in blogging

Comment Spammers: 2nd Time’s the Charm

There’s a new level of blog comment spam out there that’s as wonderfully clever as it is evil. Here’s how it looks:

Imagine you wrote a blog post about kola nuts. A few days later, you see this comment awaiting moderation:

“Extracts from kola nuts are great energy boosters. Couple kola nut extracts with Vitamin B complex to increase energy and stamina. In addition, this combination will enhance circulation, protein metabolism and also maintain hormone balance.”

While it’s not the most conversational comment, it’s also not overtly pushing any specific brands or products. Lots of people out there love to give unsolicited advice and opinions.

Best (or worst) of all, the commentor leaves no URL. Surely they’d add a url for the link if they were comment spamming!

But no. That’s why it works. Spammers now know that a huge percentage of bloggers have set comments to be automatically approved once the first comment has been approved by the moderator. That basically means that if a person leaves one legit comment on your blog, you trust them enough to let their future comments publish automatically.

These spammers will send one fairly legit comment through your system without any URL so that it gets approved. Once approved, any future comments using the same email address will automatically publish. So they keep track of every blog where their comments get published and then they hit it sometime later with spam. And that comment will definitely have a spam link either in the URL field or in the body of the comment.

So keep an eye on your auto-approved comments. Even though they passed your initial sniff test, they might come back to bite you later.

Write a Comment

Comment

  1. Just read this yesterday and then, just now, got this blog comment: http://i.imgur.com/BiiT8.png. I sort of assume this is the same thing (URL = Bing.com? Really?), and then start to feel guilty, just in case someone at isecurity.ie really did believe that I was bang-on about the nasty domain registration company I’d written about.

    It could 100% be a legitimate comment, and it could also be someone totally not affiliated with isecurity.ie trying to pull a fast one. Sad that the tricks you highlight here make me so very suspicious 😐

    • My favorite way to handle these is to 1) delete the URL since it’s nonsensical and 2) change their email address by at least one character so that, even though the comment is approved, it doesn’t open the door to future spam. 🙂

    • Ironically, there ARE times when I thoroughly enjoy a post and simply want to pat the author on the back. These days, if they don’t already know me, I’m likely to get blocked because my congratulatory remark is so similar to popular spam tactics.