Google began advocating the nofollow attribute as a way for webmasters to tell Google’s crawlers not to count a given link toward the PageRank of the site pointed to by the link. This attribute would help webmasters avoid the sting of being punished over paid links, which Google dislikes due to the way they can "game" the search rankings.

Webmasters had questions about nofollow, the answers to which ended up flung across the Internet. Blogger Li Evans asked Google in February why that situation hadn’t been cleared up by collecting all the answers in one place.

As Google’s well-known webspam fighter Matt Cutts told WebProNews how Google finally addressed the situation. They opened up the NoFollow Help Center within the webmaster help pages to help clarify the topic.

As Google explains, nofollow helps manage issues like comment spam, crawl prioritization, and the touchy issue of paid links. Watch Matt Cutts go over this attention-getting topic only on WebProVideo:

This is what I jokingly, err, awkwardly refer to as "Janitor 2.0"

Like it or not, the creation and adoption of social tools for business, be they blogs, forums, wikis, or otherwise, each comes with their own unique maintenance needs — and yeah, those needs must be tended to; often by a quiet, nameless pool of marketing, PR and web folk who work pretty damn hard to ensure everything else works as it should.

Broken links. Comment spam. Trackback spam. Invite scrubs. Inconsistent tags. Email filtering. Page overloads. Server balancing. Browser incompatibilities. And the list goes on, you get the gist.

It’s all the unspoken, unexpected and undervalued stuff that must happen every day to keep a healthy "conversation" going.

For this reason, it’s a huge defining factor between the success or failure of a social media program. Fittingly, it’s also an important defining factor between those "new media experts" that know what they’re talking about and, well, those that use the word "easy" a lot.

My advice?

Using social media is a powerfully messy business. Anticipate and over plan for the maintenance, upkeep and clean up of every social tool you use, and generally speaking, accept the fact that you have yet another hat to wear, a blue one this time, in this messy middle. Good luck.

Comments

But being a conscientious kind of guy, I want to make sure a “false positive” hasn’t got quarantined, so I like to go through the spam comments before deleting them, just to be sure.

As your blog grows in popularity, you will probably experience the same problem as I have: that unless you are regimental in checking through the spam comments on a daily basis (and then deleting them), the list gets too large, and it takes too long (and is too painful) to look through them all.

So I needed a better way.

I looked through all the different captcha-style solutions online, but I just didn’t like the idea of adding another plugin to my WordPress install, let alone a plugin that either a) implemented a rather “heavy” solution to a simple problem or b) relied on javascript to do some sort of funky cookie/hash thing.

In the end all I needed was some way to allow a human to show me they were indeed human… something a machine couldn’t do, thus blocking bots out of my comment form. Well, I came up with something last night and I’m waiting to see how it goes.

A Really Simple Spam Bot Blocker

What I did was add a field to my form (as seen below) where the commenter is asked a question, and needs to give the right answer. You could come up with any question/answer combo you choose, as long as they’re both short and simple. In my case the question asks “Are you human?” and the reply I ask for is my firstname.

The trick with my implementation is that I use a background image in that form field, which explains the answer I’m looking for. That way, anything other than a human being can’t see the answer I’m looking for, and humans actually see the answer right there in front of them.

(What I hate about those maths ones is that they make me think too much. Do you know the difference between a product and a sum? I don’t want to introduce fear and doubt for the commenter about whether they’ve actually entered the right answer. I want to make it really simple.)

As the commenter clicks into that field (if javascript is turned on), the background image disappears, so they can see their typing easily. In case they’re brain-dead and then spell my firstname wrongly, I actually only check on the server side that they’ve started my name with “al”… the rest I ignore. Man, how easy can I make it?!

I use a tiny bit of inline javascript to control the on/off display of the background image of that field, which, if you’re wondering, looks like this:

onfocus="if(this.value=='')
  this.style.backgroundImage=’none’;"
onblur="if(this.value==”)
  this.style.backgroundImage=’url(/images/despam.gif)’;"

To create the background image, I typed the text into the field, took a screenshot, then messed around with it in ImageReady, reducing the opacity to 33% so it has the light grey colour. (If that’s too intimidating for you, I found this webpage that creates a GIF image from text you enter, with all the configuration options you need. Way cool!)

The only other thing I had to do was implement the additional check for this new field in the WordPress file wp-comments-post.php, which is found in the root folder of your WordPress install.

I found this bit (on line 33 of the WP 2.1.2 version of the file):

if (get_option('comment_registration')
wp_die(__(’Sorry, you must be logged in to post a comment.’));

…and added this bit immediately below it:

if ('AL' != strtoupper(substr(trim($_POST['despam']),0,2)))
wp_die(__(’Error: please correctly type my firstname.’));

The PHP code here looks at what was typed into that new field of the comment form, cleans it up, capitalizes it all, pulls out the first two letters only, and compares them to “AL”. If there’s no match, a WordPress error screen is presented. (That error screen is ugly and would be better inline on the post page, but I don’t care. Real people should never see it.)

My only gripe is that I have introduced a “hack” to my WordPress installation, meaning that when I upgrade I have to make this edit manually.

(Note: if you copy the above code snippets make sure to check and replace the funny single quotes with “plain” ones or PHP will have a fit. I can’t stop WordPress using these weird ones, sorry!)

So, what do you think? Is Akismet (or similar) enough for you? What WordPress plugins do you use to handle spam? Why?

Comments

Tag:

High Value Keyword Net

Comment spam ads (outside of porn) are typically the same topics advertised on the Yahoo! homepage and on About.com’s brand sponsored content sections.

Spammers who spam others blogs are generally focused on profit and results oriented. Many of them do dumb stuff, but some of them will leave a competitive research trail worth looking at, complete with the TYPES of keywords that are profitabe (pornography, perscription brands, gambling, things associated with finance) and important keyword modifiers.

How to Leave Feedback:

Given the results orientated nature of spam, it is unsurprising that many comment spammers leave comments that are generic, non-personalized, and flattering. If you want people to respond to you the flattering angle is probably effective, but message personalization is also key.

The Cost of Free Content:

if you let others litter your site with spam it is easy for others to think you don’t believe in your own product. As one person stated on the blog with spammy comments:

Take notice of the spam here on the blog, they don’t care about this site and they don’t care about paying their customers.

Why wouldnt search engines eventually do the same? Sure spam is free content, but if it puts you in a bad linguistic neighborhood what is the cost?

Comments

Tag:

The first and most obvious method is to avoid free blogger sites. These are favorite targets for comment spam.

Bloggers who own their own software can add a no-follow tag. The rel=nofollow tag does not stop the spam, but it does stop robots from following the link. Blogger, owned by Google, implements these tags already. WordPress has anti-comment spam plug-ins to help bloggers stop comment spam.

Do not bother banning the IP address – unplugging a computer for one hour can change the IP address, and changing a servers IP address is relatively easy. Some companies buy IP addresses in blocks of a hundred or more, and spammers also use open proxies. These are IP addresses that allow anyone access.

Configuring a blog to prevent javascript and HTML code in replies is a solid and easy to implement method of attacking comment spam. It is possible to configure some blog software programs to automatically convert any string that starts with http:// into a url. This will not stop manual comment spams, but it will stop the crawlers.

The spam crawlers search the web looking for descriptive form names. Field names like comment or reply make it too easy for comment spam crawlers to find a potential victim.

Many blogs are using CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart). This new tool requires the user to post a text and number combination before their post is published. However, a simple trip to the freelance bidding forums already indicates that countries (Ukraine and India are the most obvious) are hiring people to do nothing but post comments all day. This undermines CAPTCHA tools anyway!

If you are able to configure your blogs software, then there is a very simple trick for stop automated comment spam software. The form submit HTML is:

form method=”post” action=”http://www.example.com/bin/comment”

The action specifies the web address (URL) of the executable used to publish the form results. Simply remove it and add an onsubmit attribute:

form method=”post” onsubmit=”this.action=http://www.example.com/+bin/post-a-comment”

This is not 100% effective, but it will stop most spam crawlers.

There are two other methods that are available to most bloggers. The first is user authentication – this requires the person to sign up for a user name and password before publishing a post. This slows down comment spammers in two ways: (1) they must take an extra step before publishing, and (2) most authentication programs are configured to accept an email address once.

The second method is to moderate every post before it is published, but the sheer time involved can be daunting. However, the advantages of having 100% control over your blogs content can tip the scales in the favor of moderating. Many posts do not use relative keywords, or post irrelevant comments based on an emotional reaction to the information. Moderating the blog allows the blog owner total control over the information on their page.

Tag:

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Bookmark WebProNews:

The Commentator is a unique script that blocks comment spam, while it builds a double opt in mailing list. For more information visit The Commentator.