One of the most annoying aspects of managing a blog is the incessant spam comment that you get, which can total in the dozens per day if not more. These spam comments are usually generated by robots promoting just about any sort of crap that you can imagine and attempting to place links in your blog comments and, in the worst case situations, attempting to hack your website. These robots work on the basis that comments are just added automatically without any form of intervention and hope for a lucky break. While easy enough to ignore, send to the sin bin and then delete these obnoxious weeds, they can be an administrative pain in the first instance, as well as potentially having an adverse effect on your site if your hosting service begins to be affected. Most hosts have some form of spam filter, but these don’t always cater for what gets through on blog comment forms on a poorly secured website and that’s when problems can arise.

The Original Spam - (source: Smithsonian Mag)

The Original Spam – (source: Smithsonian Mag)

Now most blogs use some form of spam filter and some work well and others not so. One early spam filter I installed actually appeared to seek spam, as my comment moderation page started to fill up exponentially and hardly anything was going into the junk folder. And sometimes there’d be several hundred waiting to be deleted if I didn’t check every day and sometimes several times a day. Subsequently I just used Jetpack, which is often installed when you install WordPress, and used it for some time as it seemed to work OK, but my junk folder still filled up. However, I removed it a while ago after it started to create major backup issues and other problems for my site for some reason and entreaties to the plugin developers didn’t provide much joy. I then added a different spam filter that blocked some spam comment and put others into moderation. A the end of the day, these measures kind of worked, but were far from perfect and often created more of a placebo effect, making you believe things were good when all they were doing is covering more serious issues. Spam is a fact of life and I get spam in my normal emails in the same way, but at least they don’t have the potential to affect my site hosting service.

Spam - WTF???

Spam – WTF???

But because spam can be so bad for a hosting site, especially if a website doesn’t have any form of security controls, there’s a real risk that the server as well as others on shared hosting services can be seriously affected if your site is hacked. There have been many instances where a hacked website has been closed because spam emanates from the site, which has the potential to affect an entire server that hosts multiple sites on a shared basis. This closure will happen automatically to prevent others from being affected and the only way to get the site back up is to fix things before services can resume. That becomes the site owners problem and can take quite some time, especially if there are major issues in the way the site has been implemented and more so if the site owner has to get a third party web designer to fix what’s gone wrong. At the end of the day, the easiest way to prevent automated spam from hitting your site is to use methods that makes it virtually impossible for robots to create comment spam.

Anti Spam Plugin - (source: WordPress)

Anti Spam Plugin – (source: WordPress)

The most common spam control system is CAPTCHA, which anyone who’s been using the internet for any time will have encountered at some point and been duly frustrated. Long time users will well remember the early versions of CAPTCHA where you had to interpret a pair of blurry words and input these into a field before you could access the comments field. This method was one of the most frustrating things encountered and everyone hated the system because it was often impossible to read the words and the aural option was no better. Not only that, improved artificial intelligence (AI) was able to crack the CAPTCHA and subsequent reCAPTCHA words where humans often had difficulty. Realising these issues, Google kept working on the system improving reCAPTCHA which now presented the user with a series of photos that had to be selected and this remains the most common format today and eventually supplemented it with Invisible CAPTCHA. Mind you, I have no doubt that AI will get around this as well.

reCAPTCHA - Source: Google)

reCAPTCHA – Source: Google)

I tried reCAPTCHA a while back and found it very frustrating and feedback I received also noted that it was a bit problematic, so I abandoned it altogether and went back to the anti-spam plugin method.┬áBut since Google introduced Invisible reCAPTCHA, which in most circumstances doesn’t require the selecting of any photos as it can recognise robots from real users, I decided to install that on the blog. If a user is suspect, then the Invisible reCAPTCHA reverts to the photo quiz. Now with Invisible reCAPTCHA reinstated, the comment checking appears to be working very well indeed, as all comment spam has ceased. I don’t know how many comments would go straight through and how many would have to go through the photo selection verification process, but it certainly stops spam comment cold. Since enabling Invisible reCAPTCHA, the anti-spam plugin hasn’t needed to catch anything, so I’ve deleted it and that makes one less plugin to worry about.

Invisible reCAPTCHA

Invisible reCAPTCHA

Controlling spam is just one part of overall website security, but it can also be a time consuming and frustrating part of site management, depending on the way that you approach it. It’s kind of sad that we have to resort to these sorts of measures to keep the crap at bay, but that’s life on the internet. I just wish you could implement a similar sort of filtering system for all those phone calls that we get on a daily basis from charities, surveys and weird numbers. Yes, we are on the Do Not Call list, much good that it does half the time, so it would be fantastic to force these cold callers (especially someone with an unrecognised number) to go through a telephone reCAPTCHA process before the phone would ring.

Update 1. While Microsoft Outlook can automatically delete or place unwanted emails into a junk email folder, you can’t automatically delete emails by email address, only by email title (which changes constantly). So I was delighted to discover that my new site host, VentraIP, has a feature that allows me to blacklist senders by email address. What this does is stop emails from ever reaching me, as they are blocked at the server end. I’ve added all the rogue addresses into the blacklist and I’ll now monitor things to see if these emails stop, or at least reduce in number.

Update 2. Just watch: