Ads Captcha

omment Spam Prevention Techniques

Who and How in Comment Spam

Before talking about how we can prevent comment spam , we should define what is the target and how it is done.
The who or what is any web application that allows free comment for visitors and/or accepts hyperlinks submitted by users, for example -  blogs, forums, wiki, guestbooks and social platform.
Regarding the how, one should know that most of comments spam is done by robots that post thousands of random comments and commercial ads combined with hyperlinks.

Why?

Spammers aim at achieve a higher rank for their site as well as relevant traffic.  Google algorithm evaluates websites statistically by putting them in a higher or lower page rank, according to the amount and quality of their backlinks.

How to prevent comment spam?

Captcha – An example of validation technique
One way is to use technique of validation. Captcha is a test (mostly a distorted text with an image to be deciphered by the user) given to a user before submitting his comment. It verifies the user as a real human being, not a robot spammer.
Yet Captchas are not undefeated as there are weak Captchas that might be cracked by bots.

User Authentification
An alternative for comment spam prevention is “user authentication”. User is asked to set up a username and a password before he is allowed to comment on the site.

Links with no Power
Websites can combat comment spam by disallowing links in posts. A tag Rel=”nofollow” is attributed on the spammer’s comment and Google ignores the link from being pageranked – so basically the goal of achieving higher rank is denied.

Spammers Identification (Project Honey Pot)
Lately a new project named “Project Honey Pot” has started to track comment spam. Thousands of traps are installed all over the net watching what comment spamming is being posted by robots to blogs and forms. The collected data is available for all countries to block comment spammers.

Spam tracking Plugin
Akismet is another solution. It is a plugin that trackbacks all kinds of blogs and forums. If the comment is already known as spam – it’s never published.

What about the future?
No doubt that in the future comment spam prevention techniques will get more sophisticated just as well as new ones will be developed. This is due to the fact that achieving absolute defeat of comment spam is not only an ongoing mission but quite not an easy one also…

I’ve just read an article on online “Network World” by Brad Reed dated 10/01/09 saying that hackers have found a way to crack Facebook’s Captchas and create false accounts. Those accounts are used for spreading spy ware phishing credit cards and other valuable information from innocent users.

Those rogue accounts show a picture of a woman and the moment one clicks on her video profile – it activates the spyware.

Facebook states it’s doing its best to eliminate false accounts ‘though it’s not easy to detect them. As a matter of fact, anyone can bypass Facebook’s Captacha code simply by googling a Youtube video tutorial which shows step by step how to remove facebook’s Captcha’s code.

I guess the nice thing in this story is the fact that Facebook, the great social network, has joined Google, Yahoo and Hotmail – all targets for spammers attack.

Once again it has been proved that captcha should be improved constantly  if it’s into serving as a reliable spam blocker as well as a security system.

You can read more about Facebook Captcha Attack here

As you may already know by now, Captcha is a common approach to prevent access of users that aren’t human to all kinds of websites. The captcha is a kind of test that requires verification of distorted image plus textual content which is deciphered easily by humans but not by computer bots. 
However, it appears that this simple system may also prevent access from a certain group of human being: disabled people such as blind, low-vision, or people who suffer from cognitive problems (dyslexia). Once a low vision user cannot decipher the image displayed on the Captcha, he cannot access the specific website that uses the captcha protection and thus can not open an account, comment on a forum or blog and so on.

To make a long story short - Captcha can tell human and bots apart but cannot recognize human with disabilities who are not bots and fail the test because of their disabilities…

Captcha Alternatives
But do not worry. There other alternatives for Captcha:

One of the alternative methods is a sound test also known as “audio captcha“. It requires the potential user to listen to some sounds which are played on a noisy background, filter the sounds and repeat them. It is a good solution for low vision or blind users, but not for deaf people or users who don’t have a good hearing.

 Other captcha alternatives are as follows:
Spam filtering – software for blogs contain spam filters targeted to delete spam messages. More advanced systems are able to control spam attacks and filter permanently or temporarily spam contents using the IP address of the user.

Heuristic checks – are based upon the user’s data such as requests, pages he has visited, IP address, data entry or signature data and assist in detecting robot users. 

Single sign-on – This system is similar to a passport. It utilizes visual verification. No doubt – it’s highly recommended for people with disabilities.  

Public key infrastructure solutions – This is another alternative solution not used yet but may help low vision users – to use certifications issued by government or other trusted authorities that verify their identities. The disabled user will have to telegraph the site, inform his or her disability and get access to the site’s service.

Biometrics – Another tool, to be used together with the single sign–on system (using D.N.A / fingerprints). Microsoft has already developed a new system of Biometric verification but it will take years until the biometric hardware will penetrate into the market.

 To sum up, Captcha is a good solution, but not for all. When it comes to disabled people with low vision or hearing and other disabilities, one must consider some other security tools and / or software, such as the captcha-alternatives mentioned on this post (spam filters, heuristic checks and so on).

Who needs Captcha protection service?

As a matter of fact – everyone needs captcha!
Whether you are a private navigator with a private e-mail  or an owner of a blog or a forum – if you don’t want others to abuse your platform and / or spam it for their own good, you need protection.

Why do people use spam?

One of the reason for online spamming is the wish to achieve a higher “Search Engine Ranking”, which can be done, among other tactics, like SEO and advertising networks, by getting relevant links to your site.
How can one get more links to his website? Among other, getting additional links can be done by simply inserting messages with your link into other websites that allow it, like forums or blogs.

Why do business marketing use spam?
For the same reason – to achieve a higher ranking as well as better traffic to their business through posting advertisements to mailboxes of innocent users as well as to all kinds of online platform (blogs, forums and social media platforms such as facebook, digg and even flickr).

How is it done?
It should be noted that only a minority of online business uses manual spammers while the majority uses spam robots.
The automatic spamming is done by bots that spider the web for all kinds of  users forms and then post a spam message of advertisement.

Can you protect your e-mail box or website from spammers?
Yes, you can. One of the options is to use Captcha and thus prevent registration of spamming bots to your site, or, if we talk about mail-spamming, to use Hydmail which is a special kind of Captcha programmed for mailbox and cannot be deciphered by spam robots.

Click here to read more about captcha security applications