Vigilance is the only cure for comment spam

A new report from Imperva reveals a small but persistent minority is responsible for most comment spam.

One of the best ways to demonstrate expertise and establish a positive reputation for your business or your employer is by sharing information through posts on a website. And one of the best ways to engage customers is to allow comments on those posts and to respond to them. If you're not careful, though, spammers will derail your comments and possibly drive potential customers away.

new report from Imperva reveals that 80 percent of the comment spam originates from less than one-third of the spammers, and a mere 17 percent of comment spammers actually account for a majority of the comment spam traffic. Imperva also found that nearly 60 percent of comment spammers are active for long periods of time.

Wikipedia defines comment spam as "a broad category of spam bot postings, which abuse Web-based forms to post unsolicited advertisements as comments on forums, blogs, wikis and online guest books."

Simply put, it is an unwanted solicitation. Just like email spam for Viagra or low-interest home refinancing that are hopefully automatically detected and siphoned off to your junkmail folder, comment spam interjects ads into the comment thread of a blog post.

The comment itself is sometimes at least remotely related to the topic of the post, and generally contains a link that the spammer hopes you will click. Frequently, though, the comment spam has nothing to with your post or the conversation about it and may even be worded as if it was intended for someone else and "accidentally" shared with you--revealing tidbits of information with the intent of baiting you to want to learn more by clicking a link.

The best way to avoid being overrun with comment spam is to be vigilant about monitoring comments on your site. Requiring some sort of Captcha or user validation for posting comments will help reduce comment spam, but there are automated tools capable of overcoming those challenges as well.

Pay attention to the comments that are posted. If the amount of comment traffic isn't too high, you can configure it so that every comment must be manually approved before it posts. If there is a lot of traffic, though, that can be tedious and overwhelming. Instead, you can allow the comments to post, but review all new comments periodically to identify comment spam. Most platforms have some mechanism to allow you to block any future comments from a specific user or IP address. Doing so will greatly reduce the comment spam on your site, and doing so consistently will eventually cause comment spammers (or automated comment spam tools) to search for easier targets.

Take a closer look at the complete report from Imperva to learn more about how comment spammers operate, and what you can do to avoid or block comment spam on your site.

Join the CSO newsletter!

Error: Please check your email address.

Tags antispamImpervasecurityspam attacksWordpressWeb sitesspam campaignWordpress attacksspam bots

More about ImpervaWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts