Earlier today I’ve had a small telephone chat with Robert and one of our topics was the increasing problem on how to fight off spam at best. With the term spam we’ve tied it down to both Comment-, Pingback- and Trackbackspam. WordPress usually defends itself against this nasty bunch by given the administrators the option to moderate their comments, but once the spam increases, the numbers of to-be-moderated spam can reach a few hundreds and thousands of database entries.

However, people have created some plug-ins to counter these spammers:

  • Spam Karma 2.0
    This plug-in is meant to stop all forms of automated Blog spam effortlessly, while remaining as unobtrusive as possible to regular commenters.
  • Bad Behavior 1.2.2
    Spambots are prevented from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots including user-agent and referer analyses.

So far I’ve experienced the most positive protection from Bad Behavior, but while working with some website optimization tools yesterday, I noticed they were being blocked off from my site. On top of this, Robert expressed on the phone and in a recent article that other people are often turned down from bad behavior due to natural problems with user-agents or their referers. Instead of pulling hard restrictions on a blog by disallowing any form of communication (comments and trackbacks), I’d prefer to keep the idea of a social network alive. To accomplish this, the elements of interactivity have to remain intact. How else can I ask a question in my blog and get answers and with them some useful solutions?

Now I turned the plug-in off to see how much spam will pass to my moderation queue, and on top of this I will install Spam Karma tomorrow and attempt to compare these plugins. Nevertheless, the never-ending problem with Spammers is simple: They know what your defenses are and they are working to undermine them.

I already planned to upgrade my major joker in the frontline of fighting comment and trackback spam already a few hours ago, but it took some time for me to remember: BadBehavior 1.2.2 has been installed and runs smoothly. In the name of spam-free blogs! ;)

Should this be allowed? Darren polled and fetched us the result: The majority would accept individual signatures, but I have one dearing problem with this:

Weblogs are no Webboards!

The idea of discussion is wonderful, but people already get their chance to enter a name, an url and an email for any communication below the level of using the comment section of a weblog. And most of the users which might want to use signatures here will simply end up in the moderation queue of my blog. I’d choose between manually erasing their signatures (if these exceed more than 2 lines or contain problematic content), or I’d simply squish them by deleting the entire comment.

  • I still have concerns that such practices makes fighting spam comments difficult
  • I do wonder where the practice will end up (I really hope we don’t end up with comment threads being like the terrible mix mash of signatures that we see on many discussion forums)
  • And while using anti-spam plugins like BadBehavior ;), I’d fear the users get thrown out for their signatures… not sure how BB reacts to a massive load about signatures. And always remember, there’s the good old Comment Policy awaiting the commenters…

    The CSU, one of Germany’s major political parties, announced to use e-mail advertisement to gain more votes. I think that’s nothing else but spamming the people with political propaganda. Not only the idea is most stupid due to the advantages of technology to determine and detect spam, but the impersonal manner of connecting their major candidate, Edmund Stoiber, with the people is a sapping task.

    According to Blog4Berlin, the CSU will not rely on the rather traditional methods of posting bills and holding enunciations. Instead, they prefer to use more modern advertisements in their canvassing for Germany’s election on next weekend. Approximately 300.000 e-mails and several thousand voice-mails will be sent throughout the country.

    [via Wirres, Spreeblick]

    This is truely an amazing SPAM mail, and I’d love to share this one. How stupid are people that they truely believe this email is for real and not fake? I believe there are several thousands of them who click the links in the email… and as if Microsoft themselves gave such instructions! (typos and errors included)

    From :
    Sent : Thursday, September 8, 2005 7:24 AM
    To : ***
    Subject : Secure your pc, your website for a better protection!


    The Microsoft Windows Malicious Software Removal Tool checks Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software.including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.

    This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product.


    Download The Microsoft Windows Malicious Software Removal Tool by following the link found in this e-mail and you get a free-trial of EXCHANGE SERVER 2003 !!!
    Exchange Server, the Microsoft messaging and collaboration server, is software that runs on servers that enables you to send and receive electronic mail and other forms of interactive communication through computer networks. Designed to interoperate with a software client application such as Microsoft Outlook, Exchange Server also interoperates with Outlook Express and other e-mail client applications.

    Yeah right, as if one would get such nice freebies from Microsoft! I’d love to receive a free copy, but … haha, this is way too funny! Stupid spammers, stupid exploiters, stupid dialers, stupid… people?

    This morning I read a nice post by Google Blogoscoped: 60% of all Blogspot blogs are spammers. They tested 50 random blogs, of which 30 were spam blogs or had spam related content.

    Marty Kay made an interesting comment in regard to Splots (spam blogs) on Google’s
    “Funniest thing I saw was a bunch of comments on one spam/link site, that was totally irrelevant but pointed to ANOTHER spam site. The spammers are spamming each other.”

    This is one of the most ridiculous ideas ever. You are a spammer and try to get money, but you’re being spammed because you’re too dumb to install counter-measures on your own spam blog. But here’s the deadly trigger for Google’s Blogspot domain. With approximately 7,500,000 individual blogs hosted on their domain, approximately 4 million spam blogs exist because of them. However, a second test of another 100 blogs changed the numbers, estimating 42% of the blogs are solely spammers. I wonder how the Blogspot users will react to this…

    [via The Blog Herald]

    Das BSI – Bundesamt für Sicherheit in der Informationstechnik ist eines meiner mittlerweile gern gelesenen Online-Lektüren in Fragen zur „e-Security“, insbesondere deswegen, weil ich immer wieder unter den angehenden Jungmanagern im Studium ein nicht ausreichendes und manchmal vollkommen fehlendes Grundverständnis für den Umgang mit den digitalen Medien feststelle. Themen wie Sicherheit, Dokumentenschutz, Vertraulichkeit, Umgang mit E-Mail, Blogs und Meinungen – das alles sind meistens Themen des Bereiches Ungehört und Niegesehen (man beachte hierbei die „Wortwechsler“ im Italics).

    Just beim gerade fortlaufenden Lesen meiner RSS Feeds fand ich einen Artikel über das jüngste Werk der BSI genannt „Antispam – Strategien“. Laut Heise wird dabei klar gegen Spam gearbeitet, denn „den Schwerpunkt legten die Autoren auf die Erläuterung technischer Maßnahmen„. Ich habe mir für das kommende Wochenende das entsprechende PDF schon einmal parat gelegt und freue mich auf gute 147 Seiten…

    In addition to my suggestion concerning the Comments being predefined by your personal Accountinformation, I have to add the following idea: As we all know the possibilities of Comment-Spam found on several blogs throughout the net, its usually a reason of the common Trackback-Ping functionality. To avoid this, a Proof-Code generated by an image should be entered once a user is no officially registered user (or currently not logged in to Blogspirit). Even if there is no Trackback-Ping activated on Blogspirit, its a useful tool to limit the exploitation of the blogs through „lifeless annoyances“.