I started getting a lot of blog spam a little while ago. I started using the automatic post moderation feature that sends posts into moderation if they contain too many links. This worked for a little while, though I still had to delete the posts from the moderation queue myself. Better that than getting false positives and never knowing it, I reasoned.
I started getting hit by blog spammers who included only one link in the body of the comment, or no links at all, and only used the ability to use a URL to make a link of the poster’s name to create links to whatever they were spamming. I of course was somewhat troubled by this, and after a while of deleting several a day I decided to change things.
I instituted a policy here at SOB where anyone that wanted to post a comment needed to register. Thus far, I haven’t gotten any blog spam at all, and the amount of discussion that my posts generate doesn’t seem particularly reduced by this. Of course, a problem here is that potential legitimate discussion that doesn’t happen is never noticed: I don’t know if someone refuses to comment due to the mandatory registration. I’m considering removing the necessity of an email address when someone registers, because I know that might be a barrier to casual commenting even when it isn’t spam, but I’m also hesitant to open the door even that much to spammers.
It was suggested by a reader known here as Alex that I should use Akismet and the WordPress Spam Image plugin, in his comments to my entry about requiring registration. I’ve looked at Akismet, and it appears to be a heuristic spam filter based on spam example blacklists, which if well-executed would be an excellent approach to the matter. I’ve chosen to eschew it for now, however, for reasons not easily articulated. Perhaps I’ll revisit this later. The Spam Image plugin looks easy to use and probably reasonably effective, though as long as I require registration I’m not sure it’s actually necessary. I’ll have to think about it.
Speaking of the Spam Image plugin, there’s something similar being used over at Chip’s Quips, another weblog I make an effort to follow. He always has interesting stuff to say, and has said quite a bit about blog spam. In particular, he seems disappointed with the performance of WordPress in blocking spam based on my own reports in comments to his weblog, but he probably shouldn’t be: I’ve done almost nothing about stemming the tide until I started requiring user registration to post comments, and I’ve done nothing since. I haven’t actually used any of the more advanced anti-spam technologies available to WordPress users, and thus really don’t have anything to say about them, positive or negative, except as a visitor who compares what he sees on others’ weblogs. What I see is this:
The image plugin being used to keep spammers out of Chip’s Quips is awful. Half the time, the characters you have to enter aren’t even legible to the visitor, let alone to a spambot. I tried to comment on this a couple times, and couldn’t get through the spam filtering to post the commentary, so I gave up. Sorry, Sterling: I’d rather have told you in a less public way than this, but I can’t get through. It’s like those child-proof caps that some manufacturers use that are so effective they even keep the adults out. This is the flip side of the “false positives” coin, and something I really would like to avoid: I don’t want to make it difficult for people to post legitimate commentary. I’m going to try to alert him to this post with a comment to one of his, but I don’t know if it will get through. I recommend checking out his posts on the matter of blog spam, in any case, which are basically all linked-to through this entry about ham, and jam, and spam.