Comments now checked against EE’s Blacklist.

I discovered that the 1.2 Beta version of ExpressionEngine has added yet another check against comment spam by having the comments submitted cross-reference the same built-in blacklist used to control trackback spam. Comment spam is already a rarity on EE thanks to the multiple prevention methods already in place and this just adds one more test to the mix to keep it to a minimum. It’s not as fancy as Jay Allen’s MT-Blacklist for MovableType, but every little bit helps.

12 thoughts on “Comments now checked against EE’s Blacklist.

  1. I’ve never had any comment spam with EE, even before the new feature you mention.

    However, the referer spam was so bad I had to turn that module off, which is too bad. I found that the referer spam blacklist didn’t really do the job. How about you?

  2. It works, but it requires a lot of attention to do so. A lot of places out there are registering multiple domains with similar keywords and then spamming you with links to individual pages at those links. When EE adds those to the blacklist it includes that extra info pointing to a page which means that any other different links from that site will still get through. I’ve found that if I go into the blacklist and shorten those URLs down to just the root it’ll snag all of them.

    Still, having the blacklist in place doesn’t stop the attempts at referral spam which can eat up a lot of bandwidth. I love having the option to check it, but I’ve considered shutting it off just because it is so much work to maintain properly.

  3. I don’t know why they don’t just block Google from EE comments. No Google rank improvement from comment spam = no comment spam.

    Take a look at Haloscan. Extremely popular free commenting for blogs, but no spam ever. Without any form of spam blocking.

  4. With the whitelist I am quite happy this exists. I’ve been getting hammered with spam from persistent fellows lately.

  5. Frac, not sure what you mean. I can set up the comments to do page rank denial in a fashion similar to what MovableType does in terms of sending you to a temporary redirect page before sending you along to the link, but that never seemed to make a difference when I was running MT in terms of discouraging spam. The spammers don’t seem to care if a particular site is denying page rank or not as they don’t check.

    Etan, don’t need to turn it on. It’s on by default.

  6. All I mean is that since MT doesn’t block the Google spider by default, spammers know that all they need to do is get a link to their site in hundreds of MT blogs and it will improve their pagerank.

    It has to be an all-or-nothing affair. Spammers are used to taking a shotgun approach at everything. Even if you set up your site properly, they know that overall spamming MT comments in general will help them.

    It’s one of the standard tricks of those “$29.99 to increase your site visits” spam utilities.

    It’s the same reason they spam trackback. They don’t care about the content of their ad, or even if anyone ever follows it. They just care that your highly ranked site “links” to their porn site.

  7. Ah, I see. On the one hand I concede your point that it would be more effective to not allow Google to spider your comments, but on the other hand some of the best content on SEB is in the comments so I’d rather that they were spidered by Google. Fortunately the tools in EE for comment spam are robust enough that comment spam isn’t a big problem with this system. Referrer spam can still be a big pain, though.

    Even if MT (or EE for that matter) doesn’t block Google by default it’s not hard for the site owner to set up a robots.txt file to tell Google to buzz off if they want to.

  8. There’s no setting to turn on. It’s new code in the comment module that is processed as standard operating procedure now so it’s always on. It may become a setting you can enable eventually as there’s a bit of code in there that says $blacklist_pass = ‘y’; but at the moment it’s hard coded.

    Also this is in the latest 1.2 Beta from November 8th so if you’re not running that version it may not be present in your system yet. You can check by opening up mod.comment.php and searching for “Spam check – Blacklist/Whitelist.”

    It’s also still beta so it might not be working just yet. grin

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.