There is a great variety of products to protect your web project against an inescapable evil of the modern Internet – spam attacks, which refer to the spreading of illicit hyperlinks via comments and forum posts on legitimate sites. Despite dozens of available anti-spam solutions, even a multilayer combination of a few of them cannot ensure the total safety of your site and its visitors, because spamming methods are getting more sophisticated. Spam protection is not that simple anymore.
What makes spammers such a pest?
When spammers post unwanted links on any well-meaning website, they use its position, traffic and target audience to “promote” their illegal content (adult, warez, irrelevant ads, etc.) or spread malware (spy tools and viruses). Such link “promotion” is destructive to your project. Linking your site to other decent sites in the same field is a way to invest in its proper positioning and stable traffic growth; linking it to any irrelevant or malicious sites, even accidentally, will cause a bunch of opposite effects.
One of the simplest ways for spammers to connect a legit project to an improper source is to intrude on your website’s sections meant for user-generated content, like comments or forums, and publish some unwanted links there. Such an “accidental breach” usually happens when a spam control tool misses to block a couple of malefic comments due to some technical factors (let’s say a spammer was not yet reported and blacklisted in the anti-spam system for the moment of attack).
Why is it important to avoid any unauthorized outbound links?
When some unverified outbound links are posted on your site and not swiftly noticed and removed, they might create a relationship between your web project and some outer source of illegal content. In this case, your site gets involved in a “bad links neighborhood”. This situation may be critical in terms of Google search ranking, as robots will consider the site as spreading forbidden content. Other possible consequences might be as follows:
- Lower your website position in Google and Yahoo search results and further risk of the Page Rank drop
- Suspension of your AdSense account (in case you work with them) due to their strict policies, which don’t tolerate any illegal or spam links
- Spoiled reputation among visitors and regular audience if some of them follow unsafe links and infect their computers with malware
- Getting unsafe rating from SiteAdvisor and other similar services.
What barriers can we build against spammers?
Spammers can hijack your site using spambots which are able to flood an unprotected website’s user-generated sections with tons of replicated, senseless posts. Activity of spambots can be limited with the help of human verification tests (like CAPTCHA); however, there are some ways to hack them, including relay attacks, where human operators are involved to complete tests instead of spambots.
Spam protection needs to go beyond that, though. Tricky human spammers might spam you in a more accurate and targeted manner – they might get registered and authorized on your site/forum, study some of your materials, and then reply with some low quality ad-hoc posts, where malefic links can be hidden (so it is not so easy to notice and delete them).
A number of popular tools can automatically identify and block spammers by blacklisted IP addresses and/or typical spam content they spread, so those “comments” won’t get published. However, this type of solution (like Akismet, Mollom, etc.) is not perfect, as sometimes spam filters allow unwanted content and reject well-meaning comments due to “false alarms”.
Good old manual moderation of submitted posts can help to clean up the rest of spam (on the condition that you can stay watchful 24/7, fixing every breach of spam protection). In fact, most website administrators use a mix of spam control tools to achieve better efficiency, However, one single link published on your website despite all the protection systems (and this is not a rare case) is enough to get you in trouble with AdSense, Google search algorithms, etc.
Keeping in mind everything above and having some projects terrorized by spammers, our team of web enthusiasts hit upon the idea of implementing a specific layer of anti-spam protection to automatically detect unknown outbound links and take them under control.
This is how we created Sur.ly, a free CMS plugin to eliminate discreditable outbound linking on your site or forum.
How does Sur.ly help beat spam?
The Sur.ly team developed several principles, considering algorithms used by popular search engines to keep your site completely safe for use and eligible for search engines, hence non-sensitive to spam attacks:
- As far as every spam blocking tool has its own weaknesses, it’s hard to absolutely prevent linking between a legitimate site and some undesirable sources – there is always a considerable chance for a suspicious link to appear somewhere on your website. To nip the problem in the bud, Sur.ly automatically redirects any accidentally posted unverified hyperlinks via its interstitial pages. Being taken under control, such unsure outbound links stay safe for your website, its PR, AdSense compliance, etc. until you check and manually delete/approve them.
- Your site visitors should be protected against breaches of malware and illicit content. If a visitor follows a suspect link they will view the target page indirectly, via an interstitial page on Sur.ly, with certain precautions like warning about unsafe content. Sur.ly has its own mechanism to analyze pages you’re about to open and will warn you if some threat or abusive content detected.
- Well-meaning newcomers should be respected along with trustworthy regular users, so as a part of customer retention strategy it’s better not to forbid or block all messages with contributed links without consideration.
- It’s necessary to block repetitive spam attacks. Sur.ly protects referrers, so spammers will get only Sur.ly as the source of visits, thus there is no way for attacks to repeat.
Sur.ly can be used as a single spam prevention tool on your site or as the last line of your anti-spam defence to ensure 100% site security, along with other systems.
The bottom line
I started the entry with the fact that there are many products you can use to protect your website from unscrupulous attacks. At the end of the day, there really is no one-size-fits-all solution when it comes to spam protection. You will have to test a variety of combinations – products, services, and best practices – and tailor your protection to your specific needs. Doing so will ensure the best possible security setup for your website.
This article was written by Alex Dobrov, a freelance web developer and PR representative. He is also a member of the Sur.ly team.