Battling Comment Spam — Moderating Comments

  • Sumo

Battling Comment SpamIn our past two posts we’ve looked at what comment spam is and how we can minimize it. Now comes the hard part — individually looking at the comments that make it past our defenses and deciding what to do with them.

Detecting Spam — Moderation Queue

If you’ve got Akismet or some other spam filter set up then you will have some potential spam comments in your moderation queue to deal with.  Most of the blatant spam comments you’ll recognize and you can just skip over them.  Once we’ve moderated the tricky ones then we’ll just delete everything left in the queue.

However, recognizing Sneaky spam takes a bit of learning.  If you have only one blog then you’ll be less likely to see the work of spambots as they hit each of your blogs with the exact same comment.  But over time you’ll see patterns that help you to recognize that a comment is likely spam.


First of all, check out who it is coming from.  Is the name a keyword or a real name (or at least a nickname like LoneWolf)?  If there isn’t a real name then that is a flag — not necessarily proof mind you.

URL and Email

Next, look at the URL that they entered and the email address.  Do they match?  Do they make sense?  If not, there’s another flag.  Keep in mind that many users set up throw away email addresses to reduce email spam so you may still have a legitimate comment even though the email looks strange.


Another flag that indicates possible spam is the lack of a Gravatar.  Spammers rarely have them but keep in mind that the lack of one does not prove that the comment is spam.  It is just another clue.


Ultimately, you have to look at the content of the comment itself.  Does it relate to the post?  Does it add value to the conversation?  Many spam comments are very generic and usually complimentary (although I’ve seen those that issue a generic challenge).  You’ll see things like “Great post!” or “You write very well.  Are you a professional?” While it is possible that these are legitimate comments (they usually aren’t), they don’t really add to the conversation.  They do feel good though — if they’re from a real person who wrote them sincerely.

Spammers are becoming more creative, and have taken to using quotations from blogs and/or comments to create the comments that they send.  They also have comments that are related to keywords and target blogs that mention them.  This makes it a little more tricky to catch the spam.

One tool that I use is Google.  If I have a comment that I’m not sure about, I’ll cut and paste it into Google search with double quotes around it to look for exact matches.  You’ll be surprised to see the exact same comment appear in dozens or even hundreds of search results.

But even then, the spammers are getting smarter.  Just yesterday I got the following comment on one of my blogs.

I can’t understand how to add your blog to my rss reader. some recomendations are appreciated I really want to see your articles.

It seemed like a reasonable request for help, but I checked it in Google just to be sure.  No matches!  Well, let’s help this person out.  I send them an email with a link to an RSS tutorial.  Guess what!  No such email address existed.  So I did another search, this time with only the first sentence.  Bingo!  Ding! Ding! Ding!  We have a winner!  Dozens of matches — each with a slightly different wording of the second sentence.

Ultimately, you are going to have to decide whether a comment is useful for the conversation on your blog.  You may sometimes block a legitimate user’s comment, but that is rare and they should have made a better comment in the first place.

Spammer Databases

There are many people out there who are dedicated to battling spam in many forms. One group that I’ve found helpful is Stop Forum Spam. This group has set up a database of known spammers that you can check to see if the name, email address or IP address matches a known spammer.

This group was formed to deal with people who sign up to forums in order to spam them and I discovered them when looking at the signups for my Drupal based site (Master It). I decided to test the spam comment that I mentioned above and found that the IP address was a match in their database. So, this may be a good resource for bloggers to use as well. They do have an API for checking and reporting spammers, so I can imagine a plugin at some point.

Detecting Spam — The Rest

Now that you’ve dealt with the moderation queue, you still need to look at the comments that made it through the filters and plugins (unless you’re moderating everything — you’re not do that are you?)  But this should be fun.  This is where you’re seeing actual conversations.  There should be very little spam that made it this far, if any.

So read the comments, respond and enjoy.  This is a big part of why we blog in the first place.

Reporting Spam

There is one last thing to consider before we leave this topic.  Tools like Akismet and Stop Forum Spam will only work if we all report the spam we receive.  They use existing spam to be able to detect future spam, so make sure that you report the spam and spammers using the tools that you set up for your blog.  We’ll all have less spam to deal with in the long run.


So that leaves us with just one thing left … your comments!  What do you use to help battle comment spam?  What is the most creative spam that you’ve ever seen on your blog?  Share your thoughts below.


While this was intended to be the last post in this series, an ironic twist presented itself and I couldn’t pass up the opportunity for another post.  See Battling Comment Spam — A Real Life Example.

[stextbox id=”custom” mleft=”20px” mtop=”20px”]This post was part of a series originally posted at my blog Ramblings. I feel that this series  is a good fit for LMA so I’ve reposted them here.[/stextbox]

Female Warrior 2 image by EdwinP at stock.xchng

Related Posts:

  • No Related Posts


Battling Comment Spam — Moderating Comments — 14 Comments

  1. I recently tested Growmap on several of my blogs. It works really well except that some bots have figured out how to get through it. If you don’t have moderation on or some other spam filter (like Akismet) to catch them then you’ll have those posts going live to your site and you’ll have to spam them manually.

    The problem is that anyone who is subscribed to the comments will get an email about the comment.

    I don’t like moderating myself and I don’t want these comments going live, so I’ve gone back to Anti-captcha. The drawback with Anti-captcha is that everything gets marked as spam rather than just being bounced, so now I have to moderate the spam queue 8=(

    I’ve been thinking of breaking out the mad programming skills and hacking the plugin to just junk the stuff like Growmap does.
    Bill (LoneWolf) Nickerson recently posted…Battling Comment Spam — Moderating CommentsMy Profile

  2. I use my lack of patience to help fight comment spam.

    If it looks even remotely like it’s spam, I just delete it and move on. I suppose I might target a few real comments unfairly, but if there’s no gravatar, the comment is questionable and the website it links to looks even remotely iffy, I figure the odds are in my favour.

    It sounds like you’ve got much more patience than me. I would have sent that RSS reader example you’ve got straight to the spam bin without a second look 🙂
    John Lenaghan recently posted…Is That Email Really Spam?My Profile

    • I have become far less patient myself. When I’m moderating the spam queues I’m even less patient now. Somedays I don’t even bother to moderate and it all goes to trash.

      The RSS example was one that caught my eye simply because I was writing this series of articles at the time. It struck me as quite funny at the time.

      I’ve actually found a solution that has helped keep the amount of robospam under control… watch for a post on that soon!
      Bill (LoneWolf) Nickerson recently posted…Integrity Marketing – Don’t Spam Your MomMy Profile

  3. Comment spam is a real pain for me. I have a larger site with some 50,000 pages and 3 wordpress installs and have to trawl each one. However, last night I removed the “comments.php”, replacing it with a simple line stating “All comments have been removed and sites reported to Google for spamming”. Even though I had deleted all the comments some 3 months ago (100,000 in total) and closed all comments, spammers had used trackbacks to get more comments, so removal of the comments script altogether was the final option. The thing is, none of the comments were really worth saving and most looked irrelevant like theyb had been created by bots.
    Richard recently posted…Upgrading Memory in Macbook Pro 2008 UnibodyMy Profile

    • Hi Richard

      It sure would be nice if there was a way to report the spammers to the search engines. But as you know, the black hat guys would just use that against legitimate sites 8=(

      Your site is a very impressive one. You’ve put a lot of effort into it and it shows!

      I’ve taken one of the anti spam plugins for WP called Anti-Captcha and modified it for my sites. I’m still testing it to see how it’s working, but it does eliminate the bulk of the robospam so far while still allowing the human comments through (some of which are still spam, but there are far fewer). The only problem I have is knowing whether it is dropping true comments.

      Once I’m done testing it further I plan to release it or submit it back to the original plugin writer. The Anti-Captcha plugin itself does a great job of detecting the robospam. The only drawback is that it marks it and puts it into the moderation queue. I changed it to just drop the comment instead. It would probably be better to find a way to allow users to select which option and maybe add a log feature, but so far I’m happy with how it is working.
      Bill (LoneWolf) Nickerson recently posted…Battling Comment Spam — Moderating CommentsMy Profile

  4. Thanks for that Bill.

    One thing I have had to do is remove comments via the SQL database- physically ripping out 50,000 comments. I’ve had entire servers keel over from the spam. A system that can actually detect and remove them would be great as inadvertantly linking into a “bad neighbourhood” can irrecoverably damage a site. That being said, Google recently released a “ignore this link” setting in Google’s tools, but suspect that’s more a confirmation that they now see in-coming link spam as being even worse.

    • Anti-captcha and Growmap (which is available standalone or included in CommentLuv premium) are designed to get flag or remove the robo spam. (Note that Anti-captcha only flags spam unless you hack it like I did)

      They work on the principal that robots won’t implement JavaScript to avoid a lot of the spam. They also have a few other things built in — like using nonces and hidden fields, etc.

      However, there will be some that gets through and a antispam plugin that uses a heuristic algorithm (like Akismet) is useful to at least flag those that do come in. The front line plugin removes most of the obvious stuff and the second line flags the rest.

      So moderating the comments is still a necessary evil if you’re going to keep them around, but the plugins can make it much easier.

      The “ignore this link” feature of Google tools is actually for you to use when another site links back to you. Google assumes that you are cleaning up the links you are able to on your own site. It is to help combat negative SEO campaigns where someone posts bad links to your site in order to bring you down in the rankings.
      Bill (LoneWolf) Nickerson recently posted…Battling Comment Spam — Moderating CommentsMy Profile

    • This is true, Dourgi. But the avatar is one factor among many. If I have a comment that is borderline, but the avatar is there and the email address and name line up, then I’ll probably go with it.

      But without the avatar I’d be more likely to mark it as spam.

      I don’t want to get rid of comments just to be rid of them. I want to encourage them since it is helpful for me to have lots of comments coming in, provided that they’re pushing the conversation forward in some way.
      Bill (LoneWolf) Nickerson recently posted…Battling Comment Spam — Moderating CommentsMy Profile

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge
You may put keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 5) For example: Bill Nickerson@List Marketing Adventure