Tags » spam

 
 
 

Looking back at comment-spam in WordPress

Categories: Midd Blogosphere

In February 2012 we started noticing a large influx of new comment-spam coming into our sites.middlebury.edu WordPress system that the built-in anti-spam plugins weren’t able to handle. To combat this annoying plague we created a new plugin that instantly killed any comments trying to submit an “author URL” along with the “author name” and “comment text” now that the “author URL” field is hidden.

In the year and a half since this plugin has been in place across our blog network it has blocked an average of 40,000 spam comments every month.

+------+-------+--------------+
| year | month | spam blocked |
+------+-------+--------------+
| 2012 |     3 |       14,814 |
| 2012 |     4 |       19,956 |
| 2012 |     5 |       18,225 |
| 2012 |     6 |       15,937 |
| 2012 |     7 |       29,232 |
| 2012 |     8 |       24,073 |
| 2012 |     9 |       25,973 |
| 2012 |    10 |       42,514 |
| 2012 |    11 |       49,265 |
| 2012 |    12 |      106,128 |
| 2013 |     1 |      103,850 |
| 2013 |     2 |       72,944 |
| 2013 |     3 |       38,336 |
| 2013 |     4 |       35,125 |
| 2013 |     5 |       32,975 |
| 2013 |     6 |       35,011 |
| 2013 |     7 |       28,218 |
+------+-------+--------------+

While some spam is bound to get past any automated filtering, we hope that these efforts have alleviated most of the hassle of dealing with spam comments in WordPress.

Reduced comment spam in blogs

Categories: Midd Blogosphere

During the past few months we have been seeing an increased amount of comment spam coming into WordPress (sites.middlebury.edu) that follows a distinctive pattern: the comment text is useless, but unoffensive and contains no links itself, while the Comment Author Website field contains the URL of a commercial site. Because the comment text doesn’t contain any links, the comment doesn’t get picked up by WordPress’s existing spam filters and until now would be held for moderation.

Here is an example of this type of spam:

Comment Author: canada goose kensington parka
Comment Author Email: Lan….o@yahoo.com
Comment Author Website: http://www.canadagoosejakket…rk.eu

You made some respectable points there. I regarded on the web for the issue and found most individuals will go together with with your website.

The point of these spam comments is to use the Comment Author Website field to plaster the web with links back to the spammer’s site in order to make the site seem more popular to search engines.

WordPress’s built-in anti-spam tools ignore the Comment Author Website field and only look at links in the comment text. This used to be sufficient since it is unlikely that most readers will click on the comment-author’s name and follow through to their website. As well, adding links in the comment text allowed spammers better control in how to present the link so that it had the most impact on search engines. Because of the success in filtering of the comment text, spammers have now moved on to other techniques, just trying to get their links to exist anywhere on the page, even if they aren’t ideally positioned.

To combat this form of spam we have removed the Comment Author Website field from the comment form. There are few legitimate needs for this field and it was originally added to allow people to link back to their own blogs — a nice feature, but not necessary. By removing this “attractive nuisance” we can instantly mark as spam any comments that submit a value for the Comment Author Website even though this field is no longer shown in the form.

As of today, this type of comment spam will no longer even be held for moderation — it will be dropped into the “spam” category right away. In the first two hours since this change has been in place it has blocked 70 spam comments that would otherwise have required moderation by the target blogs’ administrators.

Does tagging content make it easier to find with search? No.

Categories: Midd Blogosphere, video

I’ve received this question from several people now. Below are two videos from Matt Cutts who works on Google’s Webspam team explaining how tagging content mostly does not affect their search results. This also means that tagging largely will not affect how results appear on Middlebury’s site, since we use Google to provide our search results.

Tags

Tag Clouds

This does not mean that you shouldn’t tag content at all. Tags can still be useful for humans who want to find other posts and pages on a topic. However, if you want your page to be easier to find, your time is better invested in making sure that the content is well written, structured and relevant to a particular topic.

PCI and Blocked Email Messages

Categories: Midd Blogosphere

The Payment Card Industry Data Security Standard (PCI DSS v2.0) is a standard that has been accepted by all major credit card companies and most credit providers. It is a standard that we must abide by if we are to accept credit cards as a form of payment. PCI DSS is broken into 12 requirements; each focusing on a different domain of security.

While PCI DSS is not an actual law, it is a standard enforced by the credit card industry, and the banks have stated and upheld the policy that they will no longer accept business from non-PCI compliant merchants. The government has used the PCI DSS as a yardstick by which they have measured such regulations as Gram-Leach-Bliley, Sarbanes-Oxley, and most recently the drafting of the Data Accountability and Trust Act.

We employ a device called a Barracuda here at Middlebury which helps us prevent SPAM from flooding our email system. Just shy of a year ago this system was updated to enable it to filter on cardholder information. By default this feature was turned on. We have left this enabled and have begun reporting on these blocked messages and alerting the senders of outbound messages.  The Barracuda is intended to serve both as a SPAM filter and a compliance tool.