JasonMorrison.net

With all the comment spam, trackback spam, and pingback spam out there, developers have created some pretty powerful anti-spam tools. So why did I create a small, not-so-powerful anti-spam Wordpress plugin like O RLY?

Here’s a screenshot of my pending comments a little while back. Notice the second comment, which slipped past Akismet:

Apparently some dude named Casey Fronczek wanted to let my readers know about his fishing trips. I clicked on the O RLY button, and here’s what Google had to show me:

This spam comment showed up about 17,000 times!

This is an interesting case because it shows that spammers aren’t always looking to place links or pass PageRank. They are always looking for some kind of payoff though, and you can see the roundabout technique here. Hopefully anyone interested in fishing trips in southern Florida will Google this guys relatively unique name and result in a sale. You may also see phone numbers, ICQ or other IM accounts, and similar contact information in some comment spam.

This is a little tougher to automatically delete because a spammy link is a really good signal for an automated filter. Hopefully if people have enough little tools, we bloggers can improve the state of the web as a whole. Get the plugin from WordPress.org, and please let me know of other good anti-spam plugins in the comments.

One of the great things about having a blog is getting comments on your posts. It’s particularly gratifying when someone takes the time to tell you that your post was helpful, entertaining, or well-written.

Spammers know this and exploit it by generating compliment spam. They’ll put together a few lines of general praise and slather them across the web, hoping that bloggers will fall for the trick and post their spammy links.

Abusive social engineering like this really annoys me, so when in doubt I always do a Google exact phrase search to see if the compliment is really for me and not from a bot. This is tedious, so I created a simple WordPress plugin: O RLY Comment Spam Search.

You can get the plugin directly from WordPress.org, where you can also give it a rating to tell other webmasters how great (or non-great) it is. By the way, the plugin browser/installer added in WordPress 2.7 is very cool, and makes it much easier to try out plugins.

Judging by the thousands of blogs my O RLY searches have found, this sort of spam works. But why do spammers do it? Since WordPress (and most major blog systems) nofollow links in comments by default, the spammers can’t expect to gain any PageRank from these links. My guess is most of this spam is either intended to get traffic via clickthroughs or is generated by naive site owners, SEOs and marketers who don’t really understand how things work.

Take a look and let me know if it’s useful in the comments below. Also, let me know if it’s breaking on certain comments or otherwise buggy.

One of the things I mentioned in my last post was how the Electoral College distorts the vote in favor of those in small-population states.

I got a comment from NationalPopularVote.com along these lines…

The major shortcoming of the current system of electing the President is that presidential candidates concentrate their attention on a handful of closely divided “battleground” states. In 2004 two-thirds of the visits and money were focused in just six states; 88% on 9 states, and 99% of the money went to just 16 states. Two-thirds of the states and people were merely spectators to the presidential election. Candidates have no reason to poll, visit, advertise, organize, campaign, or worry about the voter concerns in states where they are safely ahead or hopelessly behind. The reason for this is the winner-take-all rule under which all of a state’s electoral votes are awarded to the candidate who gets the most votes in each separate state.

They make a good argument, and I agree with them, but I find it pretty reprehensible that they are spamming blogs to make their point.  If the comment is on-topic, why do I call it spamming?  Grab a snippet of text and do an exact-phrase Google search by wrapping quotes around it, like this:

http://www.google.com/search?q=%22of+the+states+and+people+were+merely+spectators+to+the+presidential%22

As of this writing there are 233 occurrences of the exact same comment slathered all over the web.  It looks like they’re using an automated program to watch Technorati or Google Blog Search for posts about the Electoral College and autopost the same comment.  I’m going to email them and ask that they stop.

The phrase search is a good technique for discovering compliment spam as well.

In any event, we already looked at the fact that some people’s votes count four times as much because they live in a state with a small population.  Do the NationalPopularVote.com folks have a point about swing states?

One way to look at the power of your vote is to figure out the likelihood that yours will decide the election.  By this definition, it helps a little to be in a small-population state but the most important factor is how close the election is in your state – your best bet is to live in a swing state.  Andrew Gelman has a great article explaining why, but it’s pretty intuitive.  If you live in a safe Democrat state, for example, it doesn’t matter if you live in California or Rhode Island – your vote is much less likely to be the one to flip the state to one side or the other.  The same is true for safe Republican states, from Texas to Wyoming.

I hate comment spam. I think it’s safe to say we all do. So how do you keep it off your blog or forum? Check out this article I wrote on the Google Webmaster Central Blog with some ways to prevent comment spam.

It’s interesting that one of the commenters brings up compliment spam – I just wrote about it on this blog a little while ago.

This was pretty cool for me, because I can’t really share much about my work at Google. It’s also fun to see my text translated into German.

Next up I’ll post an update on the baby name poll with more fun charts and graphs.

Blogs are great because they give you a creative outlet and let your readers comment on you posts, making it a much more social experience.  But spammers take advantage of comment forms, using scripts and bots to fill the web with links back to their site.

What can you do about it?  Even with captchas, systems like Akismet, and other automatic techniques (you can read more about these here), some spam will slip through.  Specifically, compliment spam.

What is compliment spam? Spammers know you and I like to be told what great writers we are, how helpful our posts are, and that we are brilliant geniuses.  So they set their bots to spam you with complimentary comments that just so happen to link back to their crappy blog, online casino, or fake viagra store.  Here’s an example:

Typolight
http://www.typolight-blog.de | info@typolight-blog.de | 82.146.49.61

Thanks, you nice post that helped me alot.

From Keep your Wordpress site from being hacked with automatic upgrades, 2008/09/06 at 9:27 AM

So, at first glance this looks like a legit comment.  The post in question was a “how-to”, so it would be nice to hear that someone found my instructions helpful.  But, do a Google search with the comment in quotes (an exact phrase search) and you’ll see the problem:

http://www.google.com/search?q=%22Thanks%2C+you+nice+post+that+helped+me+alot.%22

At the time of this writing, we see 168 instances of this exact comment.  By this same Typolight person.

So that’s my tip – if a comment seems a bit too randomly complimentary, throw it in quotes and do a Google search. Then, if it’s spam, make sure to spam it – systems like Akismet only work because we’re all reporting spam.

If you really want to go after the spam poster, you can also give their site a bad rating on Web of Trust, StumbleUpon, and other reporting systems.

Maybe if I get some time I’ll throw together a WordPress plugin to make this easy to do.  If you’d like a plugin like this (or have other tips), drop me a comment and it will help motivate me.