The amount of spam comments on my weblog entries has steadily increased over the last couple of weeks. These comments follow a general format: a generic comment about how they like this site and then a link to whatever it is they’re hocking. Usually an online casino or debt consolidation website.

I suspect that these spammers have an automated method of spamming, i.e. they find a site where comments can be posted via html form posting and then sending html post data without even visiting the site.

My first line of defense is to require that I approve a comment before I allow it to show up. When a comment is posted, I immediately get an email indicating that a comment is queued for approval. The comment does not appear to the public until I approve it.

This has worked fine, but I’m starting to get a lot of emails about comments that have nothing to do with this weblog or this site. One of the spammer’s comments, posted in my entry about the tsunami in Southeast Asia, was in extremely poor taste. The comment itself was not bad, but in the context of the weblog entry was not appropriate. This comment raised my ire.

I have now added a second line of defense, which is a checkbox on the comment form that must be checked before a comment is submitted. I am curious to see how long it takes before the spammers get around the checkbox. I suspect that I will need to continually change the comment form so that automated spammer systems’ post data will likely be incorrect.

As a side note, while I was rooting through the bowels of the comment entry form, I found a behavior that I will need to tweak: when a comment is entered, there is no confirmation that the comment was entered and furthermore there is no information describing the approval process for comments. This may lead folks to re-enter their comment or give up altogether, which I obviously do not want.