, but there are some great tips for forum owners in general if you don’t mind getting your hands dirty with .htaccess [...]

Thanks for this info

[...] I think that pretty much sums up all the spammers on the internet with advertisement crap or those stupid kids / foreigners. If you want to protect your blog from these stupid spammers aswell id suggest you read this article I found: ‘5 Quick and Easy Ways To Stop Spam Before It Hits Your Blog’. Have fun blogging =) [...]

[...] How to Prevent Blog Spam Before it Happens [...]

I am wondering if I should still approve comments on my blog if all these saftey features are in place, what do you do?

[...] Choosing or creating a theme is always the first step for me. Then, installing plugins, getting mod rewrite working, turning off the rich text editor (I can’t stand that thing), changing my password, ect… One of the biggest problems with using Wordpress or any blog software for that matter is comment spam. Frankly if you don’t do anything to protect yourself then you probably deserve to get spammed. Thanks to a great plugin called Did You Pass Math? and a tip from Shoemoney I’ve found a way to eliminate 99% of comment spam right out of the gate. [...]

[...] I’ve also implemented some of Shoemoney’s suggestions for stopping blog spam.  99% of spam doesn’t get through akismet, but I thought I’d try these anyway…the renaming of wp-comments-post.php will at least save akismet some work. [...]

Very helpfull

[...] Introduction to BloggingProblogger - A blog that helps bloggers to add income streams to their blogs.Copyblogger - Copywriting tips for your blog.21 Surefire Tips for a Successful Blog LaunchScobleizer - Robert Scoble’s blog, one of the authors of Naked Conversations.5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog - Shoe Money breaks down how to fight spam before it hits.10 Techniques to Get More Comments on Your BlogWriting for the Web - Detailed 6 page pdf that covers writing for the web.10 Sure-Fire Headline Formulas That Work - So, you’re seeing too many of those “how to” and list headlines, and want to try a few different angles? Let’s move beyond those common headline formulas you see over and over, and add some new blood to your attention-grabbing arsenal.7 More Sure-Fire Headline Templates That WorkTips to Better BloggingStructured Blogging - Structured Blogging is all about giving bloggers the tools to create and syndicate structured information, such as reviews and events.Blogging Pro - News, plugins and themes for blogging applications. [...]

regex!

[...] 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog [...]

[...] 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog - Shoe Money breaks down how to fight spam before it hits. [...]

[...] Bei diesem Blog kommen momentan auf jeden echten Kommentar 64 Spam Einträge. Jetzt versuche ich alle Direkteinstiege auf wp-comments-post.php per htaccess zu unterbinden (thanks shoemoney.com). Ich werde dann hier berichten wie das ganze so läuft. [...]

[...] Via ShoeMoney sur le conseil de Séb - Akismet et Bad Behaviour constituent une assez bonne protection contre la recrudescence de spam sur les commentaires des blogs. [...]

[...] Here’s some great tips __________________ Survival TV Shows Dedicated Server Help & Guides - Free Dedicated Server Tutorials [...]

Hi,

you are blocking LAN IPs this is just an example right ?


order allow,deny
deny from 192.168.1.1
deny from 192.168.1.*
allow from all


.htaccess file should be regularly updated to prevent SPAM attack.

Svet

Deny Access to No Referrer Request

I know I’m a little late to the party, but, was reading through older posts here and found the above tid-bit.

I have to say that this *may* not be a good idea. I do much programming with “widgets” on third party sites, and the widgets are heavy users of the referrer. One thing that I’ve discovered is that ad blocking software on browsers tend to not send a referrer. Also, some personal firewals (try Microsofts default firewarl) tend to block the referrer.

This is a lame attempt to solve the problem of viewing ad’s on a site, but one deployed none the less.

If you block no referrers you may be blocking VALID attempts for access.

–Random comment

Great tips! But my site is so small that i dont have much trouble with spam In the future i’ll implement these. Thanks

[...] I got this trick from Shoemoney. When a real person comments on your blog he leaves the referral from your blog. An easy way to block spammers is to check for the referral. No referral, no comments allowed. Copy and paste the lines below into your .htaccess file in the root of your webserver. [...]

[...] This solution does not stop spam bots from commenting on your blog. It depends on how the bots attacked your site. Some bots might just locate the wp-comments-post.php and hit the file directly. Some “smart” bots might figured out that you had changed the name of that file and search for your new comment file and hit it. There are other solutions besides this one. Shoemoney had written these solutions quite some time ago and they do work. You should read it. Other than that, you should install this Challenge Wordpress Plugins so that commenters will need to reply to your questions before able to submit their comments. That’s something bots can’t do comparing to us, humans . [...]

[...] Introduction to Blogging Problogger - A blog that helps bloggers to add income streams to their blogs. Copyblogger - Copywriting tips for your blog. 21 Surefire Tips for a Successful Blog Launch Scobleizer - Robert Scoble’s blog, one of the authors of Naked Conversations. 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog - Shoe Money breaks down how to fight spam before it hits. 10 Techniques to Get More Comments on Your Blog Writing for the Web - Detailed 6 page pdf that covers writing for the web. 10 Sure-Fire Headline Formulas That Work - So, you’re seeing too many of those “how to” and list headlines, and want to try a few different angles? Let’s move beyond those common headline formulas you see over and over, and add some new blood to your attention-grabbing arsenal. 7 More Sure-Fire Headline Templates That Work Tips to Better Blogging Structured Blogging - Structured Blogging is all about giving bloggers the tools to create and syndicate structured information, such as reviews and events. Blogging Pro - News, plugins and themes for blogging applications. [...]

[...] farei uma transcrição de um artigo muito interessante do ShoeMoney, que eliminou totalmente os SPAMs no TNow. São 5 dicas fáceis de [...]

[...] If you own a blog, you know how annoying blog spam can become. Jeremy from ShoeMoney.com has an excellent list of “5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog“. [...]

A client contacted me a few days ago and requested that I add a few additional SPAM impediments to his Wordpress blog. These improvements were based on a post over at Shoe Money that has some excellent pointers

[...] Shoemoney - Changing Filenames [...]

Thanks for sharing the great info Shoemoney! I hate spammers!

[...] Blog Launch Scobleizer - Robert Scoble’s blog, one of the authors of Naked Conversations. 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog - Shoe Money breaks down how to fight spam before it hits. 10 Techniques to Get More Comments on [...]

[...] your new comment file and hit it. There are other solutions besides this one. Shoemoney had written these solutions quite some time ago and they do work. You should read it. Other than that, you should install this [...]

[...] 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your BlogJeremy Schoemaker (Shoemoney) [...]

Combine this with Akismet and it sounds like a great way to keep under control.

[...] 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog Jeremy Schoemaker (Shoemoney) [...]

[...] 10 Design Mistakes Jakob Nielson What Do You Do When Someone Steals Your Content Lorelle VanFossen 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog Jeremy Schoemaker 101 Ways to Build Link Popularity Andy Hagans and Aaron Wall 21 Tactics to [...]

[...] 10 Design Mistakes Jakob Nielson What Do You Do When Someone Steals Your Content Lorelle VanFossen 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog Jeremy Schoemaker 101 Ways to Build Link Popularity Andy Hagans and Aaron Wall 21 Tactics to [...]

Very interesting

AuctionAds+Twitter+Adsense+Wordpress=toBid.info…

Cause AuctionAds allow using multiple AuctionAds units on a single page, so, plan to use AuctionAds as the main content for toBid.info
Use the keywords from search box and title to define the keyword that needed for the AuctionAds to get the fitting c…

[...] 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog Jeremy Schoemaker (Shoemoney) [...]

[...] Tips for a Successful Blog Launch 成功博客的21条军规 Scobleizer - 作者交流的天地 5 Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog - 防止spam的5个简便易行的方法 10 Techniques to Get More Comments on Your Blog [...]