22 Jun 2020 • 10 min read
22 Jun 2020 • 10 min read
Spambot attacks are a very popular and unpleasant phenomenon among high-ranking online platforms and mobile applications. Most of their "sickening work" we often meet in the comments section. Comment spam hurts both SEO and business credibility. So how do we fight them and keep our SEO and credibility safe? Let's find out! To start with, let's take a closer look at what is "spam bot" and "comment spam".
Spambots are automated computer programs that range from simple automated scripts to sophisticated neural networks to do repetitive scenarios that involve sending irrelevant and often malicious content using emails, messengers, comments, and other ways of communication.
Comment spam (aka spomment or spamdexing) represents numerous forms of irrelevant content posted in comments on forums, blogs, social networks, or application stores, generated by spambots.
The most frequently occurring cases of comment spam are negative feedback, shameless advertisements, links referring to malware downloads, click fraud, and black-hat backlinks aimed to boost spammers' traffic.
The purpose of spam might be different depending on who is doing it; however, in most cases, comment spam is motivated by Black hat SEO method, which aims to automate the link building process to artificially increase SEO ranking, bringing down the competitors' popularity in the process.
Today’s search engines like Google are smart enough to detect and punish obvious black-hat SEO initiatives and spamming the same line of text all over the internet is likely to be noticed and punished quickly.
To make spam look more credible and effective, first, hackers have to create comment libraries by crawling comments related to their operation from all over the web, which then can be injected with malicious links, advertisements, pictures, etc.
The primary source of targets for spambots is search engines. Sophisticated spambots use their neural networks to make keyword research related to the specific industry, input them into the search engine, then locate and attack relevant websites that rank in SERP.
High-ranking websites become vulnerable to spambots by default as their comment sections are exposed to a fairly large number of users. If they don't protect themselves using verification tools such as CAPTCHA or content filters they instantly become the victims of spambots.
Spambots can create fake accounts on various platforms such as blogs, forums, social networks, and email platforms to expand their reach, thus protecting the signup and login sections of your platform is crucial to preventing comment spam.
Empowered by OCR technology that helps spambots crack 1st and 2nd generation CAPTCHAS forum spambots easily invade the forum discussions. Using target marketing and phishing, spammers spread advertisements, malicious links, and even gather significant personal data from forum users.
Spambot networks allow them to create fake accounts at any source that doesn't have a proper bot management system, including social networks whose business relies on the number of users directly. Hence spambots often occur in comment sections of large communities and groups on social networks.
Being the #1 video platform in the world, YouTube has a lot of comment spam because hackers use its leadership to deploy spambots for malicious purposes. Most of the YouTube spam comments are links to the websites outside the platform and YouTube channel promotion spam.
A lot of Facebook spam comes from spambots with fake accounts, which are often legitimate accounts that are exposed to hackers by account takeover attacks. They target a large number of communities and users with a lot of friends. Spam comments contain bulk messages, links, images.
There are frequent cases on Twitter when you get a new follower who might have a strange bio or no bio at all. These followers might post some links in replies using URL-shorteners such as bit.ly or others to hide the content. These links very often have malicious content. Their profiles also might contain those links and advertisements.
Instagram spam bots are secondary spam accounts created for the purpose of sending irrelevant content. They are quite often connected to real accounts. The account names can be similar to the main account but contain the word "spam". Spambots deliberately seek outposts with high views, likes, and amount of comments and post their materials there.
When your blog gains a certain amount of audience and a good ranking in Google search results spam bots eventually find it. They generate accounts and invade the comment sections under your posts and start spreading all sorts of comment spam in your blog. You can easily detect spam accounts by using names like "user123456" and "CheapRunningShoes" and also by links and IP addresses included in their bio.
Have you seen the news about Chinese students bringing down homework app ratings by spamming them with 1-star reviews in the application store? Such things are no joke, and if you are an owner of a brand new application, your aggressive competitors might send spam bots to bring down your rating by spamming negative reviews on it.
How Does Comment Spam Hurt Your Business?
Comment spam demonstrates a lack of moderation and generally careless attitude to your products and services. Also, a massive amount of fake negative comments on your products or service ruins the customer's trust and brand reputation. Malicious links in your comments might bring damage to your users and betray their trust.
All of these factors might increase your bounce rates and create a significant outflow among the present and potential clients.
Google has several strict requirements for website ranking in its search result - one of them is to be clean from spam. Sites with more backlinks can obtain more authority, which improves the rank of websites on the search engine result page (SERP). However, an excessive amount of backlinks might bring spam bots to your comment sections and pollute them.
There is a so-called spam score - a percentage of websites with features similar to yours or the one you have chosen that were penalized or banished by Google for different reasons. Spam scores can only be seen through using SEO tools like MOZ. If you have a high spam score - and you are confident that your content is indeed original, then it is time to pay attention to your comments sections.
Spam comments can bring a lot of unwanted traffic from any kind of content and, most undoubtedly, are irrelevant to your business. The vast amount of unintended traffic can slow down your website and increase your bandwidth costs.
Now, remember website loading speed is in the top priorities of the Google search algorithm, so if your website is loading too slow, it again drops down the ranks of search results. Moreover, in the era of user experience, slow loading speeds are a death sentence. The chances are high that your slow website will cause a lot of users to leave, which will potentially drive your clients away and even worsen SEO because of the increased drop rates.
When comments are starting to get abused by spam bots, many community leaders and blog owners consider switching the comments off, which means losing that precious bond with their readers that holds them together. But there are other ways out.
Detecting comment spam can be hard sometimes. First, you need to pay attention to users and their information and names.
1. Users with names "User 12345" or different numbers.
2. Users whose name contains a product or service for example "CheapMensWatches"
3. Users whose name includes the word "spam" for instance "JohnDoe91Spamzz"
4. Users whose information or bio contain links, especially with URL-shorteners such as bit.ly or others.
Of course, pay attention to the comment flow and check if the comments relate to the discussed topic. If you see unrelated pictures, links or advertisements, chances are high that the authors are spambots.
Comment sections are undoubtedly one of the best tools to build a close and long-lasting relationship with your readers. However, are you ready to sacrifice your SEO rankings and your company's good name for that? This is something you need to consider. Disabling the guestbook and comment section might solve the problem once and for all.
Moderating your comments and profile creation might help to combat comment spambots.
1. Signing Up Moderation
Moderating profile creation is one of the good ways to avoid an invasion of spambots on your website. Simple things such as email confirmation help to do that a lot. However, do not forget that sophisticated bots that can bypass such measures still exist, and their numbers are increasing day by day.
2. Comment Moderation
Comment moderation software, platforms, and plug-ins are very efficient tools. But they all require time, money, and human resources. Are you ready to sacrifice your time and money to filter comments every day instead of working on the development of your products? If yes then comment moderation tools might be a good choice.
CAPTCHA is one of the best tools that prevent bots from entering your website and mobile app. It gives users a puzzle which they need to solve when they want to register on the website. However, 1st and 2nd generation CAPTCHAs proved to be obsolete against modern bot threats because bots nowadays can use OCR technology which allows them to recognize the letters and objects within the challenges necessary to complete the puzzle.
Your best option is an advanced AI-powered CAPTCHA(link to “what is advanced captcha?” article) which uses a back-end engine to detect and block bad bots. Although there are ‘free’ advanced captcha options such as google’s reCaptcha, these captchas are incentivized by free labor provided by users who solve the captcha for labeling images. This causes an immense amount of friction to your users and it will affect your bounce rates and conversion rates negatively, moreover, these effects will be more significant if you are in a competitive industry such as e-commerce. Luckily there are more premium CAPTCHA options such as GeeTest(link to the main page) which uses behavioral and environment analysis to detect bots and the step-up challenges take less than 2 seconds to complete.
A honeypot is a trap created by developers specifically to recognize spammers and spambots. You can integrate an invisible field within the comment procedure which only exists in the code and is not visible by humans. When a user interacts with this field, you can be alerted to the presence of a bot. Although this technique causes no friction to regular users, it can be significantly less effective than CAPTCHAs. You can see a comparison of CAPTCHA vs Honeypot here. (link to captcha vs honeypot)
Google and other search engines encourage website owners to use "no follow" attributes. In this way, the backlinks put by spammers have no SEO value because Google spiders will not crawl those backlinks.
Noindex meta blocks the search engine from indexing the page, and as a result, the page never shows up in SERP. This attribute can help to protect the content that you do not trust to be seen in search results and to be exposed to spambots and hackers.
Building a website on platforms like WordPress is quite advantageous considering the fact that WordPress suggests a lot of plug-ins and tools to keep bots at a distance and prevent various forms of spam including comment spam. Here are the most popular ones.
Akismet is an automated tool that monitors your comments and profiles information for spam to prevent your website from malicious posting. It continuously examines and filters comment spam on your website or blog.
Akismet's biggest disadvantages are: it cannot stop spammers from entering your website. Also, too many requests might considerably slow down your site, which affects your Google ranking.
Antispam Bee is a plug-in based on honeypot technology. Its main feature is to trick spambots and reroute them from your website. It monitors spam according to the local spam database. Therefore anything that is not on the database might still get through.
Comment spam falls into the category of one of the most widespread bot threats online platforms are facing today. Since spam bots are getting increasingly sophisticated with machine learning tools and sophisticated neural networks, the best weapon against them is an AI-powered advanced CAPTCHA. Taking all this into account, the effectiveness of plug-ins and content filters become only half-measures.
Preventing comment spam and spambots is vital for the success of any digital business. A clean comment section not only boosts the SEO of websites but also helps to keep your platform credible and trusted.
Since the platform is not mature and doesn’t attract any significant traffic yet, it is unlikely to be a target of bots. Free anti-spam plug-ins will likely be sufficient to prevent attacks of any significance at this stage.
When your website turns into a busy hub, bots will take notice of this too. At this stage, it is best to deploy an advanced captcha solution to your platform. Whether it is a premium solution or not depends on the sophistication of attacks and the user-experience needs of your website.
When your online platform carries any significant volume of commercial value such as an e-commerce store or an online service platform, then you are likely to be targeted by spambots either belonging to fraudsters who are motivated by financial gains or unethical competitors who aim to damage the reputation of your business in the pursuit of gaining a competitive advantage.
No matter who is behind the spambots, at this stage, you are at high risk, and getting the maximum protection is of uttermost importance for the security and longevity of your business. It would be best if you looked for a premium captcha solution that will solve the spambot problem while positively impacting your UX in the process.
Subscribe to our newsletter