If you run a blog that allows people to comment on posts, it is inevitable. You will get comment spammers stopping by. They will post in hopes that their comments will provide links to their websites peddling "medicinal products", adult content, and other items that you probably would rather not have on your website. The links – these spammers hope – will mean that their sites will gain a better Google ranking and lure more people to their websites.
Side note to explain "Google ranking" in case you don’t know: Google ranks sites based, in part, on how many links there are to them. The sheer number isn’t the only method, however. Sites who themselves have a better Google ranking lend more weight to the sites they link to. For example, if CNN were to link to my blog, I’d get a much bigger Google-boost than if some spam site nobody ever heard about linked to me. The spammers hope that the comment spam links from the blogs they "visit" will help boost their Google ranking.
It would be bad enough if spammers went around leaving garbage comments to increase their Google ranking, but spammers don’t stop there. They employ networks of compromised computers ("spambots") to do their bidding. Using this tactic, they can post dozens of their spam comments from different IP addresses, getting around IP address blocks.
Thankfully, there are an array of tools that you can use to thwart spammers. I’ve used a few of these in the past to varying effects. Akismet helped block nearly all spam comments, though a few did still slip through. NoSpamNX helped block a bunch more. Unfortunately, while the spam comments (for the most part) didn’t appear on my site, they were still in my database. I could delete them but there was still server load to think of.
All of those spammers sending all of that data to my database might not cause my to unwittingly boost their Google rating, but they could slow down my server. For some reason, my blog seemed wildly popular with the spammers. It seemed that I was getting almost a hundred spam comments a day. And then it got worse.
On November 5th, I received 252 spam comments. TWO HUNDRED AND FIFTY TWO! The next day, the total quickly rose up and threatened to top even this.
Something had to be done.
Jenn (aka KissMyKitty) recommended Captcha by BestWebSoft. I was leery since I hate whenever sites use captchas. This plugin, however, doesn’t give you garbled text that you need to decipher and re-type, though. Instead, it gives you a simple math problem such as: One + 3 = _____ If you type in "4", your comment will move on to Akismet and my other anti-spam measures. If you are a spam-bot and don’t understand math like this, your comment won’t even be saved into the database.
Good idea in theory, but how will it hold up in practice? Take a look at this graph:
(Click on the graph for a bigger version.)
That huge drop in spam comments was right after I installed Captcha. Spam comments initially were so non-existent that I figured something was wrong with my comment form. One test comment later, though, and I knew that it was just Captcha confounding the bots. Yes, some spammers did manage to get by, but at a greatly reduced rate. Instead of dealing with a flood of comment spammers, I now only see a trickle coming in. In the four days since I installed the plugin, I had only 8 spam comments with my biggest spam day since installing it at 6 comments. My pre-Captcha low was 39.
Given that Captcha is so effective against spambots, so easy for real human posters, and free to boot, it’s definitely going into my Must Have anti-spam toolkit.
NOTE: The "no spam" image above was partially created out of "no sign" by skotan which is available from OpenClipArt.org.