Spam Wave 2013: Adopting Akismet
Spam comments to my site have reached ridiculous levels over the last few weeks; in the last two weeks there were over 35,000 messages awaiting moderation and another 10,000 or so marked as spam.
I don’t have the ability to moderate that kind of volume, so I’ve taken a couple of steps to deal with it.
The first step was deleting all of the pending comments. I checked first to see if any of them were on posts written since the start of the year, but none were. If you made a comment on an older post in the last few weeks, it has now been deleted as part of the spam inundation; my apologies.
The second step was updating the Bad Behavior plugin, which I hadn’t done for a while.
The third step was deciding that I’d bow to reality and use Akismet, something I’d been reluctant to do for a while, as it felt like giving up control of a big part of my blog to a third party. And it still feels that way, but without doing that I don’t have much hope of fending off the spam.
If you comment and it never shows up, all I can ask is that you email me about it.
Finally, I want to vent: these spam messages were absolutely nothing but time-wasters. What I mean by that is that I hold all comments (except for those by already-approved commenters) for moderation. So of the hundreds of thousands of spam comments submitted to this site, zero ever made it to the public web. That’s been true for years. Whatever spam target list included this site on it did so purely to pad its numbers, and the awful economics of spamming (namely that it costs virtually nothing to add another target to the list) meant that the spammers suffered no consequences for wasting those efforts. All they achieved was to increase the amount of work that I had to do. Aiding yourself not at all while harming another is something that particularly bothers me, and the inanity of the spam comments themselves (deliberate nonsense, pathetic attempts to pass as real comments, abuse of the language, etc.) simply made that worse.
The most frequent categories they were trying to promote seemed to be various kinds of pricey fashion brands (particularly for handbags), a certain kind of sheepskin boot, and sports jerseys, with the more traditional pharmaceutical spam trailing far behind. For a while virtual MMORPG gold was a common theme, but that seems to have passed.
Even if Akismet accurately marks the comments as spam, the sheer numbers will be problematic for other reasons—I back up my WordPress database in git, and storage is already becoming a problem. If I keep getting over 30,000 spam comments per week, I will need to heavily modify the backup script (which is currently very simple) to not back up pending comments, otherwise the total repository size will become untenable.
It could be worse; I could be running a forum, or have made the foolish decision at some point to not hold comments in moderation before posting them. I’ve encountered many sites that have been overrun by spam comments, and it tends to be extremely sad: a decent blog post from a couple of years ago, followed by productive and helpful comments on some topic, and then all communication there is drowned out by hundreds or thousands of facile attempts to boost search engine rankings. And, of course, most of those spam comments are promoting sites that existed only for a brief time, so (again) they’re not even serving a useful purpose for their issuer, but they’re still doing damage.
Depressing. I don’t have any large-scale answers; as long as the incentives are right, this kind of thing will continue.