Bloggers, Beware! You will not even know and someone will hijack your comments. Keep an eye on comments of your blog as well as on comments you make.
What is Comment Hijacking?
Comment hijacking is a technique that spammers use to “steal” links from Top Commentators widget. It is all about getting a free link without any hard work.
Recently, two attempts of hijacking have been done here on Blogging With Success. Eddy Gear’s name was targeted both the times.
How is Comment Hijacking Done?
Here is how it works: Mr. Spammer sees a blog with top commentators widget, notices it is ranked well in search engines and sees if the links are nofollow. Once links are confirmed to be dofollow, he starts his work. He picks up a name from the widget, leaves a one-line comment with same name but different e-mail and website addresses.
Blog owner thinks that the comment is made by his top commentator and approves it. Spammer gets a free link to his website and efforts of legitimate commentator are wasted.
Here is how the attempts on Blogging With Success were made:
Spammer used the name Eddie Gear and left a one line comment. Obviously, he did not know Eddie’s e-mail address and used a different one. Since it wasa human leaving the comment, our first line of defence, Raven’s AntiSpam, let it go through. Since the name did not have any spam history, Defensio also let it through. So, it managed to pass second line too.
Then a somewhat more intelligent line of defense (your dear writer, Mr. I) spotted it. Now, I know that Eddie does not leave one line comments. Also, I have never seen his comments go without “Hi There” at start and “Cheers, Eddie Gear” at end. Moreover, there was no Gravatar. Eddie uses “M”, Metallique’s (his website) logo.
Seeing so many abnormal things at once, I decided to check comment in detail and found the email address was different. But then, there are more Eddie Gears around the world! So, I decided to see if URL was spammy or not. Following it revealed that the website was an illegal music sharing website. This confirmed the hijack and I deleted the comment.
A second attempt was made again on April 16 and this time again, I caught the comment.
Is it Bad?
Yes! Here’s why:
- The effect on community is not good. Blogger whose identity is taken is seen as ignorant.
- The efforts of good commentators are wasted and they might fly away.
- Spammer links his name to a scam/bad site and this is not good for your blog in eyes of Google and others.
Ultimately, your blog, community and rankings could suffer. Although effect on rankings might not be much but losing a loyal commentator because of something like this is not good at all.
Currently, Blogger and WordPress, two widely used platforms can be easily used to hijack comment links.
Blogger uses Name/URL format for comments and hence, it is fairly easy to hijack. Some WordPress ‘top commentators’ plugins can combat tihs issue simply by grouping names by e-mail addresses. So, unless spammer knows exact e-mail address, he will never be able to appear in the list, whatever name he may use.
How to Protect Your Comments?
- Use Gravatars. Since they are tied to email address, spammers entering different address are caught. In Eddie’s case, the difference in Gravatars raised the alarm.
- Make your comments unique. By unique, I am not asking to include anything special. Just comment as you normally do. Have something unique that identifies your comments. Again, Eddie uses “Hi There” and “Cheers” which served as second warning.
- Do not share your E-Mail address with others. If spammers know your address, your comments can get hijacked pretty easily.
- Keep an eye on behavior of commentators. If a commentator you recognize starts behaving strangely, check the credentials.
- Follow URL left in URL field of comment form. If it appears spammy, delete the comment.
- Use a plugin that is hack-proof. We use Top Commentators Widget by WebGrrrl.net and have enabled “Group Names by E-Mail” which makes sure that names do not act as identifier.
Have you had such experience? How do you identify and block such attempts. Do tell us in comments.