Simple ways to avoid BlogEngine comment spam

Yes, comment spam is everywhere.  Spammers will never stop trying to find new ways to get their silly links into other peoples blogs.  Even though almost every blog puts the nofollow attribute on the comments, spammers still think that their site will be boosted because of the inbound links.

I recently upgraded to BlogEngine 1.6 on this blog and found that we suddenly were being attacked by 250+ spammers a day trying to get their comments on the blog.  But our existing VistaDB Blog (was running 1.5) didn’t have this problem.  What was the difference?  Was it something new in BE 1.6?  Or was it something we had done on the VistaDB blog differently?

It turns out that spammer target a few phrases they know are used by default in certain blog engines.  They already have code in their bots that know how to fill out the forms on these blogs, so they are looking for the default phrases.

Configure Filters Correctly

First thing is the make sure your Akismet is setup correctly and you have a valid key.  One non-obvious thing is that 1.6 of BE introduced a bug that allows for more comment spam to get through because if the last filter says the comment is OK the comment is allowed.

You can change this behavior by simply moving the AkismetFilter to the bottom.  Drop its priority to 2, leave the StopForumSpam at priority 1.

This is what my settings look like the day I reset the filters and moved their order.

This change alone cut about 60% of the spam that was getting through by simply having Akismet be the last entry.  But you can also do a few more things to through off spammers.

Close Comments After XX days

Make sure you set the option to close the comments after a number of days.  This is important because spammers will go back to really old posts and comment thinking no one will notice.  If you close off the comments you have just totally closed off that attack point on your blog.

Change some spammer search terms

I have verified this through two other sites I setup just for testing this theory.  There are certain phrases that spammers search on that they know usually exist on a BlogEngine blog.  These are usually bot searches, and they walk all the results attempting to post to all of them.

The phrase that spammers hit the most appear to be the Gravatar phrase, and the “notify me when comments” phrase.  We had never used the default phrases on VistaDB because I didn’t start with a template.  I had built my own, and then found the templates.  But if you are using a default template the phrases are all the same.

willShowGravatar

Look in your resources for the willShowGravatar entry.  Change it to something else (we use {0} Support).

notifyOnNewComments

Also change the notifyOnNewComments to a new phrase (we use Email followup comments).

Other places to change

Go through your templates and look at the default phrases that are used over and over.  Replace the Powered by BlogEngine.net to be slightly different and it will throw off spammers.  Change the phrases from things like “I will get back to you”, to “We will return your email”.  Any of the common phrases you see on the site are going to be targeted by the spam bots.

Result of the changes?

The result of the changes on our blog, and on the test sites I setup is that we went from 250+ blog spam comment attempts per day to less than 5.  That is what I call a VERY effective way to just keep the idiot bots away from your site.