I notice that we’re getting a constant trickle of spammers of late (another one just surfaced in General Discussion). Certainly it’s been only a handful so far but the worrying thing is that once you’re targeted by a spambot (which this in all likelihood is) the trickle can turn into a flood quite quickly.

Does ExpressionEngine have any intelligent spam filters in its toolbox, Dave?

Most of the spammers are automatically killed. Those that get through are less than 1% of the attempts.

To get through, an actual human must register. I’ve also banned a number of domains (mainly Russian ones) that are primarily used by spammers. Those that get through and actually post are real people using Google gmail accounts. Since I’m not about to ban everyone using gmail, there’s not much I can do about these except clean up after they’ve posted.

They do infuriate me but it is good to know that you’re blocking the vast majority. I’d forgotten about registration, there’s no way for spambots to get past that.

Thank you, Dave.

Dave, do you use the Akismet plugin? It tends to work rather well.

No. But thanks. I’ll check it out.

Do you want us to, well, do anything? Is the “Report” function useful to you?

The two posts by “anshul” are surprisingly sophisticated spam.  I hope this doesn’t herald a new era.

Yes, I thought those worrying.

Dave, apparently spambots find registration no obstacle at all, they can automate the process. You should use a CAPTCHA in registration if that’s possible. I don’t think they can get round those yet. I’ve been reading the wiki on Forum spam, astonishing the tricks they use. Sometimes they don’t even post at all, they just register and leave their spam in their profile. “The link sits quietly in the signature field, where it is more likely to be harvested by search engine spiders than discovered by forum administrators and moderators.”

It’s time I took a major look at Expression Engine and how I’ve configured it. There are more recent versions of EE out there and I’ll probably take the month of March to look at updating the site.

Any changes would be “under the hood” (or “bonnet” for you Rightpondians) and shouldn’t be noticed to the casual observer. I’m not thinking about changing the look, feel, or structure of the site.

The really pathetic thing is that if the spammer bothered to keep up with Google SEO practices, he’d know that a link to a page about cars from a site about words is not a quality link and can actually hurt his Google rankings. By spamming a site that is not keyword appropriate, he’s being foolish, as well as annoying.

Not really, because from a cost-benefit standpoint it probably makes more sense to send links out scattershot than to go to the trouble of investigating each site beforehand.

Yikes, danieltooop’s spam comment in the Vegas thread is also worryingly sophisticated, even explicitly addressing another poster in the thread.

FWIW, and I am not sure this is worth anything, there seems to be an increase in spammers and sophisticated spamming on other forums too. Perhaps a result of the economy? I frequent some forums called gardenweb.com where there is a large group of persons exchanging not too enlightened opinions on gardening and some household related stuff. Spammers there have figured out how to go to the bottom of old threads on Fridays and add their spam pulling the thread with their spam to the top until Monday when it is sometimes removed. The spam is often incorporated in what looks like a signature line.

languagehat - 20 February 2009 05:53 AM

Not really, because from a cost-benefit standpoint it probably makes more sense to send links out scattershot than to go to the trouble of investigating each site beforehand.

I wish everyone in my markets thought that way. Google’s algorithm has changed in a way that it recognizes “scattershot” links and will downgrade your ranking for having them. This has been tested. Don’t forget that Google often gives more weight to off-site factors than to on-site factors, especially with popular keywords (like “cars"). There are zillions of pages that rank for keywords that don’t even appear on that page. This is because of the weight Google gives to off-site factors. Everyone knows this and Google knows that everyone knows this and so the cat and mouse game continues. Spamming back-links worked for a while and then Google compensated. Link farms worked for a while and then Google compensated. Right now blog farms are working but soon Google will compensate. Such has it always been. That’s one of the pushes behind “personalized search” because it will allow users, in essence, to create their own filters and help Google refine their algorithms.

It’s also not necessary for anyone who knows anything about this stuff to “go to the trouble of investigating each site beforehand” because we all have software that finds keyword appropriate forums for us automatically. I’m currently using Comment Kahuna. Smart marketers add to the value of a discussion by making appropriate comments in appropriate places and they help themselves by helping others. Scattershooters are simply ignorant assholes.

I activated the “captcha” feature a few days ago--requiring registrants to type in a visually presented sequence of characters. It seems to be working well--it’s cut the number of spammers who make it to the “pending” stage (i.e., awaiting a reply to the email) to effectively zero. Yesterday, however, one did make it through all the way to post some spam on the forum. So it’s not 100%.

It’s too early to tell if it will actually reduce the number of spammers that actually get through--the number before was too low to notice a difference in just a few days. But it will reduce my workload of deleting old pending registrations (and will eliminate the bounced emails that tell me that the registration email was not accepted). So I will probably keep the captcha feature in any case.

(FYI, the most ingenious way that I’ve heard of spammers getting around captcha was to set up free porn sites that require a user to enter a captcha form to log on. They then feed the human porn-surfer a captcha string from a site they want to spam, and the human porn-surfer reads the characters and enters the text--sticking an unwitting human porn-surfer into the automated loop to get around the visual obstacle.)

I’ve looked at the Akismet plug-in, but that seems to be primarily for comments to the blog posts (Big List and Harmless Drudge posts). I killed the comment feature a few months back not only because of spam, but also because the non-spam was almost 100% disinformational, people posting half-baked or no-baked theories about etymology or asking questions that were answered in the entry they were commenting on. (I can only recall one comment that actually provided useful information--information I eventually incorporated into the Big List entry itself.) Even discounting spam, the signal-to-noise ratio was extremely low. Plus the total number of comments was not large--it was not a popular feature overall. Unless the plug-in can also help on the discussion forums, I don’t see that it’s worth it to reactivate the comments feature. If there were a low-level of intelligent and active commenting on the Big List and Harmless Drudge posts, I would put up with the effort to deter spammers, but I can’t see doing the work for a feature that isn’t really being used.

Well done, Dave.  Your work is much appreciated.