Tuesday, January 15th 2013
Anyone who takes up blogging seriously soon discovers one of the plagues of the blogosphere, comment spam.
I imagine that we bloggers all like comments – genuine comments, that is – because they show that people are reading our blogs and finding them interesting enough that they wish to participate by expressing views of their own. A complimentary comment is encouraging and gives a pleasing boost to one’s ego but even criticisms, as long as they are valid and are expressed with a modicum of courtesy, are useful as they may proffer useful corrections and help us avoid inaccuracies or bias.
Unfortunately, the mechanism that makes good comments possible also opens the door to abuse of the system. Spammers quickly saw how they could subvert commenting and use it for their own ends. Thus they invented what is generally known as “comment spam”.
Anyone with an email account will be familiar with the email version of spam. Email spam came first and it was natural that the word “spam” be used for attempts to abuse the blog comment system. There is, however, a fundamental difference between email spam and comment spam. You will find this difference nicely set out on the Akismet Web site on their How it works page. Briefly, while the email spam in your inbox is addressed to you and seeks to manipulate you into falling for some piece of fraud or buy some probably counterfeit product, the spam in the comment section of your blog is addressed, not to you, but to your readers. It is disguised to look like a genuine comment but its intention is to advertise a product or a site or to tempt your readers into clicking on a link. Unlike email spam which is designed to grab your attention, comment spam tries to escape your (the blogger’s) notice. This means that it is sometimes difficult to distinguish between genuine comments and spam.
Those of us who use the WordPress platform are fortunate in enjoying the protection of the Akismet anti-spam system. Of course, no anti-spam system is completely successful (complete success meaning that all spams are caught and no genuine emails or comments are misdiagnosed as spam), partly because automatic systems, despite the decades of research that has gone into them, cannot match the subtlety of human spammers who actively work to fool them. Akismet, however, does a pretty good job, partly because it does not rely solely on automatic methods but adds human intelligence and experience to the mix. I rarely find a genuine comment that has been trapped by Akisment, though this can happen. It is a reminder that, tedious as the chore may be, we must ourselves monitor all spam (email and comment) and not simply hand control to the machine. Otherwise we will lose genuine emails and comments.
In the past, the majority of comment spams have been easy to detect and trap. This is because the “comment” is usually vague and indirect without referring specifically to the post (because whoever wrote it is trying to make it fit all possible posts) or obviously fraudulent (long lists of porn sites, for example). Such comments are repeated in their hundreds across the blogosphere and are therefore easy to recognize and filter out. This doesn’t worry the spammers unduly because they are not sitting at the keyboard adding comments to individual blogs: they are using “bots”, machines that roam the Web looking for blogs and attaching comments to them. They saturate the blogosphere with comments and if only a few get through, then they are satisfied.
If stock comments placed by bots are easily recognized and blocked, what do you, as a spammer, try next? Well, one way is to read the blog post and to make an appropriate comment. There’s a good chance that Akismet will accept it and the blogger will even welcome it as a genuine comment. The “payload” will be the URL entered by the spammer when signing in to write the comment or the URL or URLs helpfully included in the text. People do click on these, and if the comments are spam, they will be taken to the spammers’ Web sites and, in that case, the least that will happen is that the reader will be subjected to advertising. Worse, the site may infect his or her computer with a virus or trojan.
But what spammer in his right mind is going to spend hours visiting blogs and thinking up comments for them? None, of course. They contract out this work to others. How do they persuade these minions to do their bidding? Do they pay them or coerce them? I have no idea and, to tell you the truth, I don’t much care. I note the fact that this is occurring and that it is a way of passing spam comments under the radar, so to speak.
I had an interesting case to deal with only this evening. A new comment was attached to my post Researching Myddelton Hall. The comment was long, and you might at first sight have thought it was a learned disquisition on Myddelton Hall, a welcome addition to the set of comments already present. Well, you could have thought that if, unlike me, you had done no research on Myddelton Hall and didn’t therefore recognize that the “comment” was in fact text lifted verbatim from a Web site on theatre history. I deleted the comment and emailed the person who had left it, explaining why I had deleted it. Guess what happened next? Yep, the message bounced. The address was either false or had been discontinued – the final proof that the intention of the comment was fraudulent.
I have already written on this topic (see Comment spam: delete or keep?) and in that post, I suggested that there were some comments that, though animated by an ulterior motive, might still be valid and should perhaps be allowed to remain. Though the logic of the argument hasn’t changed, my attitude has hardened. I think that any comment that that has an intention other than that of adding a personal message to the blog post should be deleted. It is a matter of principle. You can always email the author and explain why you have deleted the comment, giving him or her the opportunity to reply and defend the comment. If your message bounces, this will confirm your suspicion that the comment is fraudulent.
Blog platforms often provide facilities for filtering comments. Some bloggers hold all comments for moderation, that is, they allow the comment to appear only when they have vetted it. I am not in favour of this. For one thing, I find it is a disincentive to leaving a comment. I feel I am being challenged and being considered guilty until proven innocent. I suspect this loses quite a few comments. Another filter system is Captcha: this requires you to copy a word or number into a box and is supposed to prove that you are a human and not a bot. I abhor these too, and often don’t leave comments on blogs that use this system because it is often difficult to read the Captcha phrase and I might have to make several attempts at it. This filter also makes me guilty until I prove my innocence and I resent it.
On a blog that habitually receives tens or hundreds of comments on each post, I can understand why the blogger might be tempted to use such filters but I think it pointless if you generally receive less than a dozen comments as it is perfectly easy to monitor these as they come in. All comments to my blog are echoed to my email on the PC, to my iPod and to the email on my Blackberry. I can use any of these delete an inappropriate post minutes after it arrives. I don’t feel the need to irritate my readers by hitting them with moderation or the Captcha system.
The bottom line, however, is encapsulated in the title. Yes, spammers think we are stupid. They think we will be deceived by their blandishments and that we cannot see past their puerile attempts to disguise their comments as genuine. Somehow, I don’t think we are the stupid ones.
Copyright © 2013 SilverTiger, http://tigergrowl.wordpress.com, All rights reserved.
It’s a difficult issue. I had to enable moderation because a few really offensive spam comments got through (once while I was asleep and once while I had only occasional internet access). I can cope with the odd link to fake designer whatever appearing for a day, but when it comes with nasty, homophobic remarks that’s too much. (I think they got through the filter through being in French. Goodness knows what some of the Russian spam comments might say…)
I think comments on an English language blog should be in English. I think I would systematically delete comments in other languages.
If you do not have regular access to your blog, I can see how that might be a problem. Maybe this is an example of what I mentioned: a criticism helping me to avoid bias!
I like that Akismet lets you hover your mouse over the source website for the potential spam and see the page without actually going to it. This helps weed out spam, too. My WordPress blog tends to attract a lot of Spanish spam for some reason. However, Chinese spam was the bane of my Blogger blog.
It’s the luck of the draw: once your address is picked up, it goes into spammers’ lists and gets passed around. Quite often, one particular post, usually an older one, will suffer this treatment and be bombarded with spam comments.
By closing comments on articles over 90 days old, I have blocked most of the comment spam on my blog. Akismet takes care of most of the rest and only a very small number make it through. Because notifications of comments come to my Blackberry wherever I am, I can quickly delete inappropriate comments.
Because of this, I see no point in switching on moderation. It isn’t worth the trouble.
Akismet works well for me, and I agree with you about the Captcha system, but what I cannot understand is why are some spams just several lines of strange symbols. Any ideas ‘Tiger’ ?
I haven’t met that so I don’t know for sure what the reason might be. One suggestion springs to mind, however.
Spam messages are copied over and over and often become corrupted. It could be that the text of the messages you mention has become so corrupted that they don’t render even approximately. This is all the more likely if the message was in a non-Roman alphabet, such as Greek, Russian or Chinese, to start with.
spam is annoying. WP does a pretty good job catching it. And I like I can preview the commenter’s blog/website by hovering. I do have “new”/unknown commenters held for moderation/screening – catch a lot of junk and ugly links I do not wish to provide to anyone who reads….sometimes I edit out the links if I allow a questionable commenter. So far it works – I check for comments fairly quickly so none are in limbo for long – and I check the spam file since sometimes WP tosses people in there.
Sadly if it isn’t in English, it won’t be accepted.
Interesting post
My dislike of “Comment held for moderation” is a personal one and I wouldn’t oppose it as a general principle. Each blogger has to judge what is best for his or her particular circumstances though I do think some bloggers are over-zealous in this regard.
I am interested in the solution of leaving the comment while erasing the URL as this is an idea I have toyed with myself.