You might have noticed a lot more comment spam lately, but maybe not. I make an effort to remove spam that made it through the filter, and if I notice a pattern I add IP addresses or keywords to the blacklist.
Comment spam is a frequent problem, and it’s getting more sophisticated all the time.
It’s getting passed the spam filter, and passed the server protections. The spam filter is blocking a lot of spam, and the server a lot of spambots, but it’s not stopping everything. Maybe a lot of the spam is manually entered these days, it’s hard to say.
Most spam includes links, and there’s likely spam, malware, or who knows what behind those links.
The spam comments have been coming in waves. Every day I remove a few spam comments here and there, but every few days I might see dozens or even hundreds of spam comments making it to the site.
It’s getting tiring to have to manually deal with all the spam comments once they’re up.
Here are some options that I would like your feedback on:
1) Manual approval is required unless a comment author has a previously approved comment.
This is a setting I toggled for this morning, so that I have to approve or delete comments by new commenters. I have the same amount of work, but at least spam is hidden from ToolGuyd readers. But, new commentors’ comments are also hidden until I can manually approve them.
This is what I’ve gone with for now.
2) No More Links.
Most spam comments, aside from some very specific ones, have a link they want people to click. They include random normal-sounding text to help make it through the filter, and a spam link at the end.
But not allowing you to post links seems like it will really hurt the discussion and readers’ efforts to help each other. I also learn a lot from your links.
I’d rather not do this if I can help it.
3) Closing Older Posts to Comments.
But what if someone has important feedback about a tool they bought and had been using? Or what if there’s a question?
This setting is helpful when there are severe comment spam attacks, but I’d rather not do this as an everyday measure.
4) Requiring Registration to Leave a Comment.
This is something I’m considering, but I think it would discourage a lot of first-time visitors who have questions or something quick to share.
5) Merging the Comment System with the Forum.
The ToolGuyd Forum isn’t very active yet, and I haven’t used it in the ways I’ve wanted to yet, but the software has been very good at spam control. And it allows for different logon methods.
But I like the simplicity of how things are now, where anyone can leave a comment anonymously.
Why Your Feedback Matters
I like to think I always make the right decisions, but some things directly influence you guys in more ways than others.
Right now only approved commenters’ comments will be immediately visible. I’ll check the approval list a few times during the day to see if there are any legit comments to be manually approved.
I’m thinking this is the best of all the possible ways to stymie the spam right now, but am open to feedback.
Every now and then I bring up the idea of a 3rd party commenting system, and it is collectively decided that it’s not a good idea. So I went with the least impactful way to combat comment spam.
I’ll monitor things. If the comment spam softens up, and it doesn’t look like that’s happening this morning, I’ll turn solution 1) off until the next comment flood hits.
No more links isn’t the end of the world Stuart, people can describe something and you’re generally only a couple keywords away from a productive web search. I think it’s a minor amount of effort. Registration would be my second choice; if a person is too lazy to type in a username and password that person is probably too lazy to contribute much of value.
Yep…. no links. If someone wants to share a specific item, it’s easy enough to provide specific keywords that a search will lead someone directly to the item.
No more links – would not be the end of the world – but not as convenient.
I typically securitize links before I click on them – and don’t click if they seem dubious but I’d be OK with asking comments to say something like:
Search Amazon for …
Or – Lookup XYX Corp Part # ABC
Or – look for UPC # …
Or they could say that they posted links Community Forum site.
I wish I could securitize – the spell checker must have fixed my bad spelling of “scrutinize”
Registration, all for it. Links could be set to not link but just appear as text . You could still copy and paste. Or highlight and select open link.
I really don’t like the no-more-links option. Many of the discussions here contain links to other, similar tools that I’d never have known about.
I don’t have much objection to merging the comments with the forum. Perhaps automatically create a new forum thread for each new blog entry (and maybe include a link to the thread in the blog entry). A number of blogs do something similar. The XKCD webcomic and the Phoronix Linux blog come to mind.
I don’t think it’s too much trouble for someone to register to be able to post a comment. It should be pretty much expected procedure these days.
I prefer the option you have chosen, but I do know that it is going to add a lot of extra work to you and I thank you for it.
The extra work will only increase as your site becomes more popular and will at some point likely become less feasible. I really like links being included and would hate to see them go. I guess you can try each one for a period of time to see how they work. I am sure that most of your readers would not mind the inconvenience if it is allowing you to collect some data before you make a final decision.
I think having links is very useful, especially for cases of “hey look at this new tool/great price on a tool” situations. I would be sad if that feature was disabled.
I think approving comments/commenters is the best solution for the readers, although it might be a pain for you.
I think enacting options 2-5 would be a loss to users of the site.
Well said. Only you can weigh the trade off between work for you and benefit for readers, but I do appreciate links from others, and the possibility to include them myself. I also appreciate your asking.
I have to agree with others, the no-link option is the least offending. People can still post modified URLs that are not live so it really is not an issue. If you switch to a registration, I would suggest Discus as many already have accounts there.
maybe try switching to Discourse? Its free if you host it yourself…
That’s what I use for the ToolGuyd Forum: https://discuss.toolguyd.com/ .
Would probably be pretty easy to integrate then IMO. I don’t know how the new data would integrate with the existing data but hopefully it would just be a new comment thread for each post?
Sorry managing the spam has been a lot of work for you, heres my thoughts on the options.
1) Manual approval is required unless a comment author has a previously approved comment.
This seems like a good first step, people that are unaware may try to repost since they didnt see their comment appear right away. Is it possible for you to designate some mods to help you approve?
2) No More Links.
Dont think its a big deal, I have never included a link in a comment and dont remember ever clicking on a link someone else included.
3) Closing Older Posts to Comments.
Would be ok, but whats the timeframe, maybe close posts after a month. Once in a while I go back through old posts.
4) Requiring Registration to Leave a Comment.
This wouldn’t solve it 100%, the post approval process would be as effective. What I like best about comments on some other sites is when they let you log in using google/yahoo/etc account.
5) Merging the Comment System with the Forum.
I like the comments on the post/article, would it change with this option?
It’s my understanding that using the forum software for blog comments would result in comments appearing in both places.
Or, if I use a third party service, such as Discus, it would just display here.
I haven’t used Discus much but I enjoyed using Discourse. Both of these comment moderation systems seem to help reduce spam with self policing as people downvote spammy posts.
Links should only be available to people approved on the forum or, made 50 approved comments.
Links could have a random challenge question that only devout readers would know.
American slang is extremely difficult to learn which could help with foreign spam bots, and spam factories using people to manually spam. So a challenge question like showing a pair of diagonal cutters but the correct answer is dykes to post comments with links.
Locking older post down unless the poster has 50 approved comments.
Give readers with more than 100 comments to ability to flag.
Break the links so user has to manually copy and paste.
Just some ideas.
P.S. Thanks for keeping Toolguyd streamlined and free of spam, I know it’s a full time job. I think serous readers would not mind an extra step to keep Toolguyd clean and free of spam.
That’s hard to do, if not impossible.
I figure that the approval is done by checking new commentors’ email addresses with the database.
That’s additional overhead and might prove to be a problem in the future. It’ll better for me to block spam entirely.
Anyway, some commenters change email addresses all the time, either as a joke or for some unknown reason I have yet to guess.
The ToolGuyd comment system is very simple – it’s the default WordPress system that’s been around for a long time now.
The spam filter is constantly evolving, and so is the spambot protection, but the way the comment system was built, I can’t do things like set custom approvals based on post age or a commenter’s comment count.
Sometimes comments to older posts come from new visitors, and so it would be unfair to lock out their comments. If I lock out older posts to comments, it would make more sense for it to be universal. Maybe then there could be a “comments are closed, please email us if you have a question,” but I am already unable to respond to everyone that writes.
Using the forum software for blog comments allows for a lot of customizations, but can be limiting, and can make things more difficult to manage.
Thanks! I try to act quickly on spam, but something has changed in recent weeks and it’s become harder to do so. Somehow big batches of spam are making it through all the filters.
First, I love the site and the content. It sucks that you have to waste time fighting spam that could be spent doing other things.
From my personal perspective, (and I understand it might not be the same for everyone):
Manual approval – sure that’s fine with me
Links I love being able to follow links, I’d hate to see it go
Closing old posts – sure why not (with the occasional exception I’m sure)
Require registration – sure
Merge with forum – I’m not crazy about having to go to another page for comments. And when I tried to register previously for the forum I had an issue and chose not to try to dig into it further. For me forums can become time sinks and I try to keep my forum time to a minimum and focus on the main webpage content instead.
Again, just my two cents, I am sure everyone has different preferences. And I will be happy with whatever keeps Toolguyd going.
Allowing (semi) anonymous comments would probably be a good thing if you’re trying to grow your site organically. I wonder if something as simple as a captcha code could be implemented to at least make sure a human is on the other end of the screen/keyboard?
What you’re currently doing isn’t a sustainable solution. The other options each have their drawbacks in terms of usability, site growth, management effort, etc. putting up one extra road block at the point that the post is created seems like it would stop most of this.
My first thought before I finished your post was “No more links” but I have posted and clicked on links from others. It’s not the end of the world if it’s not there, but it can be nice.
When I realized that, again before finishing the post, my thought was require registration. It may discourage some new posters, but I think we are talking a minor amount of what would have been posted.
If you aren’t dead set on having the comments on your site, third party systems might be the best option.
Captchas to post wouldn’t be a burden, and might cut down on the problem.
I was about to suggest looking into CAPTCHAs as well.
I hate Captchas.
Agreed, they’re also not actually very secure. Most of the popular ones have been broken, and spammers are sending more real people now.
I think I’ve seen registration floated around, and that’s probably another headache in itself, but maybe captcha for unregistered users?
even nocaptcha recaptcha?
the ones that consist of basically checking a box, and maybe selecting a few pictures of food or sailboats or whatever?
I think everyone hates the illegible original captcha with the warped text and random lines…
I don’t really see a usability difference between registration, manual approval, and no more links. I include no more links here because Chrome (and probably other browsers) include the ability to highlight a URL in text and then jump to that URL, even though it’s not an actual link.
Merging with the forum sounds interesting because I find most commenting systems useless for following ongoing discussions since they provide no means of identifying new comments. Maybe I’m overlooking something, but I rarely revisit posts because of this.
I’m sure you’re well familiar with what an evolving problem combatting spam is. Remember the days when a blacklist was actually an effective approach? lol. I assume you’re using Akismet? That would be my first choice in a line of defense.
An open form, such as your comment form, is just inviting trouble. It’s so easy to send spam in — especially when the format and destination is known — wp-comments-post.php. Blocking links will catch more of the spam (at least for a while, until the spammers get wise and decide to just post keywords, I’m sure) but it’s obviously less desirable for the legitimate commenters.
There are a few other avenues you should chase down, too. I’m not particularly familiar with WordPress, but these are things I’d consider for other CMSs where the owner doesn’t want to move to 3rd-party commenting engines:
* Rename wp-comments-post.php. That’s the file name that spammers expect, so they don’t even have to modify their bot to spam you. The bot doesn’t even have to visit a page to flood you with spam. They just try submitting to post ID 1, 2, 3, … 6789, 6790, 6791, … and on and on until they have success. Too easy.
The best bots and manual spammers will scroll the page, however, see the form, and then they can manually spam you or find the comment post script URL and go back to automatically spamming you — the problem you have now. But, you’ve made it much harder for them at this point and that will certainly cut down on spam.
* I would next consider adding a Turing test of some sort to the comment form: include an additional field with simple directions: “type `toolguyd` to show you’re human.” The commenting system needs to know to check for this, of course, but it will also work as another way to help verify the commenter is legitimate.
The idea of a Turing test can be expanded to be more effective, too: perhaps have different direction on different days of the week, for example, or for the different categories you post to. So, today, I have to type `toolguyd` but tomorrow I have to type `pliers` and next week I have to type `drill`. By keeping the requirement changing you are also preventing the spammers from automating their submissions to the site.
You didn’t mention a captcha, and I don’t like them, but it’s an option. I would much prefer registration to a captcha, FWIW.
In the end, I think you’ll notice that most sites require registration and/or use a third party commenting system. There are a variety of reasons for this, but thinking about spam it’s easy to see why they are so popular: it eliminates non-authenticated spam completely.
In addition to thinking about how you handle the spammers flooding the site and the work it requires of you, also think about the server resources. You are effectively paying for the server to process that spam and decide not to publish it! If those waves of spam are big you’ve probably seen some server strain, too. Finding ways to eliminate the need to process it is much better than finding ways to hide it, from a server resource perspective.
Is there the option for Facebook one click registration? That way people who aren’t going to go through the whole registration process and just use a click or two and be able to sign in.
Not natively, no.
The ToolGuyd Forum allows for Google login, and I can enable Twitter, Facebook, Yahoo, and some other social logins with some work.
I think the approval system is the most effective and equitable in the near term, but also recognize that’s a big time-sink for you. Removing links might help, but you’ll probably still get the same spammers posting the text-links, this has been a consistent issue over on Tested.com for years. I also enjoy having access to links in comments.
Keeping the comment system open and easy to use is a really nice benefit. I hate most 3rd-party services like Disqus.
Merging the Comment and Forums probably won’t stop the real-person spammers that are increasingly common.
Have you considered hiring some form of comment moderators? Not a full-time gig of course, but perhaps on something like elance (or a motivated reader), hire someone to check in on the site 2-3 times a day, like you’re doing now. This of course would require that the permissions for spam/comment moderation be separable from any larger site permissions. Since you’re running WordPress, I believe there are some good granular-permission plugins out there.
Something has definitely be weird lately.
Despite some of your comments being approved previously, the system automatically flagged this comment as spam! I wouldn’t have caught this if I wasn’t in the spam filtered list looking for a trend.
I cannot open up comment moderation to outside parties since it requires very high site-wide privileges to do so.
I changed my email address associated with this name a few weeks ago, so that might have tripped it up. Though I believe I have posted a couple comments on the new email.
Software permissions are so often a problem. I say this as a web developer.
There are certain types of spam that it seems will never be caught by automatic scripts. Disqus is a little better, but you’ll still see some of those spammy posts on sites that use it. They have realized they can just hire sweatshop workers to create accounts and bypass nearly all security/filters.
Number 1 seems to be the best option but it seems like a lot of work on your part. Maybe disabling links is the better option from your standpoint but that does impact discussion. I hate to say it but I don’t particularly like the forum, I am a member but I’m just not a fan of the software. I also never remember to check the forum, the button with the link to the forum is normally where ads are so I don’t look in that area very often.
Not sure what systems you’ve tried for blocking spam, but this WP plugin is very highly rated: https://wordpress.org/plugins/stop-spam-comments/
I’ll take a closer look, thanks. A first look at the plugin code shows that it might work on the Unicode sorting that Hang Fire is talking about.
I hope it helps. I greatly appreciate the time and effort you put into the site. It’s my go-to for my tool fix, and I respect it much more than the sites that are clearly in the pocket of their advertisers (which is a lot of them!).
For pure automated rejections, detect and reject foreign character sets and characters outside basic UTF-8 English characters. Much comment spam involves text art outside of basic characters, numbers and punctuation, and if it doesn’t have text art, it often has foreign characters from the cut-n-paste composition process done on foreign PC’s.
You could review rejections weekly, and white-list any users making honest attempts from non-English equipment users.
On links, spam is all about links, so…
First, white-list your current loyal readers’ email addresses, so we can continue to share links.
Next, limit links from new users to matches on a white-list of base URL’s, such as Amazon, sears.com, all common tool vendors and manufacturers, etc. All other links would be subject to manual review while you build-out the white list further. Eventually eliminate the manual review process, and automate adding to the URL whitelist by scraping your white-listed trusted user’s posts.
There are no weird characters in a majority of comments. Looking through the spam list, they’re all in english, with text that’s seemingly machine-written to pass as unique human-written prose.
I think this has also been a problem lately since the spam filter has started filtering out real comments. This happened 3 times now. Once to Benjamen, once to a new commenter who had lots of good things to say, and just now I saw a real comment in the spam filter.
With thousands of filtered out comments each day, I can no longer check for false positives.
I’ll consider whitelisting link URLs, but there might be no way to do so easily. By default, there is a moderation list, and a blacklist.
Sounds like you’re getting targeted by a different group then what I’ve dealt with. Is there any common country of origin to sets of comments?
Yet another scheme: require the commentor to give his email address. Have the system email the comment back to the user for confirmation. Don’t post the comment until the confirmation reply is received by you. This can be automated at your end and provides an opportunity to block commentors individually by email address. With this the commentor also knows that his comment has been received even though it doesn’t post immediately.
I don’t think the dedicated reader you want would mind registration.
Links are useful to me because the Amazon price pop up at the bottom works with the comments too.
Merging with the forum is fine as long as we don’t have to go to a separate page to read comments
Out of the options, I like the option
1) Manual approval is required unless a comment author has a previously approved comment.
Option 4 also makes sense, but when I was new to this site, I liked that I didn’t have to register to post.
The option I like the least is 2) No More Links. I find the links in the comments very helpful.
You’ve made excellent decisions that we are all aware of so far. And as I basically only use the iOS platform (aka iPhone) for my Toolguyd addiction I’ve see nothing bad here. Nothing.
That said I also cannot post links through my iOS use. So I can’t even help with ideas or real links as the desktop crowd can. Darn.
Either way you’ve done splendidly.
End of gushing.
If generating relevant user content is your goa., make it the easiest as possible on the user.
Several weeks ago, I created and attempted to post a long quality post that contained two links. After the initial post failed to post, I recreated the entire post, thinking I had done something wrong. The second post also failed to post. Reading this post, it was probably due to a filtered link.
As a 100% direct result, with the exception of this post, I will not post. That experience was enough to finish my contributions. Adding additional constraints will only contribute to more users limiting their posts.
I know, the tech savy crowd will use terms like ‘lazy’ and ‘it’s easy’, but I do not have the time for it.
I use Amazon Prime because it is EASY. Want my feedback, make it EASY.
I don’t see anything currently in the spam filter.
If it was a “404 page not found” error, that’s something else entirely, and it’s still unresolved. It happens every now and then, and happened again to me today.
I had a long comment, and it was being blocked. I entered the first half of the comment, and it was being blocked. I entered the second half of the comment, and it went through. I entered the first part manually in an edit, but Admin privileges are required to edit comments.
2 links pass automatically, 3 go to moderation.
I don’t see anything in my inbox, approved comments, or spam comments with multiple links that are tied to your email. So either it was longer than the spam filter retains comments before automatic purging (15 days) or it was blocked by a different server protocol.
I can’t fix a block like this unless I know about it.
Jim you pay for Amazon Prime, you are getting Toolguyd for free. That is not a fair comparison.
ToolGuyd is amazingly EASY to post on. Try to find any other useful site this size that doesn’t impose more drastic measures to make a comment.
I’m sorry you lost your comment. I really am. I value the comments I get back on my posts highly (and I know Stuart does too) because ToolGuyd has a really informed and diverse audience that many times teach me more than all of the research I put into a post.
In Chrome, if I have a browser snafu and something isn’t submitted properly in a text form, I can usually go back with the back button and the text of the comment will still be there. Then I copy that text into a text editor and try resubmitting. If that doesn’t work, I wait until a different time and submit it later…that usually works.
Posting problems are affecting everybody, even me when I’m logged into the site. I don’t have to provide any credentials and my comments should be automatically posted, but this week one of them ended up in the spam box. There is obviously something very wrong going on. This means that even if Stuart allows commenters to login to the site it’s not guaranteed the comments won’t go into the spam box.
I’ve learned to always copy my post before submitting because things can always go wrong and when they do I can simply paste my comment back and try again.
Keep in mind I know next to zero about computers, BUT doesn’t tool guyd benefit from clicking on Amazon links through your site? Isn’t there a little kickback to you? If so, I’d hate for you to lose that.
Maybe there is a way to “green light” only links that go to specified sites? I have used your site to get directly to specific products on Amazon, Zoro, MSC, McMaster-Carr, etc…. Maybe there is a way to only allow links to approved sites like these?
No idea if such a thing is possible. Thanks a million for keeping this site as clean and friendly as it is!
Yes, but not from reader’s comments.
Sometimes I truncate readers’ Amazon links to ensure they don’t break the comments column and to make them look neater (Amazon inserts a lot of tracking code into link after the essential parts). The mobile pop-over Amazon thing might monetize readers’ links, I’m not sure, but I’m keeping it up for convenience and because readers have said it’s handy.
It might be possible to setup a whitelist for URLs, but it would require modification of the site’s core infrastructure. I’m okay modifying things with plugins, but this is one part of the commenting structure that’s not really meant to be tinkered with.
I searched, and there doesn’t seem to be a pre-existing URL whitelist solution.
First I want to thank you and those honest commentators who keep the site full of useful information. I don’t think a no-links policy, registration and Captchas (I don’t like them either, but they are a necessary evil) are so onerous as to drive readers away. Whatever it takes to keep the site up and for you to keep your sanity.
I don’t mind registration. Links have been very useful to me so my vote is to keep them. Perhaps registration and minimum number of comments before posting links? I don’t know if that works.
The only other forum I follow has registration requirement and have a rotating set moderators that keep an eye on the forum to keep out spam and keep the forum civilized (just like this one). Perhaps some regular contributors with time allowance can help out and moderate? I don’t know if that is possible with your setup.
even if you can’t link, one should be able to say the main site name, and what to look for. (highlight, right click, search google).
I’d like to know the actual amount of click thru’s they get with all the posting do for crap that is not related to the site posted on.
Maybe use Captcha for links? It would require links to be a separate part of the process, but it wouldn’t impact comments.
I’d go with a modified version. Previous commenters are automatically approved.
Manual approval for first comment.
I would be okay with “Sign up if you want to add links.”
I despise Captcha (and it has been shown not to work).
There’s a new “click this box if you’re not a robot” Captcha alternative, but I’d avoid it if I can.
Previous commenters should not be automatically approved, since some known email addresses can be used for spam. Some of these email addresses are gibberish, others look like they might have come from a store breach.
Random info, if anyone’s interested.
Earlier today there was a weird occurrence – I saw the same weird long gibberish name used in a dozen or two spam comments. So I added that name to the blacklist.
There have been 5,220 spam comments from them since this morning.
If I hadn’t been proactive about 1) requiring approval for first-time commenters, and 2) adding that name to the blacklist, I’d be sorting through 5,200 comment notifications in my inbox, and I’d be in the server backend trying to remove all those comments from the database. Maybe some would have been properly flagged as spam? But the first one or two dozen made it through the filter and into the manual approval queue.
I hate spammers.
Maybe the gibberish messages are actually aliens from another dimension or planet trying desperately to communicate with us and their technology isn’t perfect enough to translate properly. You could be blocking the next world changing breakthrough.
Or it could just be bots. Man, I hate spammers. Spammers and trolls take the fun out of the internet.
Keep fighting the good fight.
If that is true, I guess the aliens are asking why European tools are not available at reasonable prices on their home planet, and if Amazon.de delivers to there.
Keep up the good work indeed.
Sounds like a bot. As I wrote, the best thing to do is to stop them before they can even find a URL to post to. If they can’t find the comment post URL, they can’t submit the spam!
I don’t know if it’s related, but I’ve received some spam emails as text messages on my cel phone over the past few days – and this is the first time since I had the number for over a decade that I’ve received spam as text messages from email addresses.
It might be there is some big push of spam email going on, or a new player in the business is making inroads by spamming people and places that haven’t been affected this way before.
Stuart, sorry to hear about the spam issues. I am only recently commenting here on any sort of regular basis but will readily admit that not having to go through yet another login procedure was a big draw. However, I get it that stuff has to be held in check.
As for closing older posts I don’t know if it would hurt or help. I think many guys will just start a new thread anyway if it has been a good while since they actually posted or read an article.
As for forum use, I have posted there a time or three now and kind of like the simplicity. So integration may be the way to go.
Links. Always the biggest issue to deal with. If you have to disable them in the front page comments then so be it. It may actually drive people into the forums.
1# seems to be the one that you prefer as you are already doing it. I would go that way.
Thanks for all the work you are doing, Stuart. I like being able to follow links from the comments, but if not allowing links is an easy way to fix the spamming and reduce the amount of work you have to do, I would not have a problem with that. Integration of the forum also sounded interesting, but I do like the simplicity of the current system.
How about a one-time, 10 cent fee (through PayPal?) for posting links.
That might encourage more spam, and self-promotion spam.
Stuart, I had noticed lately there has been a lot of spam posts that were quickly removed and thought that must be a lot of work for you to remove indeed!
I cannot offer any technical solutions but as I value this site I am happy to go along with any decision you make.
I have in the past posted links to tools and have used links others have posted but if restricting links solves the problem then so be it. We always have the option of eg; “Google (brand/model/suggested site) etc. A little more work for posters and readers alike but better than you having to waste hours manually removing posts.
I too like the simplicity of the current format and it would be a shame to have to change it due to the actions of a few idiots but if need be, so be it.
I don’t mind to use a capcha, email verification or whatever is usefull to keep things going.
Love the links, but they are not essencials.
I always read your post and ALL the comment sections. If it changes i would do it anyways because of the content, not the form.
Your choices are always planned very carefully, so i don´t thik you´re going to be wrong…
Not being able to post links would be a serious handicap. I can imagine when holidays and events come and everyone is posting links to deals and specials, not being able to do so would be undesirable.
I have no problem signing up for an account, I already go through the similar process when I click to receive replies and approve them from email. One step to just register once, verify I’m not a robot, and go on from there once my account is approved.
You may also consider making registrants ops or moderators to help weed out the obvious spammers on your behalf.
Manual approval on comments is an easy fix, it will also help to prevent any harassment, trolling etc. that may occur. It will require admins logging in more often to approve comments, but you are on quite often anyway.
Also, some of the posters have given some good advice regarding plugins you can try, and that might be worth a look.
I do like how easy you make it to comment. It’s a shame that by creating an easy way for users to interact that you’ve attracted so much spam.
Banning links will limit discussion, but could prove necessary, especially if it’s leading your users to malware.
Unfortunately, there isn’t really a fix that won’t inhibit commenting, and discussion in some way, but setting a standard that prioritizes helpful comments, and user safety is the way to go.
You’ve got a great site here, keep up the good work.
I would be OK with registration, and then a 24 hour delay before commenting is permitted. The value of this site is in the frequency of it’s updates, so those first time users will be back.
Keep links. Add a captcha? Close >1 year old posts.
Capcha’s not a bad idea, really. Even if only as a temporary measure to discourage the spammers until they go away for good.
How about adding an option on each post to report it as spam/inappropriate? It might not be supported but it’s a good option to use if available, not just for spam but also to prevent other questionable/objectionable content from being on the site. Even better if the content is temporarily hidden from public view until it can be reviewed and either removed or allowed. This is bad if it gets abused and regular posts are constantly reported, but there are ways to deal with that, too.
I would say the best way to make it easy on yourself is to leverage all the sites users, who will surely report spam posts if there’s an option to.
As for a short-term fix, sometimes if you take actions like completely removing the ability to post links for a few weeks, that gets the offending bots to avoid posting on the site anymore – provided that attempting to post a link requires you to edit your post and remove the link, not just that the post shows up but the URL doesn’t create a hyperlink.
Same thing with human spammers – when they can’t post what they copy and paste without editing it, it eats up too much time and they just move on to another site. When enough people from a spam operation can’t post their spam with a link, the site will eventually be removed from the list of targets.
Is it possible modify option 1 to limit the manual approval only to posts with links? That might reduce the ammount of work a bit if the spam posts are mostly the ones with links.
Manual approval should be fine. The work will lessen as you approve more of the regulars to where it’s just a few new people and then mostly spam.
Assuming you have a way to just mass delete ones you don’t want to approve?
I would be sad if links go away.
The biggest reason I started using this site in the beginning was the ease of posting without having to register. If I would have tried to post and it called for registration, I would have been turned away. It is a rare thing to be able to post so easily on the internet today and personally I love it.
The spam is a bummer but I guess something to consider is what percentage of the posts are first timers vs. re-posters. If 90 percent of posts are from first time posters then maybe approving all is not a good idea for your time’s sake.
Good luck and thank you for keeping us all in mind.
Putting my vote in to NOT require a login to post comments – that’s one of the things I like about this website – not needing to login. Thanks! Good luck!
I agree with Joren about no login but I like the site so much I’d give in if I had to! So with that I’d give my vote to some kind of combination of #1 and #5 if possible.
Don’t make registration required. People like me with fake credentials won’t be able to spread our wit and insight without considerably more work.
wit seems to be unappreciated on this topic.
The only thing that concerned me was mention of tying into FB or other social media. Some of us just want to talk tools. FB is taking over the world. Beyond that, do what you must.
#4 register for comments
I’d prefer to use option 4 where they must register before being able to comment. If someone has a comment they really care about then registration is no big deal. I’ve been a moderator on blog sites and when these spam attacks hit they can really eat up your time. Websites with lots of active legitimate posting and few moderators can cause the moderators a lot of frustration and can even take the enjoyment out of work you used to love.
I’m curious about adding one more layer of protection to the method you already use. Users already have to enter their name and email, why not add one of those whacky word generators (not the actual title) that users have to type out and bots have trouble identifying?