Identifying comment spam with the Comment Referrers plugin
First published on October 13, 2008
Admittedly, I don’t use a common anti-spam filtering algorithm such as Akismet or Defensio. I just don’t like the idea of false positives, that is, legitimate comments that have been marked as spam.
This means that my only line of defense on this blog has been my anti-spam image plugin (which you’ll see if you make a comment). I am protected against most spambots, but people who can want to manually spam my blog can do so. This isn’t so much of a hassle, as I don’t mind dealing with the moderation of a couple potential spam comments a week.
Over the past year, I’ve been using a plugin called Comment Referrers to help me identify the spam that gets through. In a nutshell, Comment Referrers helps me to find out how a commenter arrived at my site. In other words, it gives me the URL on which the person clicked a link to arrive at my site. Whenever WordPress sends me an e-mail to notify me about a new comment, Comment Referrers attaches a line with the referring URL, such as this:
Referrer: http://www.google.co.in/search?hl=en&q=%22savings%22 powered by wordpress %22leave a comment%22&start=560&sa=N
As you can tell, that particular commenter was simply looking for WordPress blogs, since WordPress is the most common platform on the Internet on which you can write comments. “Powered by WordPress” and “Leave a comment” are tell-tale signs of a WordPress blog (and you should re-word them on your site, as you’ll be surprised at how many people search for this). This particular person wrote this as a comment:
“wow what a nice post about coupons and retail information.
Its a very needed information because i need some coupons to buy somethings.
Thanks”
Now, this might have been a vaguely relevant comment, except that it was on another post that I had written on anti-spam measures. The motive for the spammer was that they left a link to their site in order to gain search engine ranking popularity. Of course, I proceeded to delete the comment entirely. If you are unsure about the spamminess of a comment, you can also just delete the link they leave to their site, leaving their actual comment intact.
Another typical clue in the referring address is when someone searches for any topic-specific keywords, with “WordPress” attached to the end. For example, if you are searching for a post on pay as you go cell phones, you don’t typically drill down to see WordPress blogs only.
Comment Referrers does not cover every type of manual spam. For example, if someone found your site, then clicked to another page before commenter, the referring URL would show up as your own site. However, this is rare and I must say that Comment Referrers has helped me immensely in weeding out the occasional spam that gets through my first line of defense. For legitimate comments, Comment Referrers also gives me a bit of insight, in a more immediate way than looking through server or analytics tool logs, on how people are finding my blog.
October 21st, 2008 at 6:42 am
Donncha O Caoimh says:
Unfortunately the spammers have a new app that doesn’t leave a referrer. I’ll be blogging about it soon, but check your logs for the IPs of the commenters above. They’re blatant spammers I’m afraid. I moderate new commenters just to catch those guys.
Thanks for the positive write up!