Steve Taylor photo

A new breed of spam

In the past few weeks, this site has seen a drastic increase of comment spam.

Well, there’s always a lot of spam, most of which gets filtered well by Akismet. However, this recent round is insidious. In fact, it successfully blurs the line between spam and legitimate comments.

Here’s the characteristics I’ve noticed:

  1. It’s targetted at WordPress development blogs.
  2. It’s almost certainly posted by humans, not bots.
  3. Usually there is a semi-intelligent reference to the post in question. Sometimes you can see that a quotation from the post’s content may have been automated (or semi-automated), but sometimes it seems there must have been some human input. There may be all sorts of smart scripting going on here—e.g. pulling out names of previous commenters to make it seem like there’s a “conversation” going on. But knowing that incredibly cheap human labour is out there for this sort of thing makes it hard to know the real source.
  4. The comment author’s URL is almost always some blatantly commercial site. Sometimes it’s a WordPress-driven site, sometimes not.
  5. Sometimes there’s a spam link to the site in the comment body, but usually included in a legitimate-looking way, e.g. some webmaster “signature”.
  6. The content is designed to induce approval from the blogger, e.g. it’s very flattering, or sycophantically asking for help.

As you can see, most of these points indicate a severely hazy distinction between legit comments and spam.

The thing is, even if a comment is posted by a human, an actual webmaster of an actual WordPress-driven site, I think it can still be spam. I guess you’d call it Grey Hat comment spam. WP developers getting links for their clients on WP developer blogs.

I’m strongly in favour of the open and reciprocal nature of the web; I’m even more strongly against any form of spam. These two attitudes do not sit well together!

So, while I am genuinely happy to give link juice to other developers whose engagement with the WP world brings them to my blog, I’m starting to err on the side of my anti-spam nature. Here’s where I’m heading:

  1. I’ve removed the URL field from my comment form.
  2. I’ll spam any comment with a link to a commercial site.
  3. When the comment isn’t really saying anything useful, I’ll err on the side of spamming it.

I apologize to any legitimate commenters who fall foul of this.

Everyone else, watch this:

And yes, I realize that the current economic climate means that the “Grey” area of marketing encroaches ever closer on what used to be considered “Black”. But in the end this is no excuse. It just exposes the problems with our economy, whether it’s going up or down. The spam mentality is a symptom of a sick business culture that is less and less based on providing good services.

So, while I acknowledge that if burglary and theft may rise in tough times, an increase in Grey Hat spam is hardly shocking, I’m still no more tolerant of it. Stop wasting time and generate some genuine value.

UPDATE 4/5/11: I’ve decided to reinstate the URL field on the comment form. I want to give genuine commenters link juice, and they’re the only ones that will get approved—plus, seeing the URL entered usually helps determine if the comment is spam or not.

UPDATE 30/4/11: Yet another new tactic, which I sensed the approach of. I’ve removed the URL field, so I get some comments that seem innocuous—thanks, or simple questions, with no spam links and a normal-seeming email. I approve it. Then, because I allow comments to be approved straight away if I’ve already approved one from that email, they post again, quickly, with a spam link in the comment. Solution: all comments now require approval, and I’m spamming most comments that don’t actually contribute to the conversation. Message to the spammers: you will never win, you’re just wasting your life. Shame…

8 comments

  1. Adal avatar Adal

    Hey Steve,

    I’m sorry you’re getting hit by so much SPAM. I’ve found the Ajax Force Comment Preview plugin to work amazingly well in case you are interested.

    I love reading your stuff, keep it up!

  2. Hey Adal, unfortunately this spam is pretty clearly human-created, so there’s no automated measures to combat it I’m afraid.

    Nice to get a real comment though! :)

  3. WhistleBlower avatar WhistleBlower

    Hi Steve – this is where your “spam” is coming from: actuallyrank dot com. So yes it’s all humans, but they’re just writing something they think will get through the spam filters so they can get a link. Is the service itself spam? No – they just point out places to the members where they can comment. Can it be used for spam? Most certainly. Can it be used for useful commenting? Yes, it can, but probably won’t. Removing the URL field will help, but they will try to leave a url in the comment field. Just FYI.

  4. Thanks Whistleblower. Yes, they’re leaving URLs in the comment, of course, but this makes it much easier for me to spot the spam, reducing the time I spend in the day dealing with this crud :)

  5. Paul avatar Paul

    “I’ll spam any comment with a link to a commercial site.”

    Erm… isn’t this a commercial site – promoting yourself as a freelance WordPress developer?

    There’s nothing evil about having a ‘commercial’ site, and putting it a comment URL field.

  6. Paul, some clarification. By “commercial site” I mean some crummy debt reduction, lawn care, or relationship advice site, the owners of which have obviously paid some cash to some sleazy grey-hat comment-spamming service that involves people sat there all day putting believable-sounding comments onto blogs just to get the URL they enter linked to the client site.

    HTH.

  7. Tom avatar Tom

    Hi Steve,
    Spam these days is going crazy with so many spam bots… but bots are usually used for crappy website/blog commenting where bot owner’s goal is quantity over quality when we talk about backlinks.

    However your website has a high g00gle PR of 4 and is dofollow, which brings it in category valuable blogs. Only stupid people comment on such websites using bots, as 99% of the cases their comment will not be approved.

    Do you know how I found your blog? I was looking for blogs that allow commenting, have high PR and are dofollow… ooo yes and have .co.uk in their domain. So I just made this command in G00gle:
    comment “powered by wordpress” -comments-are-closed site:.co.uk

    Then addjusted G00gle to show not 10, but 100 results. After that I activated Mozilla’s plugin – SeoQuake. It shows the PR of every result page and you can arrange those 100 results to start from the ones with high PR… and your website appeared first :)

    You may be asking why do I need a back link from your site… well, it’s called link juice. It helps my website climb higher in search results.

    I hate black hat and act mostly white hat, and this way I could make my other website hit G00gle co.uk #1 position for very competitive niche, 4 months after being created and having less than 100 backlinks.

    So, you know I could leave my link in “website” filed, but I don’t want to make it without your permission. So, if you want to give me a credit for being honest with you, please let me leave my website here in comment box… if not – delete it.

    Thank you!
    Tom

  8. Tom, thanks for all that fascinating information. I removed your link for “recliner chairs”.

    Twat.

Comments are closed.