How to successfully spam blogs (and how to fight back)

What you’re about to learn isn’t anything new. It’s not particularly earth shattering either, but a lot of people don’t know it.

NOFOLLOW DOES NOT WORK (properly)

You may have noticed legitimate looking comments on your blog from people with suspect names. Usually the name will be a brand name, service or literally anything that sells. The commenter’s website is obviously related to that business. Why do they bother using special keywords when Google is supposed to not follow those links? Do they know something you don’t? Yup. They know that keywords, even on nofollowed links, matter. I’d provide reference links to SEO blogs explaining this but then they’d know I’m reading and they might shut up.

So, how do you go about spamming blogs? (And how do you defend against those spammers?) Here are two examples:

How to spam a niche blog

George, who runs 858graphics obviously makes signs in San Diego. I’m sorry that his store was egged last year, but he’s obviously trying to manipulate Google. Unfortunately, he succeeded. He is #2 in Google for “San Diego Signs”. Strangely enough there are no links to his website.

How to spam a niche blog

This second guy isn’t quite so successful, and to think he’s spamming my poor Shih Tzu, Oscar. The spammer’s domain is near the bottom of the first page of a Google search for Shih Tzu Checks. That’s still pretty good considering he doesn’t have any links to that page either.

How did these guys find my blog? The first guy searched for WordPress blog posts with comments. The second looked for a page saying, “leave a reply”, an open invitation to spam if ever there was one!

Out of curiosity I followed the Google search a recent spammer used. On the blogs surrounding my blog in that search I found traces of him everywhere. He left legit looking comments but the link was always full of keywords for his business.

Stuffing keywords in nofollowed links certainly helps rank for keywords.

So, you want to know how to fight back? It’s very simple if you’re using WordPress:

  1. Install my Comment Referrers plugin. That will add a line at the end of the moderation emails with the referrer of the visitor. Some referrers should ring alarm bells!
  2. Install Delink Comment Author. This plugin removes the link the comment author left as their URL. I modified my install so it removes the email too as I moderate comments from new users.
  3. I was planning on coding this next plugin, but I found Lucia’s Link Love first and that saved me the trouble. I modified mine so it doesn’t hyper link the name of a comment author who has left less than a certain number of comments. See this comment as an example. That “Landscape Artist” never came back to my blog again so his “name” isn’t linked to his site.

So, chances are a few more people are going to try this technique now that I’ve blogged about it. I bet many more blog owners will be more vigilant of it now though. It’s your blog. If you don’t want to be pawn to a spammer then fight back!

Edit: Here is my version of Lucia’s Linky Love. Just rename this file to .php and drop into your plugins folder. If you’re not logged in or have a comment cookie in your browser you should see some comment author’s names won’t be linked.

Comments

comments

79 Replies to “How to successfully spam blogs (and how to fight back)”

  1. That’s it, need to figure out a way to randomise that URL, maybe per install. It won’t stop all spam, but it’s already killed a good few since activating it!

  2. I just add into my .htaccess if the HTTP_REFERER !=MY_HOST (not actual code) ..it will come a 404. means NO BOTS.

    And…RENAME the COMMENT.PHP to something else also fools them easy….

    Nibbing the problem in the bud is better than the need to DeLink etc.

    best regards

    azrin

  3. While messing around with your files can be a good deterrent, updating your CMS could mess it up. I’d rather use a bunch of anti-spam modules e.g. Askimet, BadBehaviour, NoCaptcha, etc. or instead put up a very simple captcha or sum to work out.

    Not every search engine uses nofollow, and it is somewhat hated by a bunch of people, for example Wikipedia has nofollow now. Yet if your site was good enough to have a Wikipedia reference, you would hate that reference being worth nothing!

  4. Why would anyone ever approve a comment from a keyword name? It’s obviously spam. If it is a real name with a “spammy-ish” site, I’ll simply manually remove the URL when I approve the comment.

    I recently tweaked a bot-trap and some php to have comments on my blog submitted to the IP address of the visitor to the site. If they submit a comment to a different IP address, they are blocked.

    Example: My IP address is 234.234.234.234. When I want to post a comment on my blog, the (form) will submit the comment to 234.2342.2342.234.php. Since the formname and my IP match, the comment is handed over to Akismet and WordPress. But then if someone later tries to submit a comment to that IP address, (like say a spider that crawled my site gathering comment form submission URLs) they will be instantly blocked when they submit. It’s been working pretty well.

    Also, anyone that tries to submit to the default WordPress post comment URL is blocked automatically.

  5. OK the name is a bit of a joke- it’s the first time I have used such a name, as i only just learned of it from you, and it will help to make my point.

    As long as someone who is using their business name or profession (which also happens to be a keyword) as a name is posting intelligent comments to your blog, who cares?

    I mean, I got really sick of sifting through the comments that were just a string of keywords or the ones that just say “Nice!” but I learned that it’s easy to shut those off. If a guy has a half-way intelligent comment to make on my blog, I don’t care so much that his name links to website he makes money off of. Don’t comments invite more traffic to my blog?

  6. i’m affraid to use plugins, because one wrong move and poof, another three hours trying to figure out wtf. can u or anyone walk me through with plain english, how i can install?

    any help would be grateful.

  7. Totally agree with “kid chapter…”. I’m not concerned if someone uses a few keywords as their name….it’s the content that’s important. If it is obvious they read the blog, and contributed a useful comment, then absolutely it will be allowed.

    So if you don;t mind I will leave a plug for my website- http://www.______.com, we offer web conferencing services. Hmmm…interested if you will review this as a spam comment?

  8. Posting something like this is just downright selfish. I didnt know how to spam blogs until now, thanks.

    Now, you get a few downloads of your plugins, yay.. but unless you have the attention of evry blogger in the world, you s&rewed the rest of them… does it get any more selfish than that?

  9. Thetruth – sorry you feel that way but this is nothing new to spammers, but many bloggers don’t know about it and let through these spammy comments. Since I posted this I received at least a half-dozen of these comments, one spammer even came from this blog post according to my referrer plugin!

    David – Yes. That second part of your comment is spammy, but I let it through after sanitizing it.

  10. Is it spam if it’s a man made comment though? I don’t really mind someone having their link in a post as long as you get some actual human interaction out of them.

    Lately what I did was remove the links out of a spammer’s bot comments so that my site would rank for his keywords (Not that I was interested in them, but to spite him) Of course the bot interpreted it as an open blog so I received a bunch from the same source immediately after so I had to blacklist it. Still left the url stripped ones though 🙂

  11. Great stuff man! I am usually vigilant about spammy looking comments and tolerate a little when someone uses keywords for the name as long as their comment adds value to the conversation instead of just saying nice post. I do like your Comment Referrer plugin and will install it tonight.

  12. I don’t agree. If the comment is automated, then it should be deleted, but if the comment was posted by hand, and the guy bothered to read the article and leave a contextual comment, I have no problem with it. The only exception to this, is if the linked site is not worth linking to it.

  13. So since this blog is running those fancy plugins my current attempt to spam you won’t work? Oh well, on to my next victim.

    I’m kidding. But my opinion is that people who have read a blog, thought about it, then left a meaningful well thought out reply should be able to get a little love from Google or whomever. I mean, it all depends on the situation too. If I were moderating all my comments then I’d let everyone get google love except those who were obviously spammers. I happen to not moderate my comments. All comments get through except those Aksimet catches. I thought about doing something similar to what’s described in this post but decided against it because I get more honest comments than spam. Also, blogging is all about give and take. its a community thing and I feel bad not giving my readers a little bit of a reward. But for those who do what is suggested in this site I would totally understand and wouldn’t hold it against them. both sides have valid points. God, sorry for being so longwinded

  14. I have to tell you, I find it funny if nothing else to edit a comment entirely to remove a link to a spam site, and change the name if it is keywords, then approve the comment. I just think in my head about how mad the spammer is that he didn’t succeed in posting his spam. I only do that if he leaves a comment worth posting (put some thought into his spam comment). I did recently require free accounts to post comments though due to a massive spam issue on a post about not spamming. It’s just easier to manage.

  15. Thank You for the answer to my question

    I searched on Google: wordpress blogpost spam
    and found you as nr. 4

    I was really wondering what was going on. Could there really be so many idiots out there?, around 3000 in less than 2 months, thinking they could get visitors through my site.

    So Google have been, and still is, rewarding those people to fill up the internet with crap. Amazing.
    Do you know about some software that easily could pick up those email addresses in a textfile. Or could you make some – maybe both for the past and future mails.

    We could then, maybe with the click of a bottom, send all those smart people a long email like:

    Thank you very much for your comment to my blog.

    I think you might be interested in:

    links (affiliate) 10 or 20 lines with something like
    guru1 guru2 Seo1 Seo2 Trafficexchange 1 to 5
    Service this and that.

    I think you may find some of the links above more useful and relevant in your effort to improve your ranking in the search engines.

    I have deleted your comment on my blog since it is highly irrelevant.

    I wish you god luck skyrocketing your business.

    Yours faithfully

    PS if you do not understand this message, I would suggest you get some help from your friends or maybe your doctor.
    ________________
    Maybe we could earn some commissions for the effort of deleting all those crap comments.
    I wonder if Google would be open for a -5 button.

    1. Bjarne – there’s no point doing that unfortunately. The email addresses they use are probably fake. Using Akismet and/or Cookies for Comments stops almost all spam reaching your site. The spammers “fire and forget” and most of the time don’t even bother checking if the comment appears!

Leave a Reply