AGIMO Blog Management Part II

Peter Alexander - AGIMO
The Department of Finance Archive

The content on this page and other Finance archive pages is provided to assist research and may contain references to activities or policies that have no current application. See the full archive disclaimer.

You may have noticed that over the last few days our blog has received a larger than normal amount of spam comments. The blog uses a post-moderation system, where comments appear automatically unless they are caught in an automated spam filter. While this filter blocks the majority of submitted spam comments, it’s almost inevitable that some spam comments will make it through and be published on the blog.

We endeavour toremove spam as quickly as possible, but if you have previously subscribed to comment RSS feeds or email updates you may receive copies of any spam comments which slip through the filter.

Most spam works on the basis of links – if you receive an RSS update or email notification (or indeed if you see a published spam comment on the site) containing a suspicious link, we recommend that you do not access it. If you are concerned about receiving updates containing spam comments, please either unsubscribe from the relevant RSS feed or, in the case of email notifications, contact us to cancel your subscription.

As a first step to minimise the amount of spam comments appearing on the blog, we will begin closing comments on older, inactive posts to present a smaller target to spammers. From now on, we’ll generally close comments on posts after a month or so, with the exception of certain popular or otherwise notable posts.

As we will say in a comment included on each post where comments are closed, this new practice does not mean we are uninterested in receiving feedback or discussing whatever those posts are about. Please feel free to contact us if there is an issue in an older post you are interested in: we are happy to accept feedback through other means and may also consider writing a new post on that topic (or creating an off-topic post for comments not fitting into other posts).

Our moderation policy has been updated to reflect this new practice. We are also looking at the Bad Behavior (sic) WordPress plugin as a means to strengthen our spam filter. Our options to prevent spam being published on the blog beyond this point become more complex, as it’s difficult to crack down on spammers without also blocking legitimate comments. Nonetheless, we have a few options in mind should the problem continue, including:

  • Introducing a CAPTCHA on the comments field to make it more difficult for automated spammers to comment on the blog (noting that we would of course need to investigate options to implement this in an accessible fashion).
  • Removing commenters’ ability to include a URL in their name – although this will not prevent spammers from including links in the body of their comment.
  • Removing email updates for comments as a means to address concerns about receiving email updates of spam comments. The blog’s RSS feeds would remain.
  • Finally, introducing a system where the first comment from each poster must be manually approved; subsequent comments from that individual will then be published automatically.

I’d note that, at this point, the above options are just that; we have not yet decided to implement any of them, and will wait to see what happens with the spam situation after we close comments on older posts. I am interested in your thoughts on the options above or any other ideas you may have about moderating the blog.

Comments (13)

Hi Peter,

I'm subscribed to a few threads here and I've had a reasonably large number of emails popping up in my Inbox, especially over this weekend. I consider it a nuissance, but unfortunately part of "the cost of doing business" in an online environment.

I'm just hoping that the spam does not become a deterrent for making additional posts/content available online.

It's always tricky finding the right balance for protecting against spam.

Other options would also be to implement a blacklist for spammy words (although this has the highest risk of blocking legitimate comments) or requiring users to register prior to commenting.

I believe you should also be able to set the threshold for the number of links that can be included in comments before they are held for moderation.

On the plugin front - another plugin hat works differently again and might be worth checking out is NoSpamNX

Hi Peter

Maybe try this

Sabre (registration spam): This is a more insidious kind of spam but, if your blog is set to let visitors register freely (without needing your approval), you will need to get this kind of spam under control as well. Sabre gives you several choices of obtrusive (like captchas) and unobtrusive (like speed of registration) tests you can choose from to determine if a registration attempt is from a spammer bot or a real human. It is a very flexible plugin and it also displays its numbers on the dashboard.



This is might also help

I would go with a Captcha thingy, no real hassle for us commenters and will get rid of the spam

I think we need to be careful that we do not make it too hard for legitimate contributors.
I do like your idea of the first response being manually checked and rejected if necessary along with no email to followers until a post is approved or listed (for regulars).

Thanks for your input - we want to keep it as easy as possible for people to contribute but at the same time cut out spam.

We have three real options - check first response and then let people in if the first one is ok. This requires us to moderate more than we want to (not of course because we are lazy but becuase of our philosophy!). Make people register to comment. I know people don't really want to do this. Or go with a CAPTCHA approach - which while it can be a little extra effort for regulars - is used by our counterparts in the US and UK for their major blogs with good success.

We would implement CAPTCHA providing two modalities of text and audio that will broadly meet our accessibility requirements.

Our task is now to find the best plug-in for Wordpress to meet this need and maintain the integrity of Govspace. Any suggestions would be welcome.

This really is a vexed question. Those of us who work and play in this environment find the management of usernames and passwords onerous, however, it really is a small issue when the quality of the conversations far out weigh the annoyance.

I appreciate very much the steps you are taking and welcome your considered approach..

By the way re CAPTCHA there are less visually messy variants such as basic arithmetic questions such as what's 2+3 etc...

Looking at the flow of the conversation it is becoming quite obvious that the question is to what extent people would put up with a bit of inconvenience to minimise spam. The answer is probably yes - based on how people detest being spammed themselves.

Also, it would not be a good look for an AGIMO site to be swamped by spam. Sends the wrong message to citizens. Not that anyone could expect zero. So a difficult balance to be reached.

We have implemented CAPTCHA. This is the first comment using it. Hopefully we will see a BIG drop in spam.

Does it for me. Interesting bit of research on CAPTCHAs. Especially see the bit on the use of coloured backgrounds.

I am with you guys. The spam annoys me a lot more than a bit more security.

Last updated: 28 July 2016