Comment Spam Attempts

Running any site on the Internet that allows comments is a juggling game, you need to cut down on the spam comments and allow valid ones through, however I noticed what looks like spammers harvesting ColdFusion sites to target with spam.  I noticed the following two search phrases in my website analytics this morning:

inurl:post.cfm "leave a comment"

inurl:post.cfm "Comment and preferences"

What's happening here?  Basically, by doing a Google search using the inurl operator Google only returns results that have post.cfm (in this instance) as part of the URL, and then these spammers are also searching for the exact phrases "leave a comment" or "Comment and preferences."  For the most part these are returning results for my site because Google still has some of my old URLs indexed from when I used Mango Blog.  Regardless of your CMS/blog platform of choice, get some spam filtering up and running.

Options

CFFormProtect

I like CFFormProtect the most, it is a great way to knock out spam comments (completely in my case) without requiring users to enter a Captcha.  CFFormProtect works in a few nice public spam resources like Project Honey Pot and Askimet as well.  Also it is either being built into many ColdFusion applications or already exists as a plugin:

  • Plugins for Mango Blog
  • As of version 5.9.2, BlogCFC has had this built in
  • Mura has also had this built in for some time
  • Add it to your own projects, check out the download on RIAForge

Captcha

After seeing how well CFFormProtect, I get very annoyed at sites that are still requiring me to enter a Captcha to post a comment, they are almost never made to be accessible for persons with visual impairments and some of them are insanely complicated and take an actual human three or four guesses to get correct.  Either way, if you want to go the Captcha route, here are some options:

  • Using built-in cfimage functions, Ben Nadel has a good article to get  you going
  • BlogCFC has had Captcha built-in since 2006
  • Mango also has built-in Captcha using Lyla Captcha, with the option of using ColdFusion 8's Captcha with a plugin
  • Lyla Captcha is also great if you're still using ColdFusion 7 and cannot use 8's cfimage tag

Of course, what you pick and end up using will, as always, depend on exactly what your application is and the effect it has on your end users, but hopefully Captchas are on their way out.

Comments

Ben Nadel

SPAM commenting is the worst. I honestly think some of my spam attacks are done manually. Sometimes, it's so hard to tell. Every now and then, I just have a gut feeling that a comment is SPAM and I have to view the linked URL and see if the target site feels like a SPAM site.

It's really super frustrating.

January 26, 2010, 6:27 PM
John Sieber

I just noticed the inurl:post.cfm "leave a comment" string in my analytics account as well yesterday. My Mango blog is relatively new but gets hammered by spammers. I did not have great success with CFFormProtect by itself but once I enabled Akismet I have yet to have a spam comment make it through.

January 27, 2010, 1:19 PM
Post a Comment
    7. Leave this field empty

Required Field