Unless your Lisa Picarille from Revenue Magazine ( check the trackbacks on this whoper )you know that you would have to be a idiot to automatically approve all comments and trackbacks on your blog right? Well Even that is a pain in the ass so I made a list of ways to stop the spam before it gets that far.
I have come up with the 5 easiest and best ways to fight comment spam. These are ways to stop spam from ever getting to your blog…. btw if you dont know what akismet is then stop right now and set that up first. This is just to help you stop the spam from even getting the that level. The first 2 require editing of the .htaccess. The rest are wordpress plugins.
5) Deny Access to No Referrer Requests
When humans comment on your blog they have read the post and leave a comment. This of course leaves the referal from your blog. One easy way to block spammers is to check for the referal. Simply paste the lines below into your .htaccess file in the root of your webserver.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*shoemoney.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://whereyouwanttosendthem.com/$ [R=301,L]
What you need to edit:
RewriteCond %{REQUEST_URI} .wp-comments-post\.php* – If you are not running a wordpress blog then you will want to change that to the file that gets the post for comments.
RewriteCond %{HTTP_REFERER} !.*shoemoney.com.* [OR] – obviously you want this to be your domain.
RewriteRule (.*) ^http://whereyouwanttosendthem.com/$ [R=301,L] – this is where you are redirecting them too. This probably does not matter since the automated spambots will not follow redirects.
Done!
4) Kill tor anonymous proxies
Thats cool people want to surf anonymously and all that but being that about 75% of my comments come from tor proxies its much easier just to block them.
simply go here and copy this to your .htaccess to block all the tor servers
3) Stop Comments On Older Posts
Spammers target older posts for 2 reasons.
A) they show up in search engines and thus they know:
- search engines value the page pr wise
- it could be relavent to the keyword they are trying to spam
B) You wont see it. – since the post is old its unlikely that you would ever notice thus greater chance of sneaking it by you.
You have a few options to fix this-
You can manually disallow comments for posts after x amount of days (ick)
If you have wordpress you can download this plugin
which will automatically close off comments and trackbacks after 21 days.
If you have some h4x0r skills you can setup a cron job (thats a automated task to us ninjas) that will edit your database directly checking for past posts and setting the comments and
2) Blacklist Repeat Offenders:
When some spammers do get in you can blacklist there ips so they wont ever be able to again… this process does suck a bit but its a option.
Again edit your .htaccess file:
deny from 192.168.1.1
deny from 192.168.1.*
allow from all
Remember * represent wildcards
1) Rename your comment file
The default for wordpress is wp-comments-post.php by simply renaming this file to say… wpc.php then changing your theme to reflect the different location for the comment file you will ward off a TON of spammers. This will kill 100% of the automated spam bots.
Your probably saying to yourself… well so what? How could this effect my revenue! Well the answer is all the hardwork and time you have spent building the reputation of your site can be QUICKLY destroyed by giving these spammers NAKID (no link condom) links. You know what they say… Imagine everyone you link to and who they have linked to and who they have linked to …. eek!
A good resource I like to read from time to time is SpamHuntress
About the author...
Jeremy Schoemaker – who has written 2412 posts on ShoeMoney.com.
Hi I am Jeremy Schoemaker and ShoeMoney.com is my blog. 99% of the post here are done by me but you will see others occasionally make guest posts. This blog is fun to write but for my day job I run several online companies.
Images provided by ShutterStock
Are You a Conference Speaker Douchebag? 
The Gestalt Protocal 
I used to be FAT until I had A Duodenal Switch 
{ 102 comments… read them below or add one }
But you didn’t wear a condom last time we met up!
Thanks for the info ShoeMoney.
Wow that’s a great list.
I never thought about the No Referrer thing for WP Spam! Thanks!
Cool great tips!
Just a couple type-o’s… not sure if you care.
2nd word in the post should be “you’re”, not “your”.
2nd bullet under #3 should be “relevant”.
Please delete (don’t post) this comment.
Nice post shoe! I just dugg this! Let the traffic flow!
thanks for the info., how do you get the inline digg button next to the article?
Thanks for the advice. I am in the process of setting up a support blog and your post has come at the right time. Cheers!
Thanks for the tips. When I start getting enough traffic and interest in my blog that people are leaving comments on my posts, I will certainly implement those tips.
Hey Shoe,
Do you have any idea why sites like blogger.com make it so easy for comment spam to happen? Is there a good reason that they haven’t enacted such controls across the board over there? I mean I know it’s not just waving a hand and -poof- they can eliminate it all, but the impression I have is that more could be done. Any thoughts?
Awesome tips Shoe! I’ve been using Akismet (which works great), but I am definintely going to try out a couple of these tips…
Why don’t you just use SpamKarma?
On my blog, it has approved 306 comments, rejected 20,826 spams and asked me only what should be done for 22 messages (which were really borderline and forced me to think about them) in more than one year. And I check my log: it has never sent a legitimate comment to hell.
I wonder if it’s helpful to think of #5 as a lightweight Turing test–a way to prove it’s a human and not a bot. That’s what captchas do, but at enormous cost and difficulty. I use a solution that’s probably midway between the two in terms of complexity: forced preview.
Hey thanks for the tips! Rewrite rules always trip me, but will try these out!
Posted this article at howtohut
I’d skip #3 since you’d end up kind of missing out on valuable trackbacks etc.
I suggest you make sure you use the correct spelling of “you’re”, especially when you’re insulting someone else
The ‘No Referrer’ rule will kill people with ‘Privacy Control’ over the browser (ie norton)
Just what I was looking for, thanks for the cool tips. Now if the spammers are reading this, I wonder, how long before they figure out ways around these tips.
This is much easier:
http://www.klmn.net/gunbuster/2005/10/26/blog-spam/
Requires changes to 2 files, no need to modify .htaccess either.
I just have a field on my site that says “To combat comment spam, please enter the word ‘elbow’ in this field.” It works 100% of the time, and if someone automates it, I’ll just change the word.
Thanks for the list specially the .htaccess hacks.
You’re missing one, which is captchas… many websites as drupal enable you to do that.
On my blog the comments have a subject, I found that almost all spammers will put the same name as subject, so simply denying that prevents a great deal of spam.
“5) Deny Access to No Referrer Requests”
I read this post via Mozilla Thunderbird and that certainly didn’t send a referrer. I guess I’m not welcome here when you wouldn’t want me to post. :p
Before I had image verification on my blog, I had problems with spam. Akismet is good, but it’s not flawless, so certain spam would get through, likewise, certain legit comments would wind up in the Akismet blocked list. Since I didn’t want to go through the hassle of always having to go through hundreds of spam comments, I just added a verification plug-in.
Some of my handful of readers may not like it, but they cope, and I no longer have *any* spam. I turned off Akismet so it would stop with the false positives.
Robots can’t read images and it’s much less work on the admin end of things.
Awesome. Just saw you made the Digg front page with this. The Shoemoney empire is growing!
You forgot the most important (and easiest) way for eliminating (in my case) literally 100% of all spam I was getting.
(drumroll please)
Akismet
renaming your comment/trackback scripts will also prevent a vast amount of blog spam..
you might want to reread the post
visit my site for the best prices in prescription drugs
ha ha… just kidding, great article!
Another front page Digg story already?! Congrats!
Hey Jeremy, can you share what kind of referral traffic you’re getting from Digg and Del.icio.us?
I’m running WordPress and have it set so that a user must be logged-in to post a comment. I’m getting spam comments from non-users. How can this happen?
Revenue Magazine appears to use b2evolution for their blogs. That blogging tool has been known for very bad support for anti-spam plug-ins.
Now, about your toughts, I would like to comment those :
5) Deny Access to No Referrer Requests
I’ve already seen some visitors using privacy protection tools removing their browser’s referrer information, making it empty or modified. Preventing those people from commenting your blog appears to lead to block false positives.
4) Kill tor anonymous proxies
Using DNS BLs and so also leads to false positives. Hijacked computers are often used as anonymous proxies or identified as such. However, these computers also often use dynamic IP addresses, so the next Internet user having the same IP address a couple of days laters might be blocked. I encountered a false positive on a blog where the user was unable to post comments, while the user was previously known as for commenting my blog.
1) Rename your comment file
I haven’t seen any change in spamming load after renaming my comment file. Spammers came back in hours.
Don’t forget the .htaccess file is parsed for every file open by your web server. Once I had a .htaccess file full of anti-spam techniques (about 3.000 lines of spamming referrers and open proxy IPs), 80% of a page load was spent by the server to parse the .htaccess file…
Wait a minute:
Aren’t you going to deny access to ALL robots because they don’t send referrer? I would not do that.
good tips.
Nice HowTO, that’s a great list, very complete. Congrats!
Great info, that’s a very complete list.
(My last comment -same as this- hasn’t been added?)
Here is a little secret. One of the major spam programs has some generic built in searches for Google. Here is the MAIN thing it searches for (not in quotes):
powered by wordpress
welcome to wordpress
So get rid of those phrases at the bottom of your site and the spam will go down a bit. Keywords can be added to vay the search but those at the top of the SE will be getting hammered with spam. I am guessing other spam bots look for similar generic wordpress text.
I’ve read these tips before. They’ve been around for eons. And unfortunately they don’t count for squat. They can all be dealt with using automata VERY easily, and are bypassed every day.
The ONLY way to be certain you’re going to nail it automatically, is to use CAPTCHAS. And quite frankly, its far more cost effective than banning from blacklists… Oh no, lookout.. SHOEMONEY CAPTCHA BANNERS.. made spcially for mini-me’s
I guess my comment is somewhat inline with KWA’s. I understand the need to fight spam, and you’ve got some great ideas, but it seems a shame to disallow anyone using the tor servers…especially with the tor version of firefox out there now. Just my two cents.
-Steve
if you look it only blocks post requests, normal robots don’t post to your blog at least not the ones i’ve seen.
what about a adsense captcha =P
I’ve been using Spam Karma on many blogs for several months now and couldn’t be happier. You just install it and activate it. That’s it. It’s stopped thousands of spams, only let one through, and only blocked a couple of legitimate comments.
I can’t imagine anything better.
Akismet absolutely rocks! I’ll have to try your other stuff, too, but Akismet is simply a great gateguard.
saw a copy at of this post at http://super-des.blogspot.com
damn copy cats!
Thanks for this info
I am wondering if I should still approve comments on my blog if all these saftey features are in place, what do you do?
Very helpfull
regex!
Hi,
you are blocking LAN IPs this is just an example right ?
order allow,deny
deny from 192.168.1.1
deny from 192.168.1.*
allow from all
.htaccess file should be regularly updated to prevent SPAM attack.
Svet
I know I’m a little late to the party, but, was reading through older posts here and found the above tid-bit.
I have to say that this *may* not be a good idea. I do much programming with “widgets” on third party sites, and the widgets are heavy users of the referrer. One thing that I’ve discovered is that ad blocking software on browsers tend to not send a referrer. Also, some personal firewals (try Microsofts default firewarl) tend to block the referrer.
This is a lame attempt to solve the problem of viewing ad’s on a site, but one deployed none the less.
If you block no referrers you may be blocking VALID attempts for access.
–Random comment
Great tips! But my site is so small that i dont have much trouble with spam
In the future i’ll implement these. Thanks
A client contacted me a few days ago and requested that I add a few additional SPAM impediments to his Wordpress blog. These improvements were based on a post over at Shoe Money that has some excellent pointers
Thanks for sharing the great info Shoemoney! I hate spammers!
Combine this with Akismet and it sounds like a great way to keep under control.
Very interesting
I indiviudally approve every comment, but I don’t get hundreds of comments a day like you do.
Thanks for this informations. yararli bilgiler icin cok tesekkurler. (escuse me my english is bad.)
thanks for the GREAT post! Very useful…
i am a high school students….does anyone know wat any proxies are??????????????
This is a nice post about book Gift cards and its a very needed information.
Thanks for such an important post.
Thanks
Thanks for the tips. After searching for information about this topic I must say this is straight to the point. Very useful.
If anyone is looking for a no nonsense way to make money fast, these guys are the best
it took me a few days to get going, but they were very helpful. Two weeks in and i just
got my first $1,000 check. This works by spreading the word, so I’m spreading the word.
Check it out here: http://www.17getmoney.info
Интересно. Значит надо какие-нибудь поправки вносить.
Given some of the comments on this blog your spam filters could do with some tightening! Spam is like an arms race – the more defences you put up the more effort spammers will put into cicumnavigating you.
The trick is to use a range of different techniques – IP blocking, response tokens, keyword filtering, etc.
I also think that tools such as Wordpress provide pretty poor spam support all told. Askimet helps, but they could do more with their basic comments template to help deter spammers.
Hello Sir,
I have a question please. Could you tell me where within my htaccess file I place the list of anon proxies list? I use wordpress and I don’t know if that list goes before the standard wordpress htaccess stuff, or after it. Thank you
Sure, spam is a pain. I often think, why the heck people spend so much time putting out this rubbish. Nice blog.
Interesting article as for me. It would be great to read a bit more about that topic.
классный сайт)
Any quick way of blocking it is welcomed by me.
интересно…
This kind of thing needs to be stopped before it gets out of hand. So good work for posting about it.
я так не думаю…
I can look for the reference to a site on which there is a lot of information on this question.
Hello, nice site look this:
houston office furniture
ashley furniture brown sofa
value city furniture stores in pennsylvania
furniture row
corona five piece bedroom furniture
bobs discount furniture stores
tropical bedroom furniture
teens bedroom furniture
50% off ashley furniture
custom office furniture
Nu kogda ge,kogda uge!!!
Hello, nice site look this:
http://bestfreeporn.gofreeserve.com/free-black-woman-porno-clips.html||free black woman porno clips
http://bestfreeporn.gofreeserve.com/free-full-lenght-pornos.html||free full lenght pornos
http://bestfreeporn.gofreeserve.com/watch-awsome-free-porno-online.html||watch awsome free porno online
http://bestfreeporn.gofreeserve.com/free-porno-tube-streams.html||free porno tube streams
http://bestfreeporn.gofreeserve.com/free-long-playing-older-women-porno-videos.html||free long playing older women porno videos
http://bestfreeporn.gofreeserve.com/free-online-porno-games.html||free online porno games
http://bestfreeporn.gofreeserve.com/free-hardcore-exclusive-kanye-west-bisexual-porno-galleries.html||free hardcore exclusive kanye west bisexual porno galleries
http://bestfreeporn.gofreeserve.com/porno-free-pictures.html||porno free pictures
http://bestfreeporn.gofreeserve.com/free-porno-thumb-movies.html||free porno thumb movies
http://bestfreeporn.gofreeserve.com/free-young-foreign-porno-videos.html||free young foreign porno videos
Nu kogda ge,kogda uge!!!
Hello, nice site look this:
viagra genaric
viagra buy
viagra drug
cialis generic viagra
free viagra
where to buy viagra
discount generic viagra
viagra online purchase
keyword order viagra
generic viagra
viagra genaric
best price viagra
viagra cialis levitra
where to buy viagra
viagra cheap
viagra advice
100mg viagra
viagra order
viagra pharmacy
viagra pill
Nu kogda ge,kogda uge!!!
hello, Thank You for this blog. we are reading at blogs to see how others are running them and how they look. Thought i’d post “Good Looking”
Earning money on the internet is often hard at first but Its those that be persistant to it that always succeed.
I really enjoy what you write on here. I try and visit your blog every day so keep up the good writing!
I think we are just redesigning what a business plan is or maybe I really am not sure what a business plan is. But if you are building a powerpoint on how your company is going to make a ton of money and you need to invest in me. To me that is a business plan. So you need some structure.
Your posts help me many times to take good decisions. Thanks – ED Levitra, Pharmacist from Washington
WOW!!! Im soo glad I just read this post, I get so many spam comments on one of my blogs about baby clothing Its super annoying. I cant wait to change my comments file name (stupid spam bots!) Thanks for the info. Jeremy!!!
The Quick and Easy Ways To Stop Blog Spam Before It Hits Your Blog sure, it’s focused on blogs, but there are some great tips for forum owners in general if you don’t mind getting . Thanks for sharing info.
Really these info are great. So many great tips are available online but only the people like shoemoney can bring them to their user. Thanks for this to check the spammers on blog comment.
How are you getting on using wordpress? I suck at html and coding so for me wordpress has been a god send.
Earning money on the internet is often hard at firtst but. Its those that be persistant to it that always succeed
Thanks for post! it is very helpful information.
It’s funny that you described it
In wordpress, there is a file that named wp-comments-post.php. To stop blog spam from hitting your blog, you need to change the file name to something else like wpc.php. Then you have to change your theme to reflect the new location of wordpress comments file. It will kill 100% automated spam bots.
Thanks for sharing shoe!
Do you know if the proxy blacklist gets updated daily, weekly or monthly?
Great tips on comment spam! I’ll be sure to utilize those!
Thank you for the wonderful and insightful post, will definitely be recommending your blog to my friends – My hubby is actually into this kind of thing, he’ll be chuffed!
Why is there so much spam on your site- about how to block spam automatically? I know that it’s extremely easy to go back and remove them, especially if they show up on the last page (first page read)… what’s up? do these techniques no longer work? I don’t expect you to publish this, just wanted to ask and alert you that there is 10+ spam messages for everything from teens making money online to viagra (but not viagra?) lol… kudos for trying to help the little guys defend against the goliath spam bots
– that is all- Please pull up to the next window and pay the cashier.
The irony. So much spam on this post.
I use Akismet plugin and it works best for me!
Those are some great tips.. You can also make your post nofollow.. most blogs already come like that tho, ex. Blogger…
Wow this is pretty awesome stuff. I am starting to get hit hard on some posts. I will look into some of these now.
How ironic that there is so much spam on this post. I can only imagine the amount that you have to deal with on a daily basis.
I love the idea of renaming the comment field from the default wordpress one. I’ll have to try that out.
Wow, great post. I thought spamming existed in emails only since they use autoresponders. Wonder how they can spam blogs too? Your post certainly enlightenment on the technicals of how it works.