Comment Spam Improvements Needed

There’s no ‘One size fits all’ method to fighting comment spam, alas. What works for one site may not work for all.

There should be a flag to remove the “URL” field from the comment form

You can do that with CSS. Just hide it.

immediately block any comment that comes in with anything in that [URL] field (which would be code accessing)

This I don’t know about, but I’ve heard https://wordpress-plugins.feifei.us/hashcash/ can help with that, since bots don’t have JS generally… That may also help your Step #2…

Finally, comments should default to “never approved”.

While this would KILL me (I have a bug up my *** about making it harder for REAL people to comment), you can do this one by changing “Before a comment appears” and check An administrator must always approve the comment. Done. Now all comments default to never approve. (See https://codex.www.ads-software.com/Combating_Comment_Spam#Moderate_All_Comments for more)

IPstenu, I think you miss part of my points.

The comments should default to “never appoved” as part of the default install package. It doesn’t mean you can’t click on it and disable it for your blog, but rather that this setting would make it harder for spammers to take advantage of blogs that are no maintained or are installed by people who don’t understand the implications of an open comment system. Right now, the defaults make the system too open, which is terrible.

Step 1 and 2 together. It should be an easy option in the discussion settings to say “no URL field on comment form”, and also not to accept comments with anything in the URL field (which is normally sent by bots directly accessing WP comment posting routines). That way not only would you be removing it (by choice) for those people using your comment form, but it would also take care of the vast majority of comment spammers, who are using that very field as their spam methods of choice.

It isn’t about making it the only choice, but rather making it a key part of anti-comment spam techniques on wordpress. At this point, Google appear to be very close to treating any wordpress install as spam or lower grade content, which would significantly lower the value of wordpress as a blog or CMS. Comment spam is the issue that will very likely take wordpress down. Addressing it is key.

I get your points, I don’t agree with them personally ?? There’s a difference ??

At this point, Google appear to be very close to treating any wordpress install as spam or lower grade content, which would significantly lower the value of wordpress as a blog or CMS.

Cite your source. I’ve never heard jack about any of that being WordPress specific (I have heard rumor about spam being punted, but I’ve been hearing that since ’05 – YMMV).

The Google issue is rumblings, including some comments made indirectly by a privare source inside the complex. Their new algo (recent this week) has changed the way much of the comment and link spam is looked at. Things are shifting. While they don’t mention product names specifically, they do look at widely used products and try to address weakenesses in the products that can lead to pollution of the Google SERPs.

Comment spamming is efficient enough (even with no follow tags) that people continue to do it, and the volume appears to be increasing. Google is very aware of the issue, I have been told. I am sorry that I can’t say more than that.

In answer to your question, you can read a little bit here:

https://googleblog.blogspot.com/2011/01/google-search-and-search-engine-spam.html

While it doesn’t mention wordpress specifically, the “low quality sites” are often the sites that spam wordpress comments. One of the ways to spot these sites is to discount wordpress sites overall, and wordpress comments in particular.

As “pure webspam” has decreased over time, attention has shifted instead to “content farms,” which are sites with shallow or low-quality content. In 2010, we launched two major algorithmic changes focused on low-quality sites. Nonetheless, we hear the feedback from the web loud and clear: people are asking for even stronger action on content farms and sites that consist primarily of spammy or low-quality content.

That sounds, to me, more like it’s aimed at SPLOGS versus spam comments, but it’s hard to say. Thank you for the link.

There’s dozens of plugins to help with comment spam.

For example, the excellent Cookies for Comments plugin implements your “Step 2” suggestion, but in a better way. I use it on all my sites.

Regardless, I don’t think that making it default to harder to comment and use a WordPress site is the right way to go. Better promotion of anti-spam tools would likely help, but spam fighting isn’t something we should put into core.

For reference, I also use Simple Trackback Validation and Akismet.

The combination of these three allows me to keep comments wide open, and block 99.99% of spam.

Otto, I agree there are some interesting tools out there. My concern though is that the default settings on wordpress appear to make the product “open” by nature, which is what the spammers take advantage of. You only have to read some of the installation problems people have to understand that many of the users of the WP product are not technically inclined, and wouldn’t have much consideration about spam in their comments until long after their blogs have become infested with spam. That of course relies on them actually checking, we both know they are plenty of blogs running without supervision.

So my point only is that while WP is an “open” product, isn’t it wiser to do things that by default block the most obvious and most annoying spam methods used, and make it simpler for the newbie or non-technical person to use and enjoy WP, while still giving power users like yourself the options you are looking for?

Trackback spam isn’t the big issue. It’s more like:

Author : Fishing Umbrella (IP: 174.140.170.218 , 174-140-160-218.in-addr-arpa) E-mail : [email protected]
URL : https://www.fishingumbrella.org
Whois : https://ws.arin.net/cgi-bin/whois.pl?queryinput=174.140.170.218
Comment:
*:I am really thankful to this topic because it really gives useful information .'

It appears to be a totally valid comment, except that what they are doing is setting their name to their SEO keywords and the URL to the target. While this link may be “no-follow”, there is still enough there that these spammers want to do it. This single individual submitted over 100 spam messages to me yesterday alone via an automated system and many different proxies and the like. Neither askimet or trackback validation would be able to handle this case at all.

Better education is important, but making WordPress safer out of the box is key.

gotta thank @otto for the cookies for comments plugin…

I just went from 50+ spam comments a day to deal with, to absolutely none sice I installed the plugin, 10 minutes after reading that suggestion. Very cool!

I want to add this to the discussion:

https://hellomotow.net/backlinks/

This guy basically is comment spamming for a living. Doesn’t that start to ring some bells somewhere in wordpress world HQ?

So my point only is that while WP is an “open” product, isn’t it wiser to do things that by default block the most obvious and most annoying spam methods used, and make it simpler for the newbie or non-technical person to use and enjoy WP, while still giving power users like yourself the options you are looking for?

No. And the reason that it doesn’t make sense is because if you start to block some spam by default, then they’ll simply invent a better spammer.

The only method that would make any sort of sense is to default comments to off, period. And I’m not willing to say that that is a good idea. Any half-measure before that will simply make spammers adjust their tactics to bypass whatever changes we make to core to block them.