Blog spam prevention

September 27, 2007 | Leave a Comment

I’ve noticed that the minute I write a new post on my artsmontana.com blog, I get a few new spam entries in comments. This is clearly automated by someone scanning blogs for new posts and submitting comments.

Since I am recommending blogs, I’d like to mention a few easy to implement ways to trap or prevent comment spam. First of all, allowing anyone to comment without moderation seems like a nightmare to me. On all of my blogs, comments are placed in a moderation queue awaiting my approval. I can also edit them there before approving them. You won’t miss comments when you have moderation turned on because an email alert lets you know there is something in the moderation queue.

For spam filtering in comments, I use the Akismet plugin for WordPress, and I also set my spam filter to look for any comment that contains more than one link. Spammers like to populate comments with their own links, so that helps. Akismet is free for personal use, and they have a commercial key (at $5 a month) for what they call “mad paper” sites, or sites that are generating more than $500 a month in income. They also have an enterprise-level key (at $50 a month) for large businesses. To get Akismet, you sign up (also free) and they give you an API key that you enter in your WP administration panel. It’s easy, and it’s useful. Spam comments usually reiterate a bit of text from a post and add an irrelevant bit of text. Aksimet grabs those, as well as the stupid comments spammers include in their automated content to make it seem legitimate, like “very interesting” or “nice job”, and puts them in a spam queue. That way you can see at a glance all the garbage that has come in and delete it in bulk. Akismet also provides information for those who want to extend it to work with other applications besides WordPress.

I have already installed Akismet for all of my WordPress blog clients, but here is how to use it if you are new to blogs and plugins. If your WordPress installation does not come with Akismet already listed in the Plugins tab, go to akismet.com, download the plugin, uncompress it with an unzip tool (e.g. WinZip or Stuffit Expander), then upload it to the wp-content/plugins subdirectory in your blog directory. Once that is done (by WordPress or by you), go to Plugins on your WordPress dashboard, activate Akismet, follow the link to the free API key, enter the API key in the configuration screen, and you are done.

Bad Behavior is also a popular choice, and seems especially well-suited to blogs with heavier traffic because it keeps spam from even entering your comment queue, saving time, trouble, and server bandwidth. It achieves that by analyzing the delivery method of the comment. According to the Bad Behvior Web site, “it is designed to work alongside existing spam prevention services to increase their effectiveness and efficiency. Whenever possible, you should run it in combination with a more traditional spam prevention service.” It works with many more PHP-based platforms besides WordPress, including Drupal, ExpressionEngine, and LifeType. If you install and use Bad Behavior, a modest voluntary contribution is suggested. [Note: I just installed Bad Behavior (9/30), keeping the Akismet plugin activated, and will report how it goes. Bad Behavior logs blocked requests, so I’ll check that as well as spam levels. ]

WordPress allows you to create a Comment Blacklist, too. Go to Options > Discussion and scroll to the bottom of the page where you can enter keywords that you’d like to block. (You know what they are!) You can also enter offending email addresses, IPs, and URLs.

Some bloggers use a challenge-response system for comments to ensure that all comments come from humans and not spamming software. This can take the form of a simple question (e.g., What is 4 times 5?) that has to be answered before the comment can be submitted. There are also CAPTCHA (”Completely Automated Public Turing test to tell Computers and Humans Apart”) tools, and anyone who has filled out an online form that requires you to read and enter a batch of characters presented graphically before you can submit has seen this model. Once you are a recognized commenter (i.e. trusted) you can sometimes forgo this step. One of my favorite local blogs, Livingston, I Presume, uses a CAPTCHA model and it is not at all inconvenient. It is a better experience for your visitor than requiring them to register and log in before commenting. Some annoying Blogger.com blogs expect you to have a Blogger account to comment. Unless you have a large and very public site with huge amounts of commenting traffic, this is overkill. Nothing chills a comment-prone visitor faster, and since comments are a part of a blog’s lifeblood, you don’t want to stop them that way, especially when there are friendlier gatekeeping methods like moderating everything before publication, using a plugin like Akismet, and/or employing a simple challenge-response algorithm.

For more on personal spam prevention (especially email), see the list of resources at ctrl-zweb.com.

On the topic of blogs, after the Democratic debate last night I visited the Web sites and blogs of Barack Obama, Hillary Clinton, Joe Biden, and John Edwards. I doubt there is a presidential candidate who is not using a blog as an interaction tool. While I am not committed to any candidate, I give John Edwards’ site and blog the highest marks. He has real content instead of single paragraph issues statements that are virtually content free; and not only does he get specific about every issue, he has all of the topics nicely organized so that it is easy to find his position and his plan for the issues that interest you. You are required to register to comment on Edwards’ blog (I’m sure that’s true for all of them), but you’d do that, too, if you were running for Prez and had all that (sometimes wacky) blog traffic.

Posted by Lynn | Filed Under Web Tips | Leave a Comment

The hosts with the most

September 24, 2007 | Leave a Comment

As much as I like to do business locally, I am purchasing Web hosting elsewhere. I am also a hosting service reseller. This enables me to manage multiple clients from a single Web Host Manager control panel. The time I save is time spent on checking client’s Web sites and server data routinely, as well as responding to problems (very few, usually having to do with client configuration of email accounts or email quotas) which is what they get for their money when they buy a hosting package through me instead of vendor-direct. I don’t expect clients to use my hosting service, and for non-profits or folks who want to do business with thoughtful companies, I’ve recommended AcornHost.com.

I am a reseller with InMotionHosting.com. I have had positive experiences with them and like how they handle support issues and questions. My clients have hosted directly with them, or have purchased an account from me. I also have clients hosted on LunarPages.com, as well as a reseller account with them, but after a couple of bad experiences, I am no longer recommending them. I might have hit them at a bad time, or engaged with the worst of their tech support people, but their interface for adding new accounts completely broke down at a time when I was trying to ‘go live’ with a client site, tech support took quite long time to get things working, and the original problem was their fault.

So, for now, I like InMotionHosting.com for businesses and AcornHost.com for non-profits and small businesses. I think AcornHost can handle any sort of organization’s Web site, but as I am a reseller with InMotionHosting, I tend to use InMo for business sites and Acorn for non-profits. Another service has recently come to my attention through blog conversation: Garlic D’zign. As I migrate clients away from LunarPages, I might give those folks a try. Both AcornHost and Garlic D’zign are companies with a conscience.

While I prefer to work with and support a local business, clients and I have had enough bad experiences to warrant mentioning that the customer service at WISPwest.net has been inferior in the past, and the server administration interface undesirable. On a national level, Network Solutions and GoDaddy seem to have captured the attention of folks who are not Web savvy, but their server admin interfaces are not good. In the case of Network Solutions, the interface is dreadful. On my own servers, I can add an email, redirect a domain, backup a database, see site traffic logs, and much more from a single page with one or two clicks down in each area. It takes going through many more screens, and many more clicks (plus a whole lot of ‘what the devil does that do’ questioning) to accomplish the same in Network Solutions’ interface. They also do not support some standard server tools that I expect. The overall impression with NS is that they really don’t want you doing much on their server. And there are ads and offers at every turn. When I am in my control panel, I do not want to see ads.

Anyway, if you expect to do anything on your own server (uploading files is a common one), then look around for a vendor with a friendly control panel, and steer away from Network Solutions and GoDaddy.com. Ask what is on the control panel before you sign up. Can you create a database? update your own email quota? have access to a lot of other tools via Fantastico (surveys, content management systems, blogs, guestbooks)? You might not need them or want to install them today, but if you extend your site’s capabilities, you or your Webmaster/designer might miss having those things down the road.

I always support any client who wants to carry on themselves after the design is done, so the usability of the server interface is paramount to me.

Update: Over last weekend Network Solutions made some changes to their admin interface (the notice of the changes arrived today, however, well after I used it and made my way through the new). This is not enough. What a good control panel dishes up in one page, the very first one, NS takes a dozen pages to deliver. And key information is missing. For example, just try to redirect a domain! When a client asked NS support about it, and why she couldn’t designate a domain name as the primary one and simply point the other names to it , and why they were on different domain name servers (DNS), tech support told her to “Google ‘301 redirect’”! Apart from the shoddy service, how about the fact that nowhere on the redirect page does the word “redirect” appear, and nowhere is there a place to point one domain to another. You can only point all domains to the same directory, which doesn’t take the alternate names out of search results. There is no way to specify that a redirect be permanent (301) versus temporary (302). In their own user guide, a search for ‘301 redirect’ yields zero results. And every page of the many that you have to go to to accomplish a simple task, there are ads for more NS services.

The bottom line on NS: If you are thinking about using Network Solutions for domain registration or Web hosting, take a page from their tech support book and Google “network solutions sucks”. You’ll see why I never host a client with them, and why I am even considering not taking on server administration if a client is using Network Solutions.

Posted by Lynn | Filed Under Web Tips | Leave a Comment

Search Engine Optimization

September 6, 2007 | Leave a Comment

A lot has been written about Search Engine Optimization (SEO) and it can be confusing and contradictory. Without going into great depth about costly models (pay for results placement, or per click, or hiring SEO consultants) versus the free methods, I thought I’d offer some basic free steps for improving your position in search engine results. For clients wanting to improve results for free, I take the simple steps described below. These have been working well for me and my clients. Note that the very best thing that you can do is to use good page titles and to write rich content for your Web pages. (And promote your site; don’t wait to be found.)

Here’s a brief intro to:

META tags (easy to do, but of limited use with today’s search engines)
Using meaningful titles for all your Web pages
Using descriptive text with image tags
Using a file with instructions for search engine robots (robots.txt)
Sending Google info about your site’s structure and how often it should be indexed
Improving results with links
Blogs and search engine results

Posted by Lynn | Filed Under Web Tips | Leave a Comment

To blog or not to blog

September 3, 2007 | Leave a Comment

After we finished their site designs, a couple of clients were looking for more interaction with site visitors, so we added a blog. We ruled out traditional guestbooks; even if we spam-proofed them, a one-way form didn’t achieve what the client wanted. The blogs make nice complements to their Web sites, and could be nicely customized to fit the look of the static web pages (See aaronschuerr.com/aaronsblog and gillianswanson.com/resources.) The more my clients adopt blogs, and the more I work with the three that I maintain for business and personal use, the more I think that it is a good choice for new client Web sites.

Some blog themes do a nice job of combining a lot of stable content with dynamic post content (e.g. the Revolution theme that I based this site on), and there are many plugins for the WordPress blog platform that I use. The plugins extend the blog themes to handle things like image galleries, online shopping, spam filtering in blog comments, notifying Google to index your site, et cetera, making it possible to develop a multi-faceted and lively site.

Blog Web pages are assembled dynamically in a browser at viewing time using PHP (server-side scripts) to process and present HTML (for defining page structure), CSS (for styling pages), and your data (posts, page content, and various blog options, that are stored in a MySQL database as you create the content). Traditional Web sites are static; the browser interprets the HTML and CSS and presents the page. Navigation is pretty much handled for you in a blog theme. That is, decisions about presenting blog pages and posts and where are already made in the theme. Unless you want to change that, you won’t have to code navigation and menus the way that you would in a traditional Web site design.

Additional criteria for my clients include whether they want to handle their own updates, how much they update, and whether they are more comfortable with the blog administration interface or HTML editors. There are other factors to compare in a static Web site versus a blog site that I think they should know about. Some of them are listed below. Read more

Posted by Lynn | Filed Under Web Tips, Web Design | Leave a Comment