Did my comment on your blog get lost?

Did my comment on your blog get lost?

If you ever feel bad about your job because of mindless tasks you must perform day after day, or if you’re bothered by the fact that your chosen work pays crap, produces nothing useful, and helps no one: have a look at blog comment spammers and breathe a sigh of relief. They make almost any job look fantastic by comparison.

Unfortunately, they also spam up the very comment sections where people might go for a little break from work doldrums. When that happens on our site, we must take measures to protect our users. Read on to learn about the types of comment spam you might see, why they are banned, and why a good comment may sometimes take a while to appear on Malwarebytes Labs.

Mindless comment bots

To protect our users against the “produce” of mindless bots, we have had to take counter measures that unfortunately sometimes result in benevolent posts getting blocked. However unfortunate, we prefer this situation to one in which our readers could get infected or scammed after clicking on something that they have found in our blog comments. That would go against everything this blog and company stand for!

illuminati spam

Because most of the bad comments are blocked silently, readers will only see a small selection of spam—the tip of the garbage iceberg. If I had to guess, I’d say for every comment we have had to remove manually, a few hundred were blocked by the Disqus filters that we have in place to auto-moderate our comments section.

Our filters

So now you may be reading this because your comment did not show up where you expected to find it. Most comments are approved without being reviewed by a moderator because of our automated filtering. Some comments, however, will be held by our filters to wait for moderation. The reasons why it may be held for moderation are because your comment contains any one of the following:

  • Certain cuss words that are not suitable for all audiences. We know the current filters are strict, but we want discussion on our site to remain civilized and family-friendly.
  • Links and URLs. Any site that looks legitimate can, in fact, be malicious, so we rely on a human review to make sure links and URLs are safe.
  • Email addresses. This is not only to protect other readers, but the commenter as well. If you like your inbox to be filled daily with all kinds of “special offers,” go ahead and post your email address in a comment section that allows it.
  • Users with a low reputation, or in other words, known spammers and abusive users.
blocked IP

Manual moderation

If a comment meets any one of the criteria above, our filters put it in a moderation queue, which must be dealt with by one of our human moderators. Unfortunately, Labs doesn’t have an unlimited amount of comment moderators—there are only a few of us, and we’re mostly focused on gathering intel and writing the posts. Sometimes it takes a while before we find a comment that should have been allowed, and that adds something valuable to the discussion.

Most of the time, commenters figure out what was wrong with their comment and post an altered version without links or “bad language.” However, we hope this blog will now help those who didn’t know how to troubleshoot their own comment.

Favorite subjects

If you decide to post a comment that deal with certain subjects, the chances of your comment getting flooded by mindless bots are high, because even though comment spammers have many favorite subjects, our blog scores high for certain keywords, which bring on the spammer. These subjects are:

  • ATM cards
  • Cryptocurrencies
  • Tech support scammers
  • Hackers (for hire)
  • Bitcoin
unlimited ATM card

The fun part—for us anyway—is that when we warned our readers about a group of scammers that tried to peddle unlimited ATM cards on Facebook, the same scammers started posting comments under that article about why their ATM cards are the best, the cheapest, or the most trustworthy.

In fact, I’m pretty sure this post, with the proper keywords in place, will be a real honeypot for comment spammers in the categories we highlighted. And I’m not afraid that this remark will make a difference one way or the other. If anything, comment spammers have taught us that they either can’t or don’t bother to read our posts.

Are they bots?

It appears that most of our comment spammers are bots. Their behavior says just as much as the (misspelled) words in their comments. Bots can be sussed out by any one of the following behaviors:

  • Their posts are pre-formatted. They’ll cut and paste the same post over and over, even if there are spelling mistakes.
  • They are attracted by certain keywords, even if they are out of context.
  • They come from IPs that post more (spammy) comments that any single human user could ever produce.
  • Their post contains email addresses and usernames that were created by a random name generator.
bot registration name

What are the spammers after?

The main goal of these spammers is to get the attention of the readers, whether that’s by getting users to click on a link to their website or to send an email to their account(s). In rare occasions, links are posted to improve the SEO of the target page.

spamming links

They will say anything to get their links posted.

How to fight comment spammers

By knowing what they are after, you can work out an effective strategy to fight off comment spammers (if you are dealing with them on your own site). An automated system will take a lot of work out of your hands. Disqus and Akismet are the most popular WordPress comment filters. Both will allow you to review blocked comments and make changes, if you want.

Tech Support Scammers

When your comments on our blog don’t go through

The above reasons hopefully explain why we chose a combination of safety measures to protect our users, including blocking all links. In our situation, it’s better to create a little extra work for human moderators than to run the risk of allowing malicious links on our site.

If you feel we blocked your comment in error or need help with any of our products, you may reach out to our support team or post on our forums. If you posted a comment and it’s taking a while to see it on our site, double check that you aren’t violating our comment policy/filters. If you are, feel free to post an amended comment instead—that will likely appear automatically and allow you to participate in active discussions.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.