More on Spam Comments


Support for Spam Commenting

Spam is not to smile aboutSome people actually defend spam commenting!

 Why would anyone support spam commenting. There are only two reasons I can think of.

  1. The supporter is so desperate for attention they get a sense of satisfaction from receiving any comment, even if it is just pure spam. Possible I suppose.
  2. More likely the supporter of spam comments is a spammer. Obviously someone who spends their time generating spam, possibly even creating spambots and botnets, is not going to oppose spam comments. They want bloggers and web site owners to allow spam comments. That’s where they derive their income from.

Stop Spam Commenting

This is my opinion. Stop spam by any technical means possible. If that means preventing public (unregistered) commenting, critical moderation of comments, using CAPTCHA tools, feel free to do it (unless of course one wants to publish irrelevant spam comments on their articles).

Personally, I have no objection to signing in to one of my accounts, either WordPress.com, Facebook, Twitter, OpenID, creating a new account with the site, or filling in a CAPTCHA challenge – if I have something I think may be worth saying in a comment.

Connect with Facebook Twitter and WordPressIn a similar vein, I have no objection allowing Twitter or Facebook to connect my accounts with WordPress.com – if I did not trust WordPress.com I would not blog on this platform. I have come across the objection from someone who doesn’t see why they should use their Twitter or Facebook account to login in order to comment and thereby ‘letting me post articles to their account’ This is pure nonsense. Connecting with WordPress.com does not connect my blog with their profile. A statement saying ‘I do not want Joe Soap to post in my name’ simply indicates the remark comes from someone with little real world understanding of web things, suffers paranoid delusions, or who has possible ulterior motives – Freedom to Spam perhaps?

I have allowed the connection with WordPress.com to my Twitter accounts and Facebook – and I am yet to see any post to my wall, or a tweet from someone other than myself appearing as ‘coming from me’ or indeed in the timeline from anyone I do not follow on Twitter or a friend on Facebook. Maybe I will one day…

The idea that commenting using WordPress.com, Facebook or Twitter automatically allows someone to post or tweet using their identity is utter nonsense – unless it’s a malware app, in which case there are ways to deal with it. Internet security is always a concern. Exactly why spam should be blocked.

Use of CAPTCHA challenges

CAPTCHA is not foolproof – no method of controlling spam is. CAPTCHA challenges are intended to prevent the majority of automated spam bots from spamming contact forms and comment forms. That they are sometimes difficult to read and complete by people (human commentors) is undeniable, however these tools are just another result of the ubiquitous spammers. Spammers have created the need for measures to control their rubbish, the tools we have available did not create the spammers.

CAPTCHA challenges only work towards solving the spambot problem, not the human spammer’s efforts. They do however discourage human generated spam, by requiring the spammer to complete the challenge.

Remarks seen in the following vein – CAPTCHA challenges limit ‘accessibilty’ to content. Perhaps they do – however, I don’t see too many complaints about Facebook using CAPTCHA challenges when a LOGGED-IN user is sharing something on one of their OWN pages! With 800 or so million users, one would think such complaints would be pervasive if they were such a problem.

Yes, these challenges can be annoying; Don’t blame the site using them or the service providing them. Blame Spammers and anyone supporting spam for making the use of these things a nearly essential requirement for contact and comment forms where public access to the form is permitted.

Spam Filters

Paper filters for spamSpam Filter services like that used by WordPress.com – AKSIMET do a good job, but are also not foolproof. Yes, they sometimes flag genuine comments as spam, resulting in the comment being trashed. They also often class pingbacks as spam. Perhaps WordPress.com bloggers could ask WordPress.com to look into the possibility of creating a comment management category specifically for pingbacks, so these don’t get sent to the spam folder so often.  (That would be high on my list my most desired new features).

Aksimet is not the only service available for blogs and sites. On WordPress.com Aksimet is the one available. Self Hosted WordPress blogs and websites have a wider choice. I have seen statements that Aksimet is useless, and the commenter uses other better services – Not on WordPress.com (perhaps with an upgrade? but then specify this). From my experience Aksimet has done a good job, if it errs on the side of caution and some genuine comments get marked as spam, I would rather that happened than obvious spam not getting blocked.

Requiring e-mail address for guest commenting

Making an e-mail address compulsory in an effort to limit spam does not work well. Spammers will just add a plausible fake e-mail address. I have seen it done frequently.
Even where a 3rd party application, service or some web code is used to actively verify the mail address is genuine, the spammer can just create a whole lot of free e-mail addresses to use, so even verification does not solve the issue.

Moderation

The final weapon in the arsenal against spam is the moderation queue. Some bloggers may feel this is the best way to control spam, being totally under human control. Undeniably human moderation of spam comments is the most foolproof if the moderator takes the time to check back on any links contained in every comment. We do get to recognise obvious spam quickly.

However, how many of us have the time to read every otherwise unfiltered comment we get. The sheer number of bot generated spam comments makes this prohibitive for anyone who has other things to take care of, like work! Add to the bots the human generated spam. Not every spammer makes use of bots. There are numerous spammers who will do this manually. Moderation is indisputably the way to deal with human generated spam.

Malware spread by Spam

Malware bug from spamWe all know malware (Trojans, viruses, worms, phishing, adware) is spread by e-mail spam. Allowing spam from unverifiable sources to post comments on your website or blog exposes your visitors to the risk of malware. There is nothing to prevent a spammer posting a link to a page containing malware.

I would think that anyone concerned about privacy and security risks would consider this real risk paramount, instead of making statements to the effect that ‘spam is not bad‘! When you hear (or read) someone supporting spam in any form, ask yourself what is this person’s motivation. Try to find out more about them, If they have left  an e-mail address, try sending a test e-mail (but not from your main private or work address) – if it comes back ‘address not found’ be highly suspicious. If the supporter of spam has a personal or business website (and ONLY if you can check this safely) see what the site is about, or better yet use one of the reputable Internet Security software vendors site checking tools to find out if the site is a known source of malware. Here are a few links:

Related Spam Articles from this blog:

https://graphiclineweb.wordpress.com/2011/09/14/comment_spam/

Other Related Articles:

Why reCAPTCHAs Are Actually A Good Thing

Advertisements

About Mike

Web Developer and Techno-geek Saltwater fishing nut Blogger

Posted on September 30, 2011, in Facebook, Internet Security, Malware, Phishing, Spam, Virus, Trojans, Security Threats, WordPress and tagged , , , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: