SPAM certainly isn’t something new. We’ve all come across it in one form or another. Most of you will be familiar with the first type – the tinned pork meat product that you see on supermarket shelves. Whilst that’s a globally-popular product, that’s not the type of SPAM we’ll be talking about here.
The type of SPAM I’m talking about here is something that, if you own a website, you’re more than likely to have already come across. It takes many forms, from emails, to post comments and everything in between. It really can be your website’s worst enemy. Why do people bother with SPAM, I hear you ask? Well, the answer is simple: it is still very effective.
That’s why I’ve put this blog together. If you own a website, it’ll explain how to make changes to your site to stop those SPAM attacks in their tracks. If you’re starting to build one, it’ll help you learn the pitfalls to avoid. Read on to find out about the main types of SPAM and what you can do to stop them.
#1: Comment SPAM
Do you run a blog where you’ve received comments which give you links to strange websites in far-flung countries, or have you maybe come across them on another blog? Well, that’s comment spam. What happens is, a spammer will use a particular piece of software, like ScrapeBox, to search the internet for information from easy targets. For those poor unsuspecting targets, they will start to receive many useless, unsolicited comments. Take a look at the comment section from the dashboard of my own website below.
Currently, I have 4 spam comments, that haven’t yet been approved or deleted. There isn’t a single one of them that is useful in any way. In fact, every single one of them has at least one dodgy-looking link to a random website, which could be malicious. As a website owner, you will want to ensure that they are all marked as SPAM and deleted as quickly as possible.
#2: Trackback SPAM
Trackbacks are essentially a feature of a website, which allow one website to notify another about an update. If someone links to your website, such as including your website address in a post, a trackback will effectively help generate a link back to them. These actually can be really useful, to help you with further promotion for your website.
So, you might be asking, if they’re so useful, why can trackbacks be SPAM? Well, essentially, spammers can use this feature to create many links to your website. Once they do that, if you haven’t disabled trackbacks, then your website will create a trackback in response. Once the trackback is live, the spammer will then remove the link to your website on theirs, making it look like you are the one linking to them.
#3: Email SPAM
Email SPAM is fairly self-explanatory. If you’ve ever received an email from an unknown source, which could have been doing anything from providing random website links to advertising a strange product, then you’ve been the victim of email SPAM.
When you’re running a website, you’ve more than likely got multiple ‘avenues’ for someone to SPAM you. For example, you might have your email address posted on your website on a contact page, in the footer, in a top info bar, or anywhere else. In addition, you might have a contact form, which is another avenue for someone to SPAM you.
#4: Spiders, bots and DDoS attacks
Now, this might be something you’re less familiar with. Bots and Spiders are basically automated computer programmes, which are used to scan your website, for various reasons. They’re not actually always a bad thing. For example, search engines like Google, Bing or Yahoo use these to scan your website and decide where to show it in search rankings.
However, I am sure you’ve guessed that there’s a reason why I have mentioned them here. That’s because they can also be used to try and extract information from your website, such as contact details, private information (which could include payment details) and other sites that you link to.
All of this can be done with the intention of overloading your website’s bandwidth, firewall or CPU, effectively causing your website to crash. That’s what’s known as a DDoS (Distributed Denial of Service) attack. These pieces of software can send lots of fake traffic to your website in a very short amount of time. If you’re interested to know more about these attacks, including some famous examples, take a look at this very interesting article from A10 Networks.
Golden Rules of SPAM Prevention
Although we haven’t covered absolutely every type of SPAM out there, we’ve seen the most common types that you may have come across. Whilst these can be very annoying, you’ll be relieved to know that they are for the most part preventable. There are some very simple things you can do for your website, to prevent it falling victim to SPAM. Depending on the platform you’re using, you may find these differ slightly. If you want to know more about how things might work on your specific website, I would love to hear from you. You can get in touch with me here.
#1: Use Google ReCAPTCHA
As I mentioned in a previous blog post, contact forms should always be included on your website. Installing Google ReCAPTCHA on your contact form, which can be done on any platform, will stop you from getting spammed by bots through it. There are different types of ReCAPTCHA, but the most common involves the user having to complete some sort of challenge, like this.
This is obviously something that a bot is not capable of completing, hence why it is so effective in preventing SPAM from that kind of source. Of course, this doesn’t protect against SPAM from a human, which is done manually, but there are other ways of preventing this, as you’ll see.
#2: Disable pingbacks and trackbacks
Whilst we have seen that these can have their benefits, it is without a doubt sensible to disable them on your website, to prevent related SPAM. It can be done in different ways on different website platforms. For WordPress, you should head here: Dashboard > Settings > Discussion > Default post settings.
There, you should make sure you un-check the box highlighted in the screenshot. Whilst you can override this setting on any individual post, disabling this by default will mean if you forget to change it on any given post, you’re still protected from this kind of SPAM, which is exactly what you want.
#3: Ensure all blog comments are manually approved
I mentioned earlier on in the blog that you should make sure any comments on your blog posts are set to be manually approved. Similar to disabling pingbacks and trackbacks, this can be done in different ways on different platforms. However, for WordPress, you should head here: Dashboard > Settings > Discussion > Before a comment appears.
Here, you should make sure the manual approval box is ticked, as per the diagram. If you are a particularly frequent blogger and you tend to get a lot of comments on your posts, this can be a little tedious, although it will help to avoid cases where SPAM comments are published without your consent. That’s particularly important if you want to avoid the negative impacts that SPAM comments can have, both on your security and your viewers’ impressions.
#4: Install an Anti-SPAM Plugin
Depending on the platform you are using to build your website, such as WordPress, Squarespace or GoDaddy, this part will be handled differently. However, for WordPress, the easiest thing to do is to install a plugin, whether it is free or a paid one. A comprehensive plugin will generally help to prevent SPAM in the following areas:
- Blog comments
- Registrations
- Contact emails
- Orders
- Bookings
- Subscriptions
- Widgets
- Custom web forms
- Checking existing comments and users for SPAM
That’s not an exhaustive list, although it is certainly a fantastic start. There are many types of plugin on the WordPress platform that would do this for you. The one you will see installed by default is from Askimet. This is a very comprehensive plugin that would ensure your website is well-protected. Personally, I use a different one, which is called CleanTalk. This is an extremely comprehensive plugin that works seamlessly in the background to protect your website. Since I installed it on my website, it has blocked 100s of SPAM attacks of various types. Plus, at just $8/yr for a single website, it is perfect for even the tightest budget!
How will Digital Lychee Help You?
At Digital Lychee, I am always looking for new ways to help you protect your website. If you’re just here to read the blog, then I hope you have found it very interesting and useful. Alternatively, if you are looking to have a website built, or have your current website improved, then I am here to help. I will provide you with all the advice and support you will need to run a website that doesn’t fall victim to SPAM. You can get in touch with me here. I am looking forward to hearing from you.