Scott Hanselman

Preventing Comment, Trackback and Referral Spam in dasBlog

August 13, 2007 Comment on this post [5] Posted in ASP.NET | DasBlog
Sponsored By

Blog spam is a huge problem. If you don't spend time "tending" to the garden that is your blog, you'll return back after a short hiatus and find it completely overrun with weeds and spam.

Here's how to keep your dasBlog installation free of SPAM.


Here's the absolute easiest way to clean your dasBlog installation of spam.

  • Turn off TrackBacks and Pingbacks
    • Trackbacks and Pingbacks are the way that blogs let YOU know that you're being talked about. For example, if I mention Greg, like I just did, dasBlog will send him a Trackback and a Pingback when I submit this blog post and there's an endpoint on his blog, listening over HTTP that will receive it. Then his web server will load up my page and check to see if there's really a new link. A pingback is the same thing, without the back-check.
    • However, more and more I believe the Trackback spec is broken. There's just no decent way to prove that the Trackback is legitimate.
    • Therefore, I've stopped collecting them. 7 out of 10 Trackbacks I get are spam, so I've turned off the service in DasBlog. Instead, I check Technorati for references to my blog in order to see if anyone's mentioned a topic I've blogged about.
  • Turn off Referrals
    • Referrals are created when someone simply arrives at your site from another site. They are created by the HTTP Referer (yes, it's misspelled) Header and it's the easiest of the spams to fake. It also grows forever. I've turned it off by un-checking "Save Referrals Along with Entries." This is especially important if you run a high-traffic blog. Quickly you'll find that Referrals will take up more space than your blog content!
  • Remove All your old Referrals
    • If you run the dasblogupgrader.exe (you can run it as many times as you like) on your content folder, there is an option to remove all referrals. I suggest you do just that, then turn off this option. It'll tidy up your XML files, make your whole blog faster and referral spam free.
    • You download your entire content folder to your local machine, and run:
      dasblogUpgrader.exe c:\myfolder\content
      and follow the prompts.
  • Stop Displaying Trackbacks and Referrals
    • Posts (items) in dasBlog are formatted according to the "itemTemplate.blogtemplate" file using well-known macros. Go into your theme's itemTemplate.blogtemplate and remove both <%TrackbackList%> and <%ReferralList%>. Both of them take processing time to load up the referrals and trackbacks you've collected, and if your blog is spammy, these will only display naughty things you don't want.
    • Instead, consider replacing them with a call to Technorati like this:
      <li class="technorati"><script src="" type="text/javascript"></script><a class="tr-linkcount" href="<%PermalinkUrlRaw%>">Blog reactions</a></li>
    • Or, use the FeedBurner service and include their Technorati "FeedFlare" option. Here's how to add FeedBurner Flare to dasBlog.
  • Turn off Comments or turn on CAPTCHA
    • I personally wouldn't suggest this, but you could always turn off comments all-together. I would argue that at this point you have a pamphlet, rather than a blog, but it's your blog.
    • Alternatively, you could make sure that CAPTCHA (those funny letters you have to type in to prove you're a human) is enabled.
    • You could also turn on explicit comment approval but if you have a high-traffic blog this will get old fast.
  • Close your Comments after some period of time
    • This is a little controversial, but I found that a lot of really old posts were getting spammed a lot. I started turning off comments for posts over 60 days old and my incoming spam dropped a LOT.

Slightly Harder (and still effective)

Ok, so you're not willing to do the easy stuff. Here's some more tricky things, that give you the best of both worlds

  • Start using Akismet
    • Go visit the site and sign up for a free account.
    • IMPORTANT: At the bottom, click "Just a username, please." You don't want a blog, remember, you're using dasBlog.
    • They will email you a welcome and in that email will be an API KEY. That's what you want and why you signed up for a free account. - Windows Internet Explorer
    • Go into the dasBlog configuration page at the VERY bottom and click "Enable spam blocking service." DasBlog uses Subkismet, from Subtext. Enter your API Key and click either "Save suspected SPAM" or "Delete Suspected SPAM immediately."
    • Akismet is very very accurate in my experience, so I just delete SPAM. It will block comment spam and TrackBack spam, so you could keep Trackbacks up with this solution if you like.
    • I would also greatly encourage you to pay them $5 a month or $55 a year via PayPal for preferred service. Your response from their servers will be faster. I've been very happy with them.
  • Add a Referral Blacklist
    • Still not ready to give up referrals? Enable the Referral Blacklist and enter in a ';' separated list of naughty words that appear in your referrals. Be warned, this list will be used to create a Regular Expression, so keep it simple.
    • Also, click "Send 404s to blacklisted referrals" and dasBlog will lie to the spammers and tell then the page is gone.
  • Block Specific IPs
    • If a particular IP Address is a problem, make a blockedips.config file in your /SiteConfig folder and put each IP on a different line. Then make sure this line in is the httpModules section of your web.config:
      <add type="newtelligence.DasBlog.Web.Core.IPBlackList, newtelligence.DasBlog.Web.Core" name="IPBlackList"/>
  • Install ReverseDOS
    • Still not satisfied? Install AngryPet's ReverseDOS and fight back. It's a fairly sophisticated HttpModule that lets you determine what's legit and what's not. Tony uses it under dasBlog and SubText ships with ReverseDOS. We likely will add this in the future, but you can always add it now.

These are the ways I know of to fight blog SPAM. If you have more, add them to the comments!

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Hosting By
Hosted in an Azure App Service
August 13, 2007 10:37
Well, not that I get a lot of comments, but here is what i use (because I do get a lot of Spam).
- Akismet (this is the best of course, although I have had occasions (twice) where a legitimate comment has ended up being marked as Spam.
- Wordpress allows me to put a comment in moderation if it has more than a specified number of links (I have the setting at 2 links). As most Spam have high number of links, this helps.

- I don't use Captchas, because I find them irritating myself.
- I don't moderate comments, because I find it irritating when I comment on a blog and my comment doesn't reflect immediately.
August 13, 2007 13:08
For fighting trackback spam you might want to look here for some good practices. It is also part of the Subkismet source code.
August 13, 2007 18:30
I've found for myself, that one of the most effective ways to stop spam is to not be popular. This is a tried and tested technique. In fact, if you use this technique, you may actually find yourself TRYING to get spammed just so you can see a comment or two. You'll know you're really working this technique effectively when you find yourself replying to the spam with a "Thanks for reading! I'll be sure to check out your link, goodness knows I'd love to grow 10 times larger! Thanks again!!".

Your mileage may vary of course. I'm just suggesting something I've found works for me.
August 14, 2007 1:03

if only you were so lucky.... anyway, I am one of those few lucky people who no one knows, and yet, all I get are Spam... Akismet catches a dozen almost daily.

Anyway, I did find your comment funny.

August 14, 2007 9:59
I love this site.

Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.