This website uses cookies on its adverts and sponsored links. By clicking the "Accept" button you are consenting to their use.

Read more

Accept


Mobile Tech Tracker
≡ sections
Home

Tech Advice

Tech Thoughts

Apps

Tech News

About

Welcome to Mobile Tech Tracker. Our mission is to help technically-minded people to become better versions of themselves and to help ordinary people to use modern smart technologies to their own advantage. If you want to support us, please consider visiting the pages of our advertisers.


How to protect your website from spammers

If you own a website and have given its users the ability to post content, such as comments or articles, you are bound to clash with malicious spammers at some point. They will come when you least expect them.

So, imagine that you woke up one day after posting an amazing article that you've put a lot of effort into. And you see that people are obviously interested in what you had to say, as it attracted over hundred comments. At first, it makes you happy. However, your happiness doesn't last, as you discover that all of the comments are about Viagra.

The bad news is that this kind of thing is extremely common. The good news is, however, that it is extremely easy to protect your website against spammers. This is why you rarely, if ever, see these kind of comments on reputable websites.


How spam comments can cause damage

It may not be immediately clear how damaging the spam comments can be. After all, it's not the same as breaking into the database, right? Well, there is actually quite a lot of damage spammers can cause.

They don't tend to just leave random comments here and there. Once spammers found out that a particular page doesn't block them from posting, they would keep posting on that page, until they are prevented from doing so. If left unchecked, the page will shortly be completely inundated with the comments and dodgy links, just like in the example above.

If this happens, your search engine rating will inevitably go down. You may have one of the best and most informative articles out there, but if there is more text on the page about Viagra, Cialis, Tramadol, online casinos and escort services than there is the actual useful content, search engine crawlers will struggle to recognise what keywords should the page be matched with.

Likewise, spammers don't tend to just leave textual comments. They post links to some shady sites too. Those addresses are likely to be blacklisted by search engines; therefore your site may become blacklisted too.

Lastly, having these comments on your pages will not give your users a good impression. You can get an idea of what they will feel by imagining yourself opening a page with a lot of irrelevant content and some dodgy looking links that go with it.

I certainly wouldn't trust the owners of a website that contains a lot of suspicious user-generated content. After all, if the website is not protected against the most obvious types of spam, it would be safe to assume that neither it is protected against other hacking methods, such as Cross Site Scripting.


My own encounter with spammers

My own website has been targeted by the spammers. At first, a large number of comments about Viagra and Cialis have appeared on this page.

At first, I thought of it as a political activism. The article happens to be about how over-zealous and ideologically possessed activists use technology to silence the people they don't agree with. This is something these kind of people wouldn't like; therefore I thought that the spam comments that came in such volume were an attempt to silence me. After all, the so called "social justice warriors" can be pretty vicious.

However, I have soon discovered that this is not the case. Another bunch of spammy comments, but this time about online casinos and illegal painkillers, started to appear on my article about WebAssembly. It is a technology for running certain types of code in browser; therefore, nobody would be emotionally attached to it enough to be willing to get an article about it moving down the search engine rank. Unless, of course, they happen to worship in-browser JavaScript and perceive WebAssembly as a threat to it.

This is what typical spammy comments looked like:

Spam Comments Example

After some googling around, I found out that this is just what spammers do. Pages were chosen completely at random and the content on them didn't matter at all.


Give the spammers a middle finger

Luckily, getting rid of all the spam comments was easy. So was stopping them from writing any new ones.

If someone attempts to write a spam comment on any of the pages on the website, they will be redirected to this page. Of course, the message on that page is rude. But why be polite to people who are trying to do damage to your website?

The easiest way to protect your website from spammers is to install one of the commenting plugins, such as Disqus. Those plugins already use various spam filters, so you wouldn't have to worry about managing those yourself. If anybody manages to get past the filter and post something inappropriate on your page, you can report that comment to the plugin provider.

However, this solution is not suitable for every scenario. For example, you may want to choose to build your own comment widget and manage all the comments internally. The same applies to the websites where user-generated content can be more than just mere comments.

In this case, you can use the free service called Stop Forum Spam. It has its own plugin, but it also comes with a public API that can be queried. It is a large database of domains and IP addresses that belong to known spammers and it gets updated on regular basis. All you need to do is send a simple HTTP request with an IP address of the comment author. The response will tell you whether the IP has been reported and, if so, how many times. Based on the content of the response, you can decide whether to allow the comment through or not.

The website has some code samples of how to call their API from the back-end code. However, those are limited to PHP. Nevertheless, the API is so intuitive, that it will not be difficult for any half-decent web developer to figure out how to use it with different languages.

Of course, there is a chance that any IP address that you may get spammed from has not yet been reported to Stop Forum Spam. Therefore, it makes sense to add some extra layers of security, such as disallowing HTML markup, looking for specific keywords and examining the message pattern.

However, in my personal usage so far, the API has been able to stop all incoming spam based on the IP address alone. This is in light of the fact that I still had many spam attempts after implementing the logic on my server. Not a single one of these attempts was successful.

It goes without saying that, although you shouldn't let spammy messages posted on your web pages, you should log all of them nonetheless. When you do, it would be a good practice to record as much details as possible. You never know when this data may become handy.



Written by

Posted on 27 Jun 2018

Fiodar Sazanavets is a full stack software developer with several years of experience working in various industries. In his professional career, he has mainly worked with a number of different Microsoft stack technologies, both back-end and front-end, and Java for Android. Fiodar has an Honours degree in Environmental Biology and a Masters degree in Environmental Informatics.

Comments (0)

Author's Name *

Email *

3 + 4 *

Comment

*


More from Tech Advice


How to play sound on .NET Core

How to play sound on .NET Core


Proven way to make programming fun

Proven way to make programming fun


Why you should care about functional programming

Why you should care about functional programming


What the heck is WebAssembly

What the heck is WebAssembly


Desktop apps are not dead. Here is why

Desktop apps are not dead. Here is why


Popular misconceptions about Node.js

Popular misconceptions about Node.js


Becoming a software developer is easier than you think

Becoming a software developer is easier than you think


Why every web developer should know Node.js

Why every web developer should know Node.js


When NoSQL is better choice than RDBMS and when it's not

When NoSQL is better choice than RDBMS and when it's not


How big data web applications are built

How big data web applications are built


Share this:

Facebook Google LinkedIn Twitter Become a Patron!


More from Tech Advice











Privacy Policy

© Mobile Tech Tracker. All rights reserved. Unauthorised copying of any of this website's content is prohibited under international law.

For any queries, comments or suggestions, please write to info@mobiletechtracker.co.uk.