Lynn Serafinn shares 5 practical strategies to protect your blog from SPAM, and send a message to spammers that spamming is both illegal and unprofitable.
Last week, in ‘Invasion of the Blog Snatchers’ Part 1, we looked at how to recognise SPAM on your blog. Then, in Part 2, we looked at what I called ‘The Mythology of SPAM’, where I explained the mistaken rationale spammers have, and why SPAM simply doesn’t work as a web marketing strategy.
Today in Part 3, we’re going to look at 5 practical and assertive strategies to take against blog SPAM. While I’m fairly certain that most experienced bloggers will be familiar with the first two strategies, I believe adding steps 3, 4 and 5 to our practice can help send a collective message to spammers that we will not tolerate the ‘Deadly Sin of Invasion’ on our blogs.
Before we begin, I want to apologise to bloggers out there who use platforms other than WordPress. I know these first 2 tips are catered to WordPress users, but please be assured this is only because that is the platform I know and use. In no way is it meant to be a commentary on
the merits of one blogging platform over another. In fact, if any of you reading happen to use Blogger or Blogspot, and you know some great anti-spam tips, please share them in the comments below.
STEP 1: Set WordPress Discussion Settings
On your WordPress dashboard, go to ‘Settings’, and then ‘Discussion’ and make sure that the following boxes are checked:
- Comment author must fill out name and e-mail
- Email me whenever anyone posts a comment
- Email me whenever a comment is held for moderation
Then, if you’re a new blogger, I also recommend checking the box that says ‘An administrator must always approve the comment’. This requires more time and attention, but it’s the best protection for your site.
Later, if you feel confident about your ability to discern genuine comments from SPAM (and you also have confidence in your regular readers), you can select ‘Comment author must have a previously approved comment’. That way, any comments posted by your loyal blog fans will be automatically approved without the need for you to approve them. Of course, you can remove them later if they turn out to be inappropriate.
STEP 2: Set Up Akismet
The Akismet plugin is a vital ‘must have’ for any WordPress blogger. In fact, it’s so vital that it is already included with your WordPress installation. Akismet is a VERY accurate ‘SPAM catcher’ that will capture and quarantine just about every SPAM comment that will ever hit your site. In fact, it’s so good at what it does–and requires almost no work at your end–that it is often the only anti-spam strategy many WordPress bloggers use.
NOTE: Akismet used to be a free programme. It now has different pricing plans according to whether or not your blog is used for particular purposes.
Although already installed, you will need to activate the plugin before it will work. I recommend doing this as SOON as your WordPress blog is online. To activate Akismet, you’ll need to go to WordPress.com (not .org) to get an ‘API key’. ‘API’ stand for ‘application programming interface‘. It is a technical protocol that allows two pieces of software to communicate with each other. Don’t get hung up on the technical jargon; all you need to do is get an API key. This ‘key’ is essentially a complex password that tells WordPress that it’s ok to run Akismet on your site. Never share this key with anyone other than your webmaster.
When setting up Akismet, I recommend checking the boxes that say:
- Auto-delete spam submitted on posts more than a month old.
- Show the number of comments you’ve approved beside each comment author.
When Akismet detects SPAM, it puts them in a special SPAM folder inside your comments folder. Most people I ask tend to delete them all without reviewing them, but there is good reason to look them over first. First off, because a stray ‘legitimate’ comment might have found its way into the SPAM folder (although this hardly EVER happens). But more than that, if you take a few minutes to go through the IP addresses of the spammers, you can actually block them from having access to your site…which takes us to STEP 3.
STEP 3: Block Spammer IP Addresses
If you look at the comments being held in your SPAM folder, you will see an IP address. ‘IP’ stands for ‘Internet Protocol’. An IP address is a unique string of numbers separated by decimal points that identifies a specific computer attached to the Internet.
Every IP address is comprised of 4 SETS of numbers, each set being 1 to 3 digits in length. Each set is separated by a decimal point. For example they could look something like this:
12 . 123 . 67 . 0
1 . 0 . 255 . 78
111 . 220 . 34. 255
NOTE: In an actual IP address, there are NO spaces between the numbers and the decimal points; I’ve only put them in here so you can see the groupings of the numbers more easily on your computer screen.
TIP: If you’d like to see your own IP address, just type in the words ‘What is my IP address?’ in a Google search, and it will appear on your screen. Cool, huh?
Sometimes, you’ll notice that the same IP address has put more than one comment on your site. They’re counting on the fact that, if you approve ONE of their SPAM comments, the others will automatically get approved as per the WordPress discussion settings. That’s why, if you don’t know what you’re doing yet, I recommend manually approving ALL comments, even if you have Akismet installed and configured. Otherwise, if you don’t log into your site very often and you’ve accidentally approved one of these spammers, you might find your site flooded with SPAM the next time you log in.
Which is why it’s a good idea to BLOCK all spammer IPs from accessing your website. There are several ways to do this, but here are the two easiest, safest and most effective I’ve used:
Method 1: Comments Blacklist
In your WordPress dashboard, go to ‘Settings > Discussion’. Scroll down to the bottom and you’ll see a big box labelled ‘Comments Blacklist’. Simply copy and paste the IP addresses of spammers into this box (one IP per line) and save the settings.
There are several WordPress plugins that also perform this function. With the exception of one I saw where you can upload IP addresses via CSV file, I’m not sure they have any particular advantage over the default feature in WordPress.
PLEASE NOTE that putting an IP address in the ‘Comments Blacklist’ does NOT block spammers from accessing your site, but it WILL ensure that any comments they make are automatically placed in the SPAM folder.
Method 2: IP Deny Manager
If you want to BLOCK specific IP addresses from having access to your site altogether, I recommend using a different method called ‘IP Deny Manager’. Another advantage of using IP Deny Manager over the Comments Blacklist is that it blocks these IP addresses from ALL your sites hosted through that provider (HostGator, GoDaddy, BlueHost, etc).
Here’s how to do it:
- Log into your CPanel
- Scroll down to the ‘Security’ section
- Look for a feature called ‘IP Deny Manager’ and click it to open it.
- When the programme opens, paste in the IP addresses of any spammers you wish to block from accessing your site:
TIP: If you go to http://whois.com and enter in the IP address of the spammer, you might also find that it is part of a range of IP addresses. In fact, you might even notice that some of the other SPAM comments on your site are within that range (because they’re coming from the same spamming operation). If you wish, you can copy and paste this entire IP range into IP Deny Manager and EVERY IP address within that range will be blocked. The range will look something like this (note the dash between the two sets of numbers):
NOTE: The above range includes IP addresses of some reported spammers from China. However, bear in mind this range contains up to 16 million IP addresses. Blocking the range means you are blocking ALL 16 million computers in that IP range, even if they are not spammers.
That said, I have noticed a significant reduction in SPAM comments since blocking IP ranges of known spammers. This is because spammers often operate within a block of IP addresses, frequently changing their IP within that range. Before I started using this strategy, I would routinely get between 30 and 50 SPAM comments every single day. That’s gone down now by about 90% (3 to 5 SPAM comments a day) and some days I don’t get any SPAM at all.
And don’t be led to think that blocking batches of IP addresses will cut down on your web traffic. If you’re careful to block ranges only in countries you are not specifically targeting for your readership, it should have little or no negative impact on your traffic. My visitor stats have steadily increased in spite of blocking these ranges in IP Deny Manager.
STEP 4: Check Out and Report Spammers to Black Lists
This step might only be for the die-hard geeks out there (like me), but I think it’s worth sharing because I believe it can really make a difference in the long term.
There are many dedicated people on the Internet who have taken it upon themselves to compile and manage up-to-date ‘public block lists’ (or black lists). You can find several of them listed at: http://www.selectrealsecurity.com/public-block-lists.
Most relevant to the subject at hand are the ‘IP Address Block Lists’, which you will find if you scroll down the page. The one I found particularly interesting is ‘The Directory of Comment Spammers’ on a site called ‘Project Honey Pot’. Here’s a screenshot I took this evening of the list at: http://www.projecthoneypot.org/list_of_ips.php?t=p.
Look at how many reported comments some of these spammers have!
I find looking at data like this to be fascinating. If you look at it closely (and especially if you filter the content by looking at different countries), you will see clusters of IP addresses around a certain range. This makes it easier to block the ranges of IP address that appear to be used consistently by spammers. I like to check in periodically (maybe once a week) to find the latest offenders, and put them into my ‘IP Deny Manager’.
These ‘public block list’ collectives also enable you to submit known spammer IP addresses to them, should you feel motivated to do so.
PLEASE NOTE: Project Honey Pot does give this disclaimer: ‘Please note: being listed on these pages does not necessarily mean an IP address, domain name, or any other information is owned by a spammer. For example, it may have been hijacked from its true owner and used by a spammer.’
STEP 5: Report Spammers to Internet Service Providers
This last suggestion is not something I expect most of you to do, as it takes time and doesn’t always get any results. However, I believe sometimes it is appropriate to REPORT spammers to their Internet Service Providers (ISP). Here’s how:
- Copy the IP address of the spammer on your site.
- Go to http://whois.com
- In the upper right-hand corner, paste in the IP address of the spammer and click ‘search’
- A new page will open up with all the information about the ISP. Amongst other things, you’ll be able to see the country of origin of the computer.
- If you read through it, you will see instructions on how to report abuse (such as SPAM). This will be either an email address or a URL to a page where you can report the issue. The email address is typically something like: ‘abuse [at] webhost’s name [dot] com.
- You MUST include all the relevant information in your email: The IP address, the time of incident (in UTC time), the actual comment and the URL and/or email of the spammer. You must also give the URL of the page where the comment was left on your site.
I would ONLY bother doing this if the spammer’s IP address seemed like a ‘misfit’ (i.e., coming from a large, reputable Internet provider). If you see this, it’s often because the company’s IP has been ‘hijacked by spammers’ (as Project Honey Pot said). In such a case, they would probably be very pleased to hear from you, so they can take action.
Don’t bother trying to report abuse to lesser known or unknown companies (or those in China, the Ukraine or other high-spam regions) because 9 times out of 10, your email will bounce and you get nowhere at all (I learned the hard way).
Reporting spammers takes time and energy, but I think it’s worth doing, at least every now and then. You might not catch the spammer, but you might help out someone whose IP address was hacked.
If you have Akismet in place on your blog, you might wonder why I’m suggesting that you take assertive action in Steps 3, 4 and 5, while Akismet is catching all the SPAM for you without any effort.
Well, it’s got to do with the SPAM that gets away. Akismet catches SPAM after it’s submitted to the site. This means random SPAM comments will inadvertently be approved on some people’s sites (as we’ve seen in the screenshots from Alexa in Part 2). This means the spammers are getting results. If spammers can show evidence of these results to their clients, they will get paid for their illegal activity. And as long as spammers are getting paid, they’ll continue to do what they’re doing.
This means that taking the ‘passive’ approach of depending entirely on Akismet might cut down SPAM on our sites, but it doesn’t do a thing to get rid of SPAMMING as an activity. As long as they get at least SOME results, spammers will continue to do what they do.
BUT…imagine if every single ethical marketer out there were to take assertive action and block the IP address of every spammer on the planet. That will surely make things more difficult for spammers to operate. Of course, spammers are pretty savvy, and they typically hide their IP addresses behind public or private proxies. But every time a proxy becomes obsolete (owing to their appearing on too many blacklists) it costs a spammer time and money to switch. Spammers won’t bother with things that are too hard, and they certainly won’t work for free.
So, my reasoning is this:
Let’s make spammers so fed up with being blocked
and with constantly needing to change their IP address
that they simply GIVE UP what they’re doing.
Let’s send the message to spammers that it’s utterly futile and unprofitable to engage in this activity of spamming. When it becomes so hard that it takes too much time and effort and costs more money than they are earning, they’ll have no choice but to quit.
Call me na´ve, but I believe it will happen if WE take the assertive route rather than the passive one.
So what do you think about all that? Am I crazy?
Next time, we’ll conclude ‘Invasion of the Blog Snatchers’ by looking at a few simple ways to protect your site from a truly aggressive breed of cyber-invader–HACKERS!
I hope you’ll subscribe to the 7 Graces of Marketing blog to catch that article, and all our future ‘grace-full’ articles on ethical marketing.
As usual, I welcome your spam-free comments and feedback below.
14th May 2013
Like this blog?
Then please subscribe using the form at the upper right side of this page, so you can receive our articles to your inbox.
You can help subsidise ethical marketing training courses for young social entrepreneurs in need. Just subscribe to the blog on Amazon for 99 cents a month (77p UK), and you’ll receive all our articles delivered directly to your Kindle device. All profits go to our 7 Graces Scholarship Fund. You can take a 14-day free trial before you decide. You’ll get a new article 2 or 3 times per week. Check it out at Amazon US or Amazon UK.
Looking for a Tribe?
Come join our 7 Graces group on Facebook, and join us at our monthly meetings. They’re free to attend and we have them both in person and online, so you can participate from anywhere in the world. This is NOT a “business group” but an active community where people actually know and support each other.
The 7 Graces of Marketing: how to heal humanity and the planet by changing the way we sell, by Lynn Serafinn, where you can learn how the 7 Deadly Sins and the 7 Graces impact the world through media and marketing.
Brit Writers Awards Finalist
eLit Book Awards Silver Medal in Humanitarian & Ecological Social Issues
Tweep-e-licious: 158 Twitter Tips & Strategies for Writers, Social Entrepreneurs & Changemakers Who Want to Market Their Business Ethically, by Lynn Serafinn, which can help you learn how to create meaningful collaborations through Twitter and other social media.
eLit Book Awards Bronze Medal in Business and Sales
Get instant access to a free 90-minute Twitter marketing class at http://tweepelicious.com
LYNN SERAFINN, MAED, CPCC is a certified, award-winning coach, teacher, marketer, social media expert, radio host, speaker and author of the number one bestseller The 7 Graces of Marketing — How to Heal Humanity and the Planet by Changing the Way We Sell and Tweep-e-licious! 158 Twitter Tips & Strategies for Writers, Social Entrepreneurs & Changemakers Who Want to Market their Business Ethically. She is listed in the Top 20 of the Top Marketing Authors on Twitter by Social Media Magazine and was a finalist for the prestigious Brit Writers Awards. She also received the eLit Book Awards Silver Medal in Humanitarian and Ecological Social Affairs, as well as the Bronze Medal in Business and Sales.
Lynn’s eclectic approach to marketing incorporates her vast professional experience in the music industry and the educational sector along with more than two decades of study and practice of the spirituality of India. Her innovative marketing campaigns have produced a long list of bestselling non-fiction authors through her company Spirit Authors. Lynn is also the Founder of the 7 Graces Project CIC, a not-for-profit social enterprise created to train, support, mentor and inspire independent business owners to market their business ethically, serve society and planet, and restore all that is best about humanity.
(not just for Londoners, as we meet also on Skype)