Eron C. left a comment in response to my post Sorry,
No Trackbacks Today pointing
me to Google’s
answer to stopping comment spam. Basically, Google says to automatically
add the attribute rel="nofollow" to any link automatically generated from a URL
entered by a reader (usually through a comment or a trackback). I like this approach,
and I’m glad to see that Google stepped up so quickly and confidentially. The idea
is not to stop the spam itself (as I’ve been trying to do), but to stop its effectiveness
— basically, to remove the incentive.
I’d seen this post on the Google Blog a while back, but
when I followed Eron’s link are re-read the post, I found it had been updated
to include an additional 16 blogging applications that now support Google’s recommendation
for a total of 26 (probably more at this point). Of course, now other search engines
have to sign on, as well. I know it’s hard to believe, but there are actually other
search engines besides Google out there, and according to my access logs, a few
people even use them.
Anyway, I will be implementing Google’s recommended change in the near future,
and I’m wondering how many others have implemented it, as well. I’m speaking specifically
of those who host their own blogging software, and either need to hack the code,
or update to a new version. Also, has anyone heard of other search engines supporting
Macromedia weblogs get spammed like you wouldn’t believe. Or if you have a high profile weblog yourself, you actually might believe it. We have several mechanisms in place to prevent spamming (while still making the weblogs easy and friendly to use), but it’s turning into a ridiculous game of cat and mouse where as soon as we patch an opening, spammers start looking for another. We will be putting some pretty heavy duty protection in place in the coming months, but for now, the game continues.
This morning, one of the biggest spam attacks I’ve ever seen was launched against our weblog servers. I refer to it as an “attack” because in addition to leaving huge amounts of spam (which is promptly deleted, so it does the spammers and their clients no good whatsoever), it also serves as a denial of service attack which sets off all kinds of alarms. Anyway, this morning’s attack was bad. It was a sustained and relentless trackback spam attack, so I finally just ended up denying access to the trackback CGI script at the Apache level which ended it instantly. A few minutes later, all the spam was delete, and it was like it never happened. But there won’t be any trackbacks for the rest of the day, and perhaps for the next couple of weeks while I work out a better long-term solution.
A word of advice, not to the spammers out there, but to the people who hire them. At least with Macromedia weblogs, you’re wasting your money. Google’s ranking algorithms take into account the ranking of the sites which link to the site being ranked which means it makes the most sense to spam weblogs with high rankings. The problem is that the higher a site is ranked, the more likely that site is to have anti-spam measures in place, so even when the spam gets through (which is a miniscule percentage of the spam attempts), at least with Macromedia weblogs, it’s promptly deleted. In other words, you’re paying for links that only exist for a few minutes at most — not nearly long enough for them to affect your ranking. So rather than paying for spam, you might consider putting that money into actually creating a decent site that people would actually want to link to.
I’m not naive enough to think I’ll actually change anyone’s mind with this post, however, so the spam game continues.
I’m playing catch-up with email and weblogs right now, but in case you hadn’t
heard, Sys-Con publishing is giving out free
weblogs. I haven’t tried their interface,
Horwith has, and he seems impressed. If you have something interesting to
add to the software development blogosphere, go
have a look.