![Learn How To Be A Successful Blogger [Blogging With Success]](http://cdn.bloggingwithsuccess.net/wp-content/uploads/2009/10/bwsthesislogo.png)
Bloggers, Beware! You will not even know and someone will hijack your comments. Keep an eye on comments of your blog as well as on comments you make.
Hands Up! Give Me Your Comments
What is Comment Hijacking?
Comment hijacking is a technique that spammers use to "steal" links from Top Commentators widget. It is all about getting a free link without any hard work.
Recently, two attempts of hijacking have been done here on Blogging With Success. Eddy Gear's name was targeted both the times.
How is Comment Hijacking Done?
Here is how it works: Mr. Spammer sees a blog with top commentators widget, notices it is ranked well in search engines and sees if the links are nofollow. Once links are confirmed to be dofollow, he starts his work. He picks up a name from the widget, leaves a one-line comment with same name but different e-mail and website addresses.
Blog owner thinks that the comment is made by his top commentator and approves it. Spammer gets a free link to his website and efforts of legitimate commentator are wasted.
Here is how the attempts on Blogging With Success were made:
Spammer used the name Eddie Gear and left a one line comment. Obviously, he did not know Eddie's e-mail address and used a different one. Since it wasa human leaving the comment, our first line of defence, Raven's AntiSpam, let it go through. Since the name did not have any spam history, Defensio also let it through. So, it managed to pass second line too.
Then a somewhat more intelligent line of defense (your dear writer, Mr. I) spotted it. Now, I know that Eddie does not leave one line comments. Also, I have never seen his comments go without "Hi There" at start and "Cheers, Eddie Gear" at end. Moreover, there was no Gravatar. Eddie uses "M", Metallique's (his website) logo.
Seeing so many abnormal things at once, I decided to check comment in detail and found the email address was different. But then, there are more Eddie Gears around the world! So, I decided to see if URL was spammy or not. Following it revealed that the website was an illegal music sharing website. This confirmed the hijack and I deleted the comment.
A second attempt was made again on April 16 and this time again, I caught the comment.
Is it Bad?
Yes! Here's why:
- The effect on community is not good. Blogger whose identity is taken is seen as ignorant.
- The efforts of good commentators are wasted and they might fly away.
- Spammer links his name to a scam/bad site and this is not good for your blog in eyes of Google and others.
Who Suffers?
Ultimately, your blog, community and rankings could suffer. Although effect on rankings might not be much but losing a loyal commentator because of something like this is not good at all.
Currently, Blogger and WordPress, two widely used platforms can be easily used to hijack comment links.
Blogger uses Name/URL format for comments and hence, it is fairly easy to hijack. Some WordPress 'top commentators' plugins can combat tihs issue simply by grouping names by e-mail addresses. So, unless spammer knows exact e-mail address, he will never be able to appear in the list, whatever name he may use.
How to Protect Your Comments?
Commentators:
- Use Gravatars. Since they are tied to email address, spammers entering different address are caught. In Eddie's case, the difference in Gravatars raised the alarm.
- Make your comments unique. By unique, I am not asking to include anything special. Just comment as you normally do. Have something unique that identifies your comments. Again, Eddie uses "Hi There" and "Cheers" which served as second warning.
- Do not share your E-Mail address with others. If spammers know your address, your comments can get hijacked pretty easily.
Blog Owners:
- Keep an eye on behavior of commentators. If a commentator you recognize starts behaving strangely, check the credentials.
- Follow URL left in URL field of comment form. If it appears spammy, delete the comment.
- Use a plugin that is hack-proof. We use Top Commentators Widget by WebGrrrl.net and have enabled "Group Names by E-Mail" which makes sure that names do not act as identifier.
Have you had such experience? How do you identify and block such attempts. Do tell us in comments.
![About Writer [Blogging With Success]](http://cdn.bloggingwithsuccess.net/wp-content/uploads/2010/06/User.png "About Author")
About Author
![Related Posts [Blogging With Success]](http://cdn.bloggingwithsuccess.net/wp-content/uploads/2010/06/Document.png "Related Posts")
Related posts
{ 14 comments… read them below or add one }
I am so clueless, I wasn’t even aware that this was possible. And that entire “nofollow” “dofollow” thing? Beyond me. I have no idea what it means.
I do allow gravatars but so many of my commentators don’t have an avatar.
So no, I have not encountered this scenario. Or, at least, I’m not aware that this has happened on my blog. I don’t have a top commentators widget any longer since my redesign, so maybe I don’t have to worry about it now?
nofollow means that Search Engine bots do not pass link credit(or Page Rank) to the linked website. You do not need to worry if you do not have top commentators widget but you should keep eye at blogs that have it and where you are in list.
Thanks for making me aware about Comment Hijacking ! I was not at all aware about it, i will follow the above mentioned steps.
You already have Gravatar. Take care to check “Group by E-Mail” option if you ever add top commentators widget.
Hi there,
Mr.I – I should say, that this definitely got me by surprise. Until I read this article I was not in the least bit even aware of such a thing. Comment’s Hijacked. Uff, I guess this shows how desprate spammers are. Thank you very much for sharing this article with your readers. I’ve tweeted, stumbled and added it to my Technorati fav as well so that I can spread the word and create a sense of awareness among other bloggers. This will make me to start paying close attentions to the comments on my site as well. Good Job!
Cheers,
Eddie Gear
Thanks for sharing this post. This practice has been in use for some time now but most people do not know much about it. It requires just some basic stop to stop it and every blogger should pay attention.
Spammers are indeed very desperate but they are just wasting time.
This is really something alarming. Recently, i also fought against a spammer. The spammer came and began to write something in Mandarin. Each time he would come, he would post different links. The user name does not exist in bloggers. I even used a different setting but again the comment passed the initial check. Goggle account does not exist. Yahoo account, facebook, openid account always seem to be good and authentic. But of late i have seen Fake Google account. Google should start a customer care service like that in Blogcatalog. Recently BC has started a campaign to debar spammers, ad clickers. And i have used the feature to ban many fake users. I never publish comments from unknown users and comments that happen to be unrelated to post. This is for this reason many bloggers have started blog without commenting facilities. The comment form is a media of fruitful interactions and these nonsense spammers have made it a market place to sell random products. For this spammers, genuine users are being denied a media of interaction.
In bloggers platform this is too easy to post anything into the comment form. These people have only given headaches to the blogger in particular and the community in general. But…. nothing substantial can be done, the tragedy.
Thanks for the post. I wish something was done to debar these spammers.
As far as spam is concerned, Blogger(platform, not you
) is almost immune to spam due to complex commenting system including popups and captchas. But nothign can be done against humans taking time to fill the captchas and then copy-pasting comment. Google will most likely not launch any customer care soon.
You can try replacing blogger’s comment system with Disqus ( http://disqus.com/ ) which has better moderation control! (I will not be available for next 2-3 days, so if you have any questions, I would be able to reply only after a few days.)
This is something which is really Important and every one should give proper attention to this matter.
Now a days there are lot & lots of spammers who are after link spamming & this kind of Spammers can harm your blog any which ways. I clearly remember one of latest example on the Internet where entire automotive network is being spammed on daily basis. Thanks a lot for sharing such a Important information.
According to a study by Automattic, company behind WordPress and Akismet, 85% of all comments left on WordPres blogs (with Akismet) are spam. That’s a high percentage. The good thing is that most of them are blocked by filters.
Spammers keep on finding new methods and developers keep blocking them, its always a race(and thankfuly, developers are good in it!)
Wow, this post has been an eye opener. I never knew spammers would do that, just shows that as time passes by that things change. Us blog owners put in measures to blog spam and spammers find a loop hole some where else.
Thanks for the tips, I’m surely going to browse through my comments and take note of my not commenter’s details.
We should be very grateful for this post. Just last Monday, I posted this piece because my comment
activity was acting strange. And the first comment about it- also WEIRD!:
Something smells very fishy. I hope it’s not malice because I’m 100% sure I’m not the one who’s going to eat dust.
May 18, 2009 Posted by pochp | Uncategorized | random | 7 Comments | Edit
# 1.
….!
Comment by quagmires | May 18, 2009 | Edit | Reply
# 2.
See what I mean?
Comment by pochp | May 18, 2009 | Edit | Reply
#
….!
Comment by quagmires | May 18, 2009 | Edit | Reply
It might be a WordPress back-end problem or a bot leaving comments.
What What Precaution should I have to take for preventing this
Tej Kohli´s recent blog ..Tej Kohlis Best 2D Animation Tools
{ 5 trackbacks }