Skip navigation
Currently Being Moderated

Captcha is not preventing spam comments from being submitted

May 26, 2012 1:37 PM

Tags: #business_catalyst_blogs

Captcha does not seem to be working on our blog.  (http://www.waterthebamboo.com/_blog/Blog) We are receiving Spam comments multiple times per day.  Shouldn't Captcha/Image Verification prevent Spam posts from being submitted via the Form?  It's a real pain to have to dig through all these spam posts in the admin.

 
Replies 1 2 3 Previous Next
  • Currently Being Moderated
    May 26, 2012 6:58 PM   in reply to ChrisBartell

    Captcha only eliminates bot spam, not human spammers who can bypass captcha. I haven't used the blog yet because our is set up elsewhere. We moderate comments there, but the drawback to that is that you will lose non-spamming commentors.

     
    |
    Mark as:
  • Currently Being Moderated
    May 27, 2012 9:22 AM   in reply to ChrisBartell

    It's possible that there are OCR-capable bots hitting your blog. But there are also tons of people who do nothing more than post spam links on blogs all day long ("work at home" scam jobs, SEO scammers, etc.). If you comment section allows links to be followed by search engine bots you're gonna get hit hard with link spam, so make sure comments are set to "nofollow" and moderate them.

     
    |
    Mark as:
  • Currently Being Moderated
    May 30, 2012 7:16 PM   in reply to craftyalien

    hi crafty alien,

     

    how do you make sure comments have Nofollow set on?

     
    |
    Mark as:
  • mario_gudelj
    1,679 posts
    Oct 13, 2010
    Currently Being Moderated
    May 31, 2012 4:40 PM   in reply to Frankie and Boyd

    Perhaps you could add this http://www.robotstxt.org/meta.html to your blog layout.

     

    -m

     
    |
    Mark as:
  • mario_gudelj
    1,679 posts
    Oct 13, 2010
    Currently Being Moderated
    May 31, 2012 5:19 PM   in reply to ChrisBartell

    Form what I understand they should go as far as the detailed blog layout and not follow anything from there...

     
    |
    Mark as:
  • Currently Being Moderated
    May 31, 2012 7:20 PM   in reply to mario_gudelj

    Hey Mario - Hey ya i know long time No see!!!! how ya been ....

     

     

    Thanks for this - The captcha settings wasn't set to enforce - so i ticked it for everything . Why would it not enforce though automatically?

     

    Also - with that meta robots thing do i place it on the blot main layout? or just on the post? and what does this do - i tried reading that doco but it was a bit confusing.

     

    so it doesnt stop regular search bots from following???

     
    |
    Mark as:
  • mario_gudelj
    1,679 posts
    Oct 13, 2010
    Currently Being Moderated
    Jun 3, 2012 4:31 AM   in reply to Frankie and Boyd

    Heya, it's not forced automatically because some clients use V1 captcha and we can't break the backwards capability.

     

    As for the meta noindex/nofollow, you can place it inside the overall blog layout.

     

    Cheers,

     

    -m

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 14, 2012 2:54 AM   in reply to mario_gudelj

    Thanks again for your help mario

     

    I have tried the captcha thing (turning it on) but still getting some spam so I am looking into trying the No Index no follow

     

    The thing is I was researching it and it looks like if I used the <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"> that would stop search engine bots from indexing the blog posts??  Would that mean that the website would not get the SEO benefit from all posts? http://googlewebmastercentral.blogspot.com.au/2007/03/using-robots-met a-tag.html

     

    I am not sure if I am correct on this does anyone have any feedback on this?

     

    Is there any other way to try and stop bots from filling out the comments? seems these ones are either human or bypassing the captcha still ..... hmmmm

     
    |
    Mark as:
  • mario_gudelj
    1,679 posts
    Oct 13, 2010
    Currently Being Moderated
    Jun 14, 2012 6:30 PM   in reply to Frankie and Boyd

    There have been several reports in past two weeks of the captcha being compromised. The dev team is currently looking at the fix. No ETA on it yet. Please PM me the blog URL though.

     

    -m

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 15, 2012 6:22 PM   in reply to mario_gudelj

    I have clients coming at my left right and centre as there has been a massive amount of #paydayloans etc coming through, they don't end up in your unapproved ... it's a little odd. I have heaps on my own site too but they don't show on the blog, in the unapproved but do in the live feed. Is there anything happening at the moment to stop the blogs being exploited?

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 15, 2012 8:40 PM   in reply to stp-sarahp

    Thats the same with my clients blogs - its the Pay day loans - every day!!!!! sometimes twice!!

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 16, 2012 12:02 AM   in reply to Frankie and Boyd

    Yep, the payday loans are the most frequent blog spammers I'm seeing every day.

     

    I would like to try removing the 'website' field from the comments form to see if deters them, but can't find any way to do this :-(

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 16, 2012 8:06 AM   in reply to Frankie and Boyd

    Any link can be changed to nofollow by adding the tag as shown:

    <a href="http://www.example.com/" rel="nofollow">Link text</a>

     

    You can meta a bots nofollow, but remember, if you WANT a link YOU post in your blog to be followed (because a GOOD follow is helpful.) you cannot use the nofollow AND it's futile against humans.

     

    You can use the above example to modify a URL field.

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 18, 2012 9:11 AM   in reply to mario_gudelj
     
    |
    Mark as:
  • mario_gudelj
    1,679 posts
    Oct 13, 2010
    Currently Being Moderated
    Jun 19, 2012 12:08 AM   in reply to sfrobbins

    Everyone, please make sure that you have this setting enabled:

     

    Captcha.jpg

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 19, 2012 8:57 PM   in reply to mario_gudelj

    Thanks Mario though the one that is getting the most payday loans spam already has that setting ticked ... can you help out with any other suggestion?

     
    |
    Mark as:
  • mario_gudelj
    1,679 posts
    Oct 13, 2010
    Currently Being Moderated
    Jun 19, 2012 8:33 PM   in reply to stp-sarahp

    Then it must have been compromised and the bots have found a way around it. I know that the dev team is looking at the was of tackling this at the moment, so please followour blog for further announcements on this issue.

     

    Cheers,

     

    -mario

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 29, 2012 11:54 AM   in reply to mario_gudelj

    We are getting it as well from "cash advance loan".

     

    Our site: www.lechameauUSA.com

     

    The spammer's email: fkokooeelel@gmail.com. I can forward you the customer comment form if it would help.

     

    Chuck

     

    (And yes, I have CAPTCHA activated and the settings are enabled.)

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 29, 2012 12:27 PM   in reply to mario_gudelj

    in addition to a better captcha, how about access to a spam blacklist (like akismet?)

     

    also is there an option to just filter out bbcode/html from comments by default?

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 30, 2012 2:41 PM   in reply to kenneth_rapp

    We have had the same problem with all our sites and decided to change them to use the Facebook comment module. We are probably losing a few commenters, but most customers prefer genuine comments over trolls and spammers.

     
    |
    Mark as:
  • Liam Dilley
    6,691 posts
    Feb 28, 2012
    Currently Being Moderated
    Jun 30, 2012 6:43 PM   in reply to craftyalien

    Not what this is about :) a bot is not just a search bit and no-follow is an indicator not a mandatory statement :p

    Spam bots crawl the web filling out forms and have a variety of captcha bypass abilities, some are malware that fill in forms as a person is browsing websites with their infect machine efc.

     
    |
    Mark as:
  • Currently Being Moderated
    Jun 30, 2012 8:34 PM   in reply to mario_gudelj

    HEy Mario,

     

    ANy more updates on this?? All of my clients sites are now getting spammed even crazier - 5 - 10 times a day. Grrrrrrrr '

     

    its all the pay day loans one - they are going to town now on all the blogs

     
    |
    Mark as:
  • mario_gudelj
    1,679 posts
    Oct 13, 2010
    Currently Being Moderated
    Jul 1, 2012 9:30 PM   in reply to Frankie and Boyd

    I haven't seen any decisions come of the product team yet. I don't know which way they're going to go about it, but I know it's something they're working on currently and you should see some announcements around this in the near future.

     

    Cheers,

     

    -mario

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 2, 2012 5:12 AM   in reply to ChrisBartell

    Mario

     

    Yup - definite increase in SPAM over multiple sites - clients bugging us constantly on it now.  Looking forward to that solution from the Dev team.

     

    Cheers.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 3, 2012 1:27 AM   in reply to mario_gudelj

    Where will the development team make an announcement, in the BC blog?

     
    |
    Mark as:
  • Liam Dilley
    6,691 posts
    Feb 28, 2012
    Currently Being Moderated
    Jul 3, 2012 3:51 AM   in reply to Casper Scholly

    If they have the URL they can spam anyway. A site with no comments forms on the site, but had them can be hit too.

    This is the same sort of process issue that happened with the old refer a friend forms.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 3, 2012 11:22 AM   in reply to Liam Dilley

    Same issues here. Comment spam has trickled in for years, but has been increasing significantly over the course of the last few weeks.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 6, 2012 1:35 AM   in reply to ChrisBartell

    We have also had a dramatic increase in spam over the last 6 weeks (www.changedesigns.net) on all comment forms on products, web pages, blogs, and announcements. Enforce captcha validation has been set (ticked) for everything but it is still not prenenting the flood. We have to daily manually delete stacks of spam comments and it is taking up a lot of time.

     

    It looks as though it is definitely a bot and not a human as I had previously commented out a comment form in the announcement layout but the bot still used the commented out code in the served page to execute the form submission while bypassing the captcha. I did a bit of research and it seems that the spammers can buy cracked codes for websites and then they keep refreshing the captcha until they get the word for the cracked code and then the form submission succeeds. BC is going to have to regularly change the codes on the backend to prevent this.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 9, 2012 4:49 PM   in reply to mike blignaut2

    Does it help if in webmail a blacklist is created? Or do they still get through to the contacts/comments log and CRM anyway?

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 10, 2012 12:31 AM   in reply to scratchmybrain

    An email blacklist wont help as they never use the same name or email address twice, they are randomly generated with every attack. For the current bots the only thing in common is their injected url which is always around the theme of  loans or cash but this could change.

    Just for claritys sake the spam doesnt make it onto the live webpage since we moderate all comments and so just delete them on the backend. The other hassle with the spam bots is them creating hundreds of new clents in the CRM database all the time, which we then have to delete.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 10, 2012 12:57 AM   in reply to mike blignaut2

    Indeed Mike, deletinfg all the auto created CRM records is also a pain.

     

    I hope this will also be looked at, maybe give us the option to NOT create a CRM user record when somebody comments on a blog?

     

    Also some kind of rule creation similar - or better - than WordPress, i.e. if comment includes a link or HTML, then give error or warning to user without actually allowing comment at all?

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 10, 2012 11:41 AM   in reply to Vincent-1

    hi all .. so i also have been getting hit with this issue ... i have a faq page well about 40 of them in fact.. only one is being tagetted with this .. never a comment made just 4 or 5 hits a day with bogus emails. like this haolhlhdlch@gmail.com and so on .. painful to remove from crm as already disscused .. would be nice to be able to have 1click remove all .. or have i missed it ??? anyway just to keep all informed .. i dont understand what the benift is to anybody doing this .. unless they just get a kick out of wasting their time

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 10, 2012 12:18 PM   in reply to Vincent-1

    Oh, that would be nice.

    Vincent-1 wrote:

     

    Indeed Mike, deletinfg all the auto created CRM records is also a pain.

     

    I hope this will also be looked at, maybe give us the option to NOT create a CRM user record when somebody comments on a blog?

     

    Also some kind of rule creation similar - or better - than WordPress, i.e. if comment includes a link or HTML, then give error or warning to user without actually allowing comment at all?

     

    I've been rewriting my forms to be generated by javascript on the (maybe now obsolete) premise that bots parsing a webpage won't be able to run the js and 'see' the form there. I have no idea if this is even effective though, and of course a bot doesn't need an html form to post in the first place...

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 16, 2012 9:06 AM   in reply to ChrisBartell

    I'll add my site and my clients' sites to the list of websites that have seen a huge spike in blog and inquiry form spammers, most of which are payday loan messages. I'm hoping BC engineers make this a priority. Many clients aren't happy.

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 16, 2012 9:20 AM   in reply to @JoeWellborn

    i am now in the process of creating a new site through wordpress and will now compleatly remove every site i have and my clients sites that i was going to create ...will  also be wordpress sites .. had enough of te bad service and lack of support when it comes to css matters and the sytem also changing script .. all my transaction have been cancelled .. the only way for me to see a real future for this is to make vast changes .. i will not be waiting for them so for me its good bye

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 17, 2012 7:13 AM   in reply to ChrisBartell

    Also getting 2-3 payday loan comments a day; pain in the backside.

     

    Is there a way of including nofollow on all comment links? Somewhere in the backend that I've missed?

     
    |
    Mark as:
  • Currently Being Moderated
    Jul 17, 2012 8:11 AM   in reply to Sammotea

    I encountered this problem as well and was getting 4 or 5 of the payday loan comments a day on one client's site.  I eventually changed the blog URL and each of the exisitng blog post URLs, and the problem has diminished greatly.

     

    It has to be some sort of automated posting program that they are using, so I advised not using any of the default URLs.

     

    Good luck.

     
    |
    Mark as:
1 2 3 Previous Next
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points