Unless your Lisa Picarille from Revenue Magazine ( check the trackbacks on this whoper )you know that you would have to be a idiot to automatically approve all comments and trackbacks on your blog right? Well Even that is a pain in the ass so I made a list of ways to stop the spam before it gets that far.
I have come up with the 5 easiest and best ways to fight comment spam. These are ways to stop spam from ever getting to your blog…. btw if you dont know what akismet is then stop right now and set that up first. This is just to help you stop the spam from even getting the that level. The first 2 require editing of the .htaccess. The rest are wordpress plugins.
5) Deny Access to No Referrer Requests
When humans comment on your blog they have read the post and leave a comment. This of course leaves the referal from your blog. One easy way to block spammers is to check for the referal. Simply paste the lines below into your .htaccess file in the root of your webserver.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*shoemoney.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://whereyouwanttosendthem.com/$ [R=301,L]
What you need to edit:
RewriteCond %{REQUEST_URI} .wp-comments-post\.php* – If you are not running a wordpress blog then you will want to change that to the file that gets the post for comments.
RewriteCond %{HTTP_REFERER} !.*shoemoney.com.* [OR] – obviously you want this to be your domain.
RewriteRule (.*) ^http://whereyouwanttosendthem.com/$ [R=301,L] – this is where you are redirecting them too. This probably does not matter since the automated spambots will not follow redirects.
Done!
4) Kill tor anonymous proxies
Thats cool people want to surf anonymously and all that but being that about 75% of my comments come from tor proxies its much easier just to block them.
simply go here and copy this to your .htaccess to block all the tor servers
3) Stop Comments On Older Posts
Spammers target older posts for 2 reasons.
A) they show up in search engines and thus they know:
- search engines value the page pr wise
- it could be relavent to the keyword they are trying to spam
B) You wont see it. – since the post is old its unlikely that you would ever notice thus greater chance of sneaking it by you.
You have a few options to fix this-
You can manually disallow comments for posts after x amount of days (ick)
If you have wordpress you can download this plugin
which will automatically close off comments and trackbacks after 21 days.
If you have some h4×0r skills you can setup a cron job (thats a automated task to us ninjas) that will edit your database directly checking for past posts and setting the comments and
2) Blacklist Repeat Offenders:
When some spammers do get in you can blacklist there ips so they wont ever be able to again… this process does suck a bit but its a option.
Again edit your .htaccess file:
deny from 192.168.1.1
deny from 192.168.1.*
allow from all
Remember * represent wildcards
1) Rename your comment file
The default for wordpress is wp-comments-post.php by simply renaming this file to say… wpc.php then changing your theme to reflect the different location for the comment file you will ward off a TON of spammers. This will kill 100% of the automated spam bots.
Your probably saying to yourself… well so what? How could this effect my revenue! Well the answer is all the hardwork and time you have spent building the reputation of your site can be QUICKLY destroyed by giving these spammers NAKID (no link condom) links. You know what they say… Imagine everyone you link to and who they have linked to and who they have linked to …. eek!
A good resource I like to read from time to time is SpamHuntress
- Comment Likes 
- Comment Dislikes
November 24, 2009 at 3:41 pm
классный сайт)
October 22, 2009 at 5:18 am
Interesting article as for me. It would be great to read a bit more about that topic.
June 9, 2009 at 8:48 pm
Hello Sir,
I have a question please. Could you tell me where within my htaccess file I place the list of anon proxies list? I use wordpress and I don’t know if that list goes before the standard wordpress htaccess stuff, or after it. Thank you
August 23, 2009 at 4:14 pm
Sure, spam is a pain. I often think, why the heck people spend so much time putting out this rubbish. Nice blog.
April 5, 2009 at 9:51 am
Given some of the comments on this blog your spam filters could do with some tightening! Spam is like an arms race – the more defences you put up the more effort spammers will put into cicumnavigating you.
The trick is to use a range of different techniques – IP blocking, response tokens, keyword filtering, etc.
I also think that tools such as Wordpress provide pretty poor spam support all told. Askimet helps, but they could do more with their basic comments template to help deter spammers.
January 29, 2009 at 11:50 am
Интересно. Значит надо какие-нибудь поправки вносить.
December 10, 2008 at 3:34 pm
If anyone is looking for a no nonsense way to make money fast, these guys are the best
it took me a few days to get going, but they were very helpful. Two weeks in and i just
got my first $1,000 check. This works by spreading the word, so I’m spreading the word.
Check it out here: http://www.17getmoney.info
November 22, 2008 at 6:38 pm
Thanks for the tips. After searching for information about this topic I must say this is straight to the point. Very useful.
November 17, 2008 at 11:39 pm
This is a nice post about book Gift cards and its a very needed information.
Thanks for such an important post.
Thanks
March 13, 2008 at 11:46 am
i am a high school students….does anyone know wat any proxies are??????????????
November 21, 2007 at 10:02 am
thanks for the GREAT post! Very useful…
October 25, 2007 at 12:45 am
Thanks for this informations. yararli bilgiler icin cok tesekkurler. (escuse me my english is bad.)
September 10, 2007 at 9:20 am
I indiviudally approve every comment, but I don’t get hundreds of comments a day like you do.
June 29, 2007 at 7:07 pm
Very interesting
April 27, 2007 at 3:09 pm
Combine this with Akismet and it sounds like a great way to keep under control.
March 16, 2007 at 3:40 pm
Thanks for sharing the great info Shoemoney! I hate spammers!
February 26, 2007 at 7:58 pm
A client contacted me a few days ago and requested that I add a few additional SPAM impediments to his Wordpress blog. These improvements were based on a post over at Shoe Money that has some excellent pointers
January 9, 2007 at 6:10 pm
Great tips! But my site is so small that i dont have much trouble with spam
In the future i’ll implement these. Thanks
January 9, 2007 at 9:08 am
I know I’m a little late to the party, but, was reading through older posts here and found the above tid-bit.
I have to say that this *may* not be a good idea. I do much programming with “widgets” on third party sites, and the widgets are heavy users of the referrer. One thing that I’ve discovered is that ad blocking software on browsers tend to not send a referrer. Also, some personal firewals (try Microsofts default firewarl) tend to block the referrer.
This is a lame attempt to solve the problem of viewing ad’s on a site, but one deployed none the less.
If you block no referrers you may be blocking VALID attempts for access.
–Random comment
December 30, 2006 at 2:14 pm
Hi,
you are blocking LAN IPs this is just an example right ?
order allow,deny
deny from 192.168.1.1
deny from 192.168.1.*
allow from all
.htaccess file should be regularly updated to prevent SPAM attack.
Svet
November 13, 2006 at 7:07 pm
regex!
November 6, 2006 at 8:41 am
Very helpfull
November 2, 2006 at 11:10 pm
I am wondering if I should still approve comments on my blog if all these saftey features are in place, what do you do?
October 19, 2006 at 7:24 am
Thanks for this info
October 3, 2006 at 2:17 pm
saw a copy at of this post at http://super-des.blogspot.com
damn copy cats!
October 2, 2006 at 11:10 pm
Akismet absolutely rocks! I’ll have to try your other stuff, too, but Akismet is simply a great gateguard.
October 2, 2006 at 3:33 pm
I’ve been using Spam Karma on many blogs for several months now and couldn’t be happier. You just install it and activate it. That’s it. It’s stopped thousands of spams, only let one through, and only blocked a couple of legitimate comments.
I can’t imagine anything better.
October 2, 2006 at 3:20 am
what about a adsense captcha =P
October 2, 2006 at 2:57 am
if you look it only blocks post requests, normal robots don’t post to your blog at least not the ones i’ve seen.
October 1, 2006 at 10:58 pm
I guess my comment is somewhat inline with KWA’s. I understand the need to fight spam, and you’ve got some great ideas, but it seems a shame to disallow anyone using the tor servers…especially with the tor version of firefox out there now. Just my two cents.
-Steve
September 30, 2006 at 10:09 am
I’ve read these tips before. They’ve been around for eons. And unfortunately they don’t count for squat. They can all be dealt with using automata VERY easily, and are bypassed every day.
The ONLY way to be certain you’re going to nail it automatically, is to use CAPTCHAS. And quite frankly, its far more cost effective than banning from blacklists… Oh no, lookout.. SHOEMONEY CAPTCHA BANNERS.. made spcially for mini-me’s
September 30, 2006 at 8:51 am
Here is a little secret. One of the major spam programs has some generic built in searches for Google. Here is the MAIN thing it searches for (not in quotes):
powered by wordpress
welcome to wordpress
So get rid of those phrases at the bottom of your site and the spam will go down a bit. Keywords can be added to vay the search but those at the top of the SE will be getting hammered with spam. I am guessing other spam bots look for similar generic wordpress text.
September 29, 2006 at 10:04 pm
Great info, that’s a very complete list.
(My last comment -same as this- hasn’t been added?)
September 29, 2006 at 10:02 pm
Nice HowTO, that’s a great list, very complete. Congrats!
September 29, 2006 at 9:43 pm
good tips.
September 29, 2006 at 8:29 pm
Wait a minute:
Aren’t you going to deny access to ALL robots because they don’t send referrer? I would not do that.
September 29, 2006 at 6:54 pm
Revenue Magazine appears to use b2evolution for their blogs. That blogging tool has been known for very bad support for anti-spam plug-ins.
Now, about your toughts, I would like to comment those :
5) Deny Access to No Referrer Requests
I’ve already seen some visitors using privacy protection tools removing their browser’s referrer information, making it empty or modified. Preventing those people from commenting your blog appears to lead to block false positives.
4) Kill tor anonymous proxies
Using DNS BLs and so also leads to false positives. Hijacked computers are often used as anonymous proxies or identified as such. However, these computers also often use dynamic IP addresses, so the next Internet user having the same IP address a couple of days laters might be blocked. I encountered a false positive on a blog where the user was unable to post comments, while the user was previously known as for commenting my blog.
1) Rename your comment file
I haven’t seen any change in spamming load after renaming my comment file. Spammers came back in hours.
Don’t forget the .htaccess file is parsed for every file open by your web server. Once I had a .htaccess file full of anti-spam techniques (about 3.000 lines of spamming referrers and open proxy IPs), 80% of a page load was spent by the server to parse the .htaccess file…
September 29, 2006 at 3:05 pm
I’m running WordPress and have it set so that a user must be logged-in to post a comment. I’m getting spam comments from non-users. How can this happen?
September 29, 2006 at 2:40 pm
Hey Jeremy, can you share what kind of referral traffic you’re getting from Digg and Del.icio.us?
September 29, 2006 at 2:22 pm
Another front page Digg story already?! Congrats!
September 29, 2006 at 1:30 pm
visit my site for the best prices in prescription drugs
ha ha… just kidding, great article!
September 29, 2006 at 12:17 pm
you might want to reread the post
September 29, 2006 at 12:11 pm
renaming your comment/trackback scripts will also prevent a vast amount of blog spam..
September 29, 2006 at 12:07 pm
You forgot the most important (and easiest) way for eliminating (in my case) literally 100% of all spam I was getting.
(drumroll please)
Akismet
September 29, 2006 at 12:03 pm
Awesome. Just saw you made the Digg front page with this. The Shoemoney empire is growing!
September 29, 2006 at 12:00 pm
Before I had image verification on my blog, I had problems with spam. Akismet is good, but it’s not flawless, so certain spam would get through, likewise, certain legit comments would wind up in the Akismet blocked list. Since I didn’t want to go through the hassle of always having to go through hundreds of spam comments, I just added a verification plug-in.
Some of my handful of readers may not like it, but they cope, and I no longer have *any* spam. I turned off Akismet so it would stop with the false positives.
Robots can’t read images and it’s much less work on the admin end of things.
September 29, 2006 at 11:55 am
“5) Deny Access to No Referrer Requests”
I read this post via Mozilla Thunderbird and that certainly didn’t send a referrer. I guess I’m not welcome here when you wouldn’t want me to post. :p
September 29, 2006 at 11:54 am
On my blog the comments have a subject, I found that almost all spammers will put the same name as subject, so simply denying that prevents a great deal of spam.
September 29, 2006 at 11:54 am
You’re missing one, which is captchas… many websites as drupal enable you to do that.
September 29, 2006 at 11:53 am
Thanks for the list specially the .htaccess hacks.
September 29, 2006 at 11:46 am
I just have a field on my site that says “To combat comment spam, please enter the word ‘elbow’ in this field.” It works 100% of the time, and if someone automates it, I’ll just change the word.
September 29, 2006 at 11:38 am
This is much easier:
http://www.klmn.net/gunbuster/2005/10/26/blog-spam/
Requires changes to 2 files, no need to modify .htaccess either.
September 29, 2006 at 11:29 am
Just what I was looking for, thanks for the cool tips. Now if the spammers are reading this, I wonder, how long before they figure out ways around these tips.
September 29, 2006 at 11:19 am
The ‘No Referrer’ rule will kill people with ‘Privacy Control’ over the browser (ie norton)
September 29, 2006 at 11:14 am
I suggest you make sure you use the correct spelling of “you’re”, especially when you’re insulting someone else
September 29, 2006 at 11:10 am
I’d skip #3 since you’d end up kind of missing out on valuable trackbacks etc.
September 29, 2006 at 11:09 am
Hey thanks for the tips! Rewrite rules always trip me, but will try these out!
Posted this article at howtohut
September 29, 2006 at 11:06 am
I wonder if it’s helpful to think of #5 as a lightweight Turing test–a way to prove it’s a human and not a bot. That’s what captchas do, but at enormous cost and difficulty. I use a solution that’s probably midway between the two in terms of complexity: forced preview.
September 29, 2006 at 10:59 am
Why don’t you just use SpamKarma?
On my blog, it has approved 306 comments, rejected 20,826 spams and asked me only what should be done for 22 messages (which were really borderline and forced me to think about them) in more than one year. And I check my log: it has never sent a legitimate comment to hell.
September 29, 2006 at 10:09 am
Awesome tips Shoe! I’ve been using Akismet (which works great), but I am definintely going to try out a couple of these tips…
September 29, 2006 at 9:38 am
Hey Shoe,
Do you have any idea why sites like blogger.com make it so easy for comment spam to happen? Is there a good reason that they haven’t enacted such controls across the board over there? I mean I know it’s not just waving a hand and -poof- they can eliminate it all, but the impression I have is that more could be done. Any thoughts?
September 29, 2006 at 8:43 am
Thanks for the tips. When I start getting enough traffic and interest in my blog that people are leaving comments on my posts, I will certainly implement those tips.
September 29, 2006 at 7:51 am
Thanks for the advice. I am in the process of setting up a support blog and your post has come at the right time. Cheers!
September 29, 2006 at 7:40 am
thanks for the info., how do you get the inline digg button next to the article?
September 29, 2006 at 3:30 am
Nice post shoe! I just dugg this! Let the traffic flow!
September 29, 2006 at 2:18 am
Just a couple type-o’s… not sure if you care.
2nd word in the post should be “you’re”, not “your”.
2nd bullet under #3 should be “relevant”.
Please delete (don’t post) this comment.
September 29, 2006 at 1:50 am
Cool great tips!
September 29, 2006 at 12:52 am
Wow that’s a great list.
I never thought about the No Referrer thing for WP Spam! Thanks!
September 29, 2006 at 12:46 am
Thanks for the info ShoeMoney.
September 29, 2006 at 12:37 am
But you didn’t wear a condom last time we met up!