***Dave points us to an article on The Register where they interview a blog spammer about why he does what he does. Fair warning: If the topic of blog spammers raises your blood pressure then this article is probably one to avoid. In short, “Sam” says it’s nothing personal and he doesn’t give a damn if it’s considered a moral activity or not:
If you’re affected by this spam, say because you run a blog, or a website, or like the other 99.9 per cent of Net users just come across the stuff, Sam explain the important thing to remember is it’s nothing personal. They’re not targeting you personally. They’re just exploiting a weakness in a system which blossomed just at the time that Google cracked down on the previous method that spammers used, where huge “link farms” of their own web sites pointed circularly to each other to boost each others’ ranking.
But what about the moral question, that you’re using other peoples’ bandwidth and blog space and abusing it by putting your commercial message there? “The question of morals is one for the individual. While it’s legal, it will continue. It could be argued that a website owner is actually inviting content to their site when they allow comments.”
Sam doesn’t think the much ballyhooed “rel=nofollow” solution to the problem developed by Google and being much debated by bloggers everywhere will have much of an impact on the problem.
“I don’t think it’ll have much effect in the short, medium or long term. The search engines caused the problem” – we didn’t quite follow this bit of logic, but Sam continued – “and they’re doing this to placate the community. It won’t work because most blogs and forms are set up with the best intentions, but when people find hard graft has to go into it they’re left to rot. To use this, they’ll all have to be updated. The majority won’t be. And there’ll just be trackback spamming.”
Not that there aren’t ways to make the life of a blog spammer harder:
So what does put a link spammer off? It’s those trusty friends, captchas – tests humans are meant to be able to do but computers can’t, like reading distorted images of letters. “Even user authentication can be automated.” (Unix’s curl command is so wonderfully flexible.)
“The hardest form to spam is that which requires manual authentication such as captchas. Or those where you have to reply to an email, click on a link in it; though that can be automated too. Those where you have to register and click on links, they’re hard as well. And if you change the folder names where things usually reside, that’s a challenge, because you just gather lists of installations’ folder names.”
Yep, captchas are the most effective way of stopping comment spam and my experience since making the switch to EE bears this out. Captchas remain controversial due to the fact that they pose problems for visually impaired surfers who obviously can’t see the captcha to type it in, but the ability to allow folks to register and bypass the captchas as a result helps to offset that problem. Captcha systems are available for other packages as well and in combination with a good blacklisting system can reduce your comment spam considerably.