Loose Comments Sink Ships

Take a look at this Akismet graph charting the precipitous rise in comment spam across the blogosphere over the past few months, and you’ll see one reason Subtraction.com has been recently besieged by similar problems. Whatever percentage comment spammers are finding in what many might consider a sisyphean activity, it appears to be enough incentive for them to persist, and persist, and persist still, and their commercial litter is everywhere.

I thought I had my comment spam problem more or less locked down late last year, when my friend Su from House of Pretty helped me install AutoBan for Movable Type. That managed to tamp down the flood of comment spam for a while, but as per the aforementioned Akismet graph, the Internet-wide volume of this crap has increased nontrivially in just the past three months.

Right: Spam-a-lot. Orange indicates comment spam caught by the Akismet anti-spamming service, a number which has increased dramatically in the past several months.
Akismet Comment Spam Graph

Keeping Out the Riff-Raff

So I’ve added a few more measures to my Movable Type installation: Akismet itself (not just for WordPress anymore!) and some client-side scripting trickery that, hopefully, will shut out most automated comment spam assaults.

These have been in place and active as of about twenty-four hours ago, and so far, the results have been positive, maybe too positive. Junk comments have been reduced to zero, which actually makes me a little nervous. Perhaps the measures are too restrictive, and legitimate comments aren’t getting through? If you find that’s the case, my apologies, and would you email me at the link embedded into my name at the bottom of this page? I want to make sure everyone gets their say.

The Spam Innovators’ Dilemma

This absurd war of attrition, in which comment spammers chip away at each new round of preventative measures that bloggers put into place, is wearying. It’s the last thing I want to be spending my free time on, and it nearly makes me wish I was running Subtraction.com on a hosted service along the lines of Blogger, Typepad or WordPress.com — can’t I pay someone else to make this their problem, instead of mine?

You’ve got to hand it to the spammers, though. Whatever one thinks of this insane S.E.O. game they’re playing with their conversational detritus, they’ve made serious commitments to playing it very well. That goes for all spammers, actually. I’m continually amazed by the sheer volume of ingenuity they bring to bear against new anti-junk measures; the innovations in spamming we’ve seen over the past four or five years are a marvel of human will. If we could just put some of that cleverness to work in the name of good, imagine the problems we’d solve.

  1. Akismet’s a very impressive web service – we’re using it in a couple of projects at the moment. Was it difficult to implement? I haven’t tried using it with Movable Type.

  2. No, it was dead easy to implement the Movable Type version of Akismet. Just upload the files, then go to the MT admin screen for the plug-in and enter your WordPress.com key. Starts working immediately. It’s a wonderful gift they’re giving to the blogging community.

  3. I might argue that part of the rise you’re observing in the graph is merely a rise in the rate of adoption of the Akismet service… more folks using their service equals more spam caught. No doubt its a great service, but has the amount of spam really increased?

  4. Yeah, I thought of that, which is why I said this graph is one of the reasons I’ve been seeing much more spam. It’s hard to say, without a much closer look at the data, whether it’s Akismet adoption or a general increase in spam volume. Is it really likely that Akismet has grown more popular than spam has increased over the past few months? Not to me, but I’d be willing to say it’s some combination of both.

  5. I was getting an unbelievable amount of comment spam at one point (up to 200 per day — many from online gambling sites, no doubt in part because I have posts about poker on my site). The management of it was unbearable. I finally set up Akismet, and most days I see no comment spam get through the wall. I’d say about two or three spam comments get through to my site each week — and I can live with that. Akismet really works well.

    And Akismet is definitely not just for WordPress. I used their API directly to implement the service into my Django-powered blog. In theory, you should be able to use it with any blogging system, even if there’s not already a canned plug-in for your platform of choice.

  6. It really is getting out of hand. What I am finding most frustrating is not comment spam, which is easy to take care of using some good plugins and a few minutes each day, but the mass onslaught of referral spam. It has taken my site stats program to its knees.

    To be honest, I don’t see why there isn’t a major uproar from the blogsphere about this rise in spam. If only we could harness the power of everyone checking their spam by building a xml file with lists of links marked as spam on their system. Then Google could crawl the spam.xml file, run some stats to see if everyone agrees, then spammers wouldn’t have their day. The rel=”nofollow” isn’t enough for some reason. We need a rel=”spam” as a more stringent vote.

  7. Akismet is a great service! Occasionally a few comments will be marked as spam, more so in the beginning. Give it a few weeks to a month. I doubt you will see any valid comments getting caught. It is working great for all the blogs at work.

    I am glad to hear that they have a plugin available for MT.

  8. One thing I think a lot of people forget, too, is the expense of comment spam on our servers. While Akismet does work quite well, every comment spam submitted to my site still requires my server to process it, send it off to Akismet so they can process it, them to send back a response as to whether or not it’s spam, and then my server to delete or unapprove the comment when it is spam.

    In other words — we might be finally getting good at blocking this stuff, but we’re still paying for it in programming time, server processing power, bandwidth, and site performance.

    Like I said earlier: I’m thrilled with Akismet. But don’t take that to mean this is any less of a problem. It’s not. This stuff still sucks — bad.

  9. The #1 best technique I’ve tried that reduced the amount of comment spam that I have to deal with to basically zero is to use a Javascript function to write the opening comment form tag into the page. I then changed the name of the comment form script to something not easily guessable.

    The trick is to have the function in a separate file sourced into the page so that spiders searching for the script name in your source don’t work.

    The downside is that this isn’t really the most accessible solution, but it actually works and it doesn’t require more effort on my part to maintain comments on the site.

  10. I had a similar mt spam tidal wave (I was getting so much comment spam that mysql was freezing up on the server…)a solution that has worked really well for me with almost 100% accuracy.

    1. keystrokes which tries to check if acutal keystrokes are being entered.

    2. spam firewall which appears to be catching lots of the more obvious spam.

    3. Akismet

    The only minor issue I have is a brief lag between post and the appearance of the comment (spamfw issue).. Otherwise, so far so good. I’ve even turned off comment moderation.

  11. I’ve also had very good luck with my Askimet-SpamLookup combination on Movable Type, and check my spam lots every week to make sure nothing accidentally gets caught. (NB. There are two version of Askimet for MT; I’ve found the unofficial version by Stephan Riha performs much better.)

  12. Spam sucks, but the creavity that goes into it is quite amusing. One wonders how successful spammers would be in advertising, as QVC sales people, or even as auctioneers.

  13. oh thank so much for this! i thought that akismet was only for WP. i’ve had a lot of problems with comment spam as well and installed a CAPTCHA (which i wasn’t keen on doing but did anyway) and even that doesn’t stop the buggers from getting through. getting rid of comment spam is a lot like trying to rid my apartment of dust. it’s a never-ending battle.

  14. Thanks for the comments about Akismet, everybody. 🙂

    As for the adoption of Akismet on the graph, it’s well tracked by the little blue line at the bottom. I would love for us to be growing as fast as the orange, but the amount of spam per blog has gone through the roof. You’d hope they have the good sense to realize they’re effectively DoSing blogs.

  15. We used some of the techniques above and at least in the first day had great success… Spam went from 20 or 30 a day that slipped through the filter (with hundreds caught and delivered into the junk spam pile) to zero with no false positives. Also because some of the techniques prevent the spambot from getting to the comment script our server load went way down. We might even turn off comment moderation… although the thought is almost too liberating…Feels scary stepping outside unprotected like that.

  16. Can’t we just pass a death penalty for auto-spammers? This way when someone considers doing that, they will have to also consider how much they value their lives. That will cause a serious drop in spamming.

  17. My own place is down due to this very reason. How do these fancy, techniques compare to the simple method I’ve seen in which commenters, must answer a custom question (What is 3+1?) Seems like that one is, hassle-free and spambot-proof, no?

Thank you! Your remarks have been sent to Khoi.