Neil Turner's Blog

Blogging about technology and randomness since 2002

Spam Hammering

Having spoken to others bloggers about this it appears I’m not alone in receiving a huge increase in comment spam lately. The majority of it starts with phrases like “Hello, nice site this” and “Can I share some resources with you?” followed by a big list of URLs for ringtones sites (many of which pointing to hijacked wikis and forums). Thus far they’ve all been blocked, thanks to my various anti-spam plugins, but they’ve still made it into my database and require checking every once in a while just in case a legitimate email has inadvertently slipped in there – it hasn’t happened in a long time but I still like to check first. Considering I’m now getting about 100 spams a day, this often proves to be somewhat labourious.

I recently turned off trackback, which is something that no-one seems to miss so it’ll stay off for the time being. I’ve been getting almost nothing but spam from it lately so I saw no reason to keep it on – I was getting about 1 legitimate ping for every 99 spam pings, which is just not worth it.

Unfortunately, since people are commenting here less, that figure is also applying to comments. Lately I’ve been barely pushing 2 legitimate comments a day, and still getting about 100 spams. By rights I should really be disabling comments too with those sorts of statistics but people are at least commenting, from time to time. It probably doesn’t help that I haven’t really said a lot of late so people haven’t had a lot to comment on.

I’m going to upgrade to Movable Type 3.31 later on this weekend so we’ll see what effect that has, if any.


  1. I’m getting the same spam in WP – fortunately Akismet picks it all up!

  2. If you dynamicly generate a random code each time a comment form is displayed, and check for the correct random code when it’s submitted, you can easily avoid spam from bots. Ideally you’d have the random code printed using javascript in a hidden input since most browsers support javascript but most bots don’t.
    That should also lower server load since most spam will then fail on the first check rather than go through Blacklist and Bayesian checking.

  3. Was it you that said you hated those little image plugins cause they were hard to read? I can’t remember .. but I tell you what, they make an unbelievable difference. I’ve almost forgotten what it’s like to get comment spam, it’s been that effective. The one I use was just a simple little MT plugin and generates quite readable numbers. Of course anyone with images turned off or who is blind will have trouble, but I provide an email link if they’re having trouble. One of the blogger type sites now lets you hover over the pic to have it read it out as a wav file, that’s pretty nifty too heh

  4. We’re also getting very similar spam to our technical support helpdesk’s “Knowledgebase Comment” system 🙁
    One non-image, non-javascript way to block this could be to have PHP etc generate a randomish line such as:
    “To comment, please include the word ALPHA in the box labelled BRAVO”
    “Thanks for your comment, in the box BRAVO enter the word ALPHA for your comment to be accepted”
    Have a bank of 30 odd variants of the “please enter text A into text B” and it should stop “auto-parsers” from being able to identify which word to insert into which box.

  5. kazza: It will have been me, yes. Those CAPTCHAs are actually quite easy to break with software, apparently, and there’s the accessibility issue of people not being able to see the text in the image.

  6. You could always make it intelligent and get people to enter their favourite sausage, but that might cause a lot of americans trouble with entering data – after all, Patties and Links are not type of sausages!!!!!
    Oh – and does anyone use trackbacks anymore? I turned them off due to spam a while back too but comments are still love worthy.