Simmons Consulting, the Website of Toby Simmons

Hashcash, Bad Behavior, and the depravity of man


I don’t get tons of comments here on my blog but I have a few posts that have gotten some attention in the blogosphere. As this site has grown, I have noticed more and more attempts at comment-spam. I might be getting a little ahead of myself, but let me say this: I truly believe that people are basically, in their heart of hearts, depraved. By that, I mean that man (left to his own devices) will come up with any number of dishonest plans and schemes to enrich himself at other’s expense. There, but for the grace of God, go I.

So, for the uninitiated, here is a little explanation of what comment spam is and why it exists.

Let’s say there is a fella who decides to get rich by using the Internet. Hey, tons of folks have done it, right? He wants to set up a sure-fire, can’t-miss web site. Maybe a Texas-Hold’em poker site (completely on the up-and-up, you know!) Or perhaps he wants to get into selling cheap drugs (Viagra!) online. Or, just maybe, he wants to serve up some pr0n. Whichever noble effort he decides upon, he gets his site up and running. But now, how is he going to draw traffic to his little cash cow?

Well, let’s stop and think about how people find anything on the Internet. What do they do? They use search engines. Like Google, Yahoo, and MSN. In fact, one search engine’s name has become the verb meaning to search the Internet: "Just Google it!"

Back to our honest entrepreneur: He knows he can submit his site to these search engines to get listed, but he don’t want to end up having his site listed on page 1,459 of somebody’s search results. Nobody is going to click through the previous 1,458 pages of results to find his site. He’s got to get his site listed high in the results. What does he do to get listed at the top of the search engines? Glad you asked.

People much smarter than I have studied search engines and what search engines do to rank sites. While search engines periodically change some of the details of their methods, one thing that is common to all is the weight they give to sites based on the number of people that link to them. In other words, if Site A has 10 people linking to it, but Site B has 1,000 people linking to it, Site B will get higher rankings.

So, what will this unscrupulous, loathsome creature do? He will lie, cheat and steal to create links back to his site. That is what comment-spam is. It is fake, robot-generated comments posted on victim’s web sites. These comments are designed to do one thing: create links back to the shyster’s site to boost their search engine rankings. Since it doesn’t matter what these links actually say, you will occasionally see comments that look like gibberish, but contain a link to a poker, drug, mortgage or porn site.

And that, my friend, is just more proof of the depravity of man.


So, what do I do to prevent getting spam on this site? For a long time, I used WP-Hashcash to prevent spammers posting their drivel on my site and it proved to be very effective against the automated comment-generating robots, at least for a while. The problem is that spammers are figuring out how to get around that.

Tonight I decided to give another WordPress plug-in a try, one called Bad Behavior. It is designed to catch spam using completely different methods than WP-Hashcash. So, if you have trouble posting comments to this site, please let me know. We’ll see if Bad Behavior can catch more of the trackback and ping spam that I’ve been seeing lately.

Just remember this: Mean people suck.

P.S. It’s funny. I disabled WP-Hashcash and within 5 minutes, got a spam-comment. I’ll try running both plugins for a while …

Comments (5) »

  1. IO ERROR says:

    Bad Behavior doesn’t intend to stop all spam, just automatically generated spam. I always recommend running two or more spam prevention methods.

    By the way, the primary reason for blog spam is to drive traffic to the spammers’ sites. Ranking highly in search engines is incidental to this, and may even be irrelevant.

  2. Toby Simmons says:

    Thanks for your comment and thanks also for your contribution of Bad Behavior. I’m looking forward to see how it performs with HC, especially with stopping trackback/ping spam.

    Yeah, you are right that blog spam is designed to lead traffic back to spammer sites. A gibberish post, though, isn’t so much designed to attract clicks (why would someone click on a link titled “finally truncted liquid opulance ringer”?) but instead to boost search engine rankings — which, in turn, result in clicks.


  3. Sadly, the old version of WordPress Hashcash is vulnerable to a brute-force attack which I have plugged. I’m currently developing a new version which should require that users really have javascript this time… but again, there will always be possible attacks against this. DOS and manual spam, to name two we can never get rid of….

  4. Stephen says:

    Thank you for the script.
    However, you left out one tiny detail.
    You must create a blank spamlog.txt file and place it in you 4images directory so the spamlog_view.php has somewhere to write the logs.

    Minor detail.

    Thanks again,

    Stephen in Wylie, Texas

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>