Adding Comment Moderation Tools to my Website

Why do people spam?

13.04.2022 - 21:42
I've been getting some very annoying spam comments on my website lately. I always knew this was a risk when I opened the comments to the public. Because of that, I had already built in a few options to deal with it: First, there is the nuclear option of turning public comments off altogether, which can be done with a single button. Secondly, the comments can be turned off on a per-post basis, and thirdly, I had already added a way to delete comments. However, now that I had to use these functions to deal with the spam comments I noticed a few issues and made some changes.

A Faster Way to Delete Comments

So far, I've been only getting maybe one or two spam comments per day, so I didn't want to turn public comments off globally yet. The affected posts seem to be completely random and not just the ones I have reposted somewhere else, so only turning off comments for them wasn't an option either.

Which meant the only thing I could do was to delete the comments manually. However, the UI/UX for this was terrible. I have to remember the title of the post from the notification email, find it in the list of all posts, then scroll to the bottom and click the show comments button, where I can finally delete it.

Now I have added a new section to the admin panel which shows all comments on the website. It is accessible with a single click from the main menu. This is going to speed up deleting comments significantly.



Preventing Spam Comments

When I thought about it some more I realized that there is one thing that all spam comments have in common: They contain links. Even though this might hurt a few legitimate commenters (if there were any), I decided to add a very simple piece of code to not allow comments which contain a link anymore. And by a very simple piece of code, I mean it. I literally just check whether the strings contain http:// or https://. This is going to stop all of the types of spam comments I have been getting. However, it's not very sophisticated, so spammers might just format their messages differently, but I worry about that if/when they do.

public static function isValidComment( $name , $text )
{
if ( strpos( $name , "http://" ) !== false ) return false;
if ( strpos( $name , "https://" ) !== false ) return false;
if ( strpos( $text , "http://" ) !== false ) return false;
if ( strpos( $text , "https://" ) !== false ) return false;
return true;
}

Why Do People Spam?

I keep wondering why do these people bother to spam my website anyway? Because I have news for them. My website gets almost zero visitors. Nobody is ever going to see their spam messages. Well, besides me, I guess.

Additionally, somebody must have reverse-engineered the post request necessary to post a comment on my website, because the comments are not created from actual website visitors according to my analytics tool. While this isn't particularly difficult, it's not something that any random spammer can do. I assume at this point, posting comments to my website is included in a big automated list available on the darknet somewhere, so my change to block comments with a link in them is going to break it for now.

Finally, let's look at one of the spam messages I've been getting lately:

https://##########.com/ - Cialis Lpffjh viagra prix pharmacie paris en dijon Mlfehp <a href="https://##########.com/">cialis on sale in usa</a> Commander Du Viagra Myemqg https://##########.com/ - Cialis Iabxrh Normally minimum of nasal fluid is enough to clean the air current.

This doesn't even make any sense. Half of the words aren't even words, unless Lpffjh or Mlfehp means anything to you? It doesn't for Google. Besides that, it seems to be a random collection of SEO terms for medical drugs. They should at least write somewhat realistic seeming spam messages if they want to fool anyone.

---

To sum it all up, it's a big waste of time for everyone involved. I had to delete the spam comments and improve my comment moderation tools and the spammers spent time reverse-engineering the code to get literally zero return on their time and money investments. Let's hope my changes silence them for a while, but I have no doubt that they are going to be back.

---