G.A.S.P.: WordPress anti-spam plugin. Good idea, but does it deliver?

by Klaus on December 2, 2010

in Blogging, Security, Web Development

G.A.S.P. , GrowMap Anti-Spambot Plugin, is a WordPress plugin that takes a different approach to spam filtering than Akismet does, which is the anti-spam plugin used by most WordPress bloggers.

Instead of analyzing the content of each comment as well as having a giant database with information about which URL’s, IP’s etc. to mark as spam, G.A.S.P. does something far more simple:

  1. Adds a checkbox below the comment field, which must be checked, before submitting the comment (to confirm the commenter is not a spammer)
  2. Adds an extra field “behind the scenes”, which users do not see, but spambots will usually insert text into.

If the checkbox is not checked, the comment will not be submitted. The checkbox is added using javascript, which most spambots are not able to render and thus they will not be able to submit their spammy comment.

Also, the extra field added behind the scenes (invisible to real users), is a trap for the spambots. Spambots will usually enter text into all the form fields before submitting the form, and if G.A.S.P. detects text in the hidden field, it will throw a warning and prevent the comment from being submitted, as it’s most likely spam.

As you can see, it’s quite simple – and it’s a very good idea. Unfortunately, I knew the second I read how it worked, that it wouldn’t work 100% and it’s just a matter of time before more spambots will figure it out.

The thing is, the spammers are most likely aware that WordPress is a widely used blogging platform, so they can set up their spambots to only fill out the required field and steer clear of the hidden fields that might be traps, like with the G.A.S.P. plugin. I’m guessing most spambots are not that clever, which is why G.A.S.P. does indeed prevent a lot of spam.

As for the checkbox that must be checked, well, apparently the spambots found a way through that one as well. After I’ve been running G.A.S.P. for about two weeks, with Akismet disabled, I’m getting some 20 e-mails a day with spam comments held for moderation, such as the examples below:

The two first looks like automated spam, that Akismet puts directly into the spam folder so you never get to deal with them – unless you look in your spam folder from time to time, of course. How they made it through G.A.S.P., I don’t know, but I’m getting around 20 of those a day. Before, I was getting maybe 100-200, so G.A.S.P. surely stops most of it – but not all.

The last one is clearly some guy being clever and abusing the fact that TechPatio is a do-follow blog. That “testking 650-393” link has nothing to do with his comment and is something about a Cisco exam – why did he link to that in a comment about Google and Chinese government? Do-follow abuse, that’s why! Some of you might be fine with comments like that, but not on this blog ๐Ÿ™‚

So, what’s the G.A.S.P. conclusion?

On the plus side:

  • You definitely get less spam into your comments database. Mine went from 100-200 daily to around 20. Some bloggers even report zero spam comments are making it through, so your mileage may vary.
  • Real human comments will never go into the spam folder by accident because of whatever reason Akismet might think it’s spam (the main reason why G.A.S.P. was developed in the first place, I believe).
  • It’s a free plugin, developed by Gail from GrowMap and also Andy Bailey who’s the genius mastermind behind CommentLuv. (read more posts about CommentLuv)

On the downside:

  • You’ll see all the comments that makes it through G.A.S.P. – including the spam comments such as the ones listed above. If you have e-mail notifications enabled, you’ll also see them in your e-mail inbox. You’ll also have to manually trash/spam them from WordPress dashboard.
  • Real human commenters taking advantage of do-follow blogs only to spam their product/website will also make it through G.A.S.P. – and you are likely to approve it, since you have no way of knowing if he’s only trying to take advantage of your do-follow blog or not. Akismet might have caught him as a spammer, because other bloggers marked the comments as spam.

For some of you, I think G.A.S.P. will prove a better solution than Akismet.

For me, however, I’ve disabled G.A.S.P. and went back to Akismet. I’d rather see a few questionable real-human comments go into spam per month, than having to see real automated spam comments appear in my e-mail inbox 20 times a day and having to mark them as spam in WordPress afterwards. Maybe it’s possible to run both G.A.S.P. and Akismet at the same time, I’ll have to consider that…

But that’s just my priority ๐Ÿ™‚

Comments & Leave a Comment

comments

{ 25 comments… read them below or add one }

Ileane December 2, 2010 at 19:28

Hey Klaus, It looks like GASP is still installed here on your blog because I just checked off the box to confirm I’m not a spammer.

GASP is a no-brainer for me and most likely anyone else that Akismet has decided to label as a spammer for no apparent reason (although I did hear a rumor that your web host might have something to do with it). When I saw Gail’s first post about problems with Akismet I wasn’t convinced. But it seemed that right around that same week I kept ending up in spam folders for my friends blogs and one’s that I visit often. Hey, you know it’s a problem when you get added to the spam folder of your own blog (I wasn’t logged in at the time I responded to a comment).

The bottom line is that of course I checked my spam folder every day. And the filthy and unsavory things I had to suffer just to find legitimate comments that never should have been there in the first place was enough for me to jump on the GASP bandwagon. I NEVER see that junk anymore now that I have GASP. Of course human spammers do get through but they are very easy for me to spot and I even blacklisted one guy for DoFollow abuse because I found his “cheat sheet” posted on the internet. HA!

Did you ever find any legitimate comments in your spam folder when you were using only Akismet?
Ileane recently posted… GrowMap Anti-Spambot Plugin

Reply

Klaus December 2, 2010 at 19:31

Hi Ileane,

Yeah I forgot to disable GASP so I did it just after you started reading the post, apparently ๐Ÿ™‚ But it seems you’re no longer being marked as a spammer, since your comment appeared here instantly (Akismet was enabled by the time you submitted).

I very rarely see legit comments in my spam folder. I can’t remember the last time I rescued some one, to be honest. I might find human comments there, but they’re usually from somebody who has a name like “Free Exam Cheat Sheets”, and that doesn’t really work with my “Use a REAL NAME – not keywords”-warning above the comment box ๐Ÿ™‚ So in that case, I’m glad Akismet decided to flag them as a spammer – otherwise I would have done it manually if it was bad, but usually I just delete the URL and approve the comment unless the comment is cr*p.

I’m glad GASP is working for you though ๐Ÿ™‚

Reply

Ileane December 2, 2010 at 19:59

Klaus, I contacted Akismet when I was being marked as spam. The first time they said they didn’t see any problem. I continued to have the problem on BizChickBlogs and 2Createawebsite, just to name a few. When I provided Akismet with the specific examples, finally I was “cleared”, but I never found out what the problem was to begin with ?? So I went back to Gail’s original post about Akismet and read through all of the comments – that’s when I realized that many other bloggers had the identical problem – in other words it wasn’t just a fluke.

Thanks for posting your thoughts on this. I’m sharing this post on Twitter and Facebook. ๐Ÿ™‚
Ileane recently posted… Whereโ€™s Your Blogging Integrity

Reply

Klaus December 2, 2010 at 20:00

Thanks for sharing ๐Ÿ™‚

Reply

Gail Gardner December 2, 2010 at 23:38

Klaus, Ileane,

The “problem” that Ileane experienced is that it is very easy to get flagged as a spammer by Akismet and challenging to get unflagged. This is especially true for friendly, outgoing bloggers like Ileane who visit many blogs. All it takes is commenting in new blogs where they don’t know you and them deciding you are a spammer – and that happens all the time.

That is why so many popular bloggers get flagged – they like to read and comment in other blogs. Some bloggers think any comment written by someone they don’t know is spam and others will click spam if they just don’t like what you wrote. They may think that keeps your comments from appearing in THEIR blog and don’t realize it blocks you across ALL blogs that use Akismet!
Gail Gardner recently posted… Best of GrowMap – Our Most Important Posts All in One Place

Reply

Klaus December 3, 2010 at 10:24

Gail,

As with all companies in the world, customer service experience are different. I’ve only had to contact Akismet once and it was a pleasure. I was commenting on a blog on behalf of another website, which has never been commented for on a WordPress blog before – and my comment went instantly into spam (I knew since usually it would say “waiting for moderation”- or something like that).

I contacted Akismet with the ULR of the site, and within one day, it was solved and it hasn’t been a problem since.

It’s true that one of the downsides to a system like Akismet, is that some bloggers can mark commenters as spammers and so they will also be (automatically) marked as spammers on other blogs. But at the same time, that’s also one of the advantage of the plugin. It really depends on what your preferences are as to spam protection.

Reply

Gail Gardner December 2, 2010 at 23:28

G.A.S.P. is only designed to block spambots – not real commentators who can indeed leave comments like those. Since there is a limit to how many spam comments a real person can enter but not to how many dozens or even hundreds a day spambots send this is a great trade-off to me. It saves me a ton of time and makes sure my real readers can comment.

I have to assume that you either don’t get very much comment spam or choose not to slog through all the botspam junk Akismet throws into the spam folder along with the real comments. It takes a lot less time to delete 10-40 manually left spam in my primary blog than it does to dig out 5-10+ real comments every day that Akismet put into the spam folder along with the 1000+ spam a day – almost all of it spambot spam.

If a blogger receives a lower volume of spam maybe they think using Akismet is a good trade-off but I sure don’t. This plugin saves me hours and hours every day because I manage over a dozen blogs besides GrowMap.

If you really want to use Akismet you might want to consider using G.A.S.P. too so you can block the spambots and at least see the real comments Akismet puts into the spam folder. You may want to be sure you don’t have Akismet configured to automatically delete comments in posts over 30 days old. I don’t know about other commentators but I do not comment in blogs that delete my comments instantly like that – and it is obvious when it happens because you get a blank white screen.
Gail Gardner recently posted… New Free How to Make a Blog eBook

Reply

Gail Gardner December 2, 2010 at 23:43

I forgot to mention one more part of my strategy for keeping spam out of my blogs. When I get manually entered spam comments like the ones you mention in this post I simply add that URL, name and/or email address to the blacklist section under discussions in WordPress. That will cause any more comments from that party to go to the spam section.

Combine the blacklist with the GrowMap anti-spambot plugin and then all you have to do is add new spammers to the blacklist. I am really happy that my real commentators comments can get through every day. That to me is more important than whether I have to delete a few spam messages.
Gail Gardner recently posted… Twitter- Increase Your Influence with Twitter Lists

Reply

Klaus December 3, 2010 at 10:50

Gail,

“It takes a lot less time to delete 10-40 manually left spam in my primary blog than it does to dig out 5-10+ real comments every day that Akismet put into the spam folder along with the 1000+ spam a day โ€“ almost all of it spambot spam. ”

Absolutely, I agree!

But the times I’ve went through my spam folder, I _very_ rarely find real comments that I would have approved anyway. Sometimes, sure. But it’s not worth my time to either:
* Manually spam 10-40 comments daily (and getting them in my e-mail inbox as well, throughout the day)
* Or, go through the spam folder and look for maybe one real comment among hundreds of spam comments.

People are more than welcome to comment here (as long as they don’t use keywords as name and by judging on how many does that despite of the big read text above the textarea, people must be blind or intentionally abusing my dofollow blog hoping that their comment will appear anyway) – but I’m not putting my blog out there, and my time, to make sure _all_ comments appear. My blog is here, and I’m spending my time on it, to blog. Allowing comments is just an extra benefit and in my case, Akismet does a really good job.

As mentioned, mileage may (will) vary with GASP, depending on what your goals and priorities are ๐Ÿ™‚

Where’s that 30 day-setting in Akismet, you mention?

Reply

DiTesco December 5, 2010 at 13:48

Just my two cents… I had the same experience with GASP and I decided to run it together with Akismet. If this is something that is recommendable, I don’t know but it is working well and I have reduced SPAM quite a lot by using them simultaneously. Still on Beta mode though ๐Ÿ™‚ We’ll see how it goes.
DiTesco recently posted… 4 Tips On How to Blog While You Travel

Reply

Klaus December 5, 2010 at 13:54

I’m doing the same, at the moment. I haven’t recieved a single spam comment in moderation yet (and in my e-mail inbox). While at the same time, keeping my spam folder to a minimum because lots of the spambots doesn’t make it through GASP.
Klaus recently posted… Quick! Text 911!

Reply

Justin Germino December 5, 2010 at 18:18

The latest version of GASP has heuristics which can block 1 or more URL’s in the comment and auto spam or delete a comment if a set # of words is in the username like “billy the car rental” if you set at 3 would be spammed.

This helps, but you are right there are still a few that get held for pending that Akismet knows are spam based on language and words included. Perhaps GASP needs another update with a list of “foul language” words used in the URL of the person or name and auto spam/delete those? This would have to include more than one dictionary as well.

GASP and Akismet can be used in conjunction too which is nice, though you tend to get some false positives ending up in your SPAM bucket with Akismet active.

Reply

Rob McCance December 7, 2010 at 22:44

That’s a shame that you have to spend a large amount of time just filtering SPAM. Time that could of obviously gone into other more productive things.

The guy that come sup with the “perfect” system that can catch like 99.9% of it will be a hero and possibly make a lot of money as well.
Rob McCance recently posted… Finding the Perfect Home

Reply

Joy Parks December 9, 2010 at 14:13

Nice strategy using Akismet and GASP at the same time. Just hope it will take the spammers a lot more time figuring out a way around this system.

Reply

Udegbunam Chukwudi December 9, 2010 at 23:04

G.A.S.P works just fine on my site and I had similar spam comments on my blog until I discovered that they were actually trackback spams. Please read my post to configure your G.A.S.P plugin well. http://www.strictlyonlinebiz.com/blog/g-a-s-p-hopefully-the-inevitable-death-of-akismet/1961/

You’ll be needing the Simple Trackback Validation plugin to keep the spam out.

I don’t use Akismet any longer ๐Ÿ˜‰
Udegbunam Chukwudi recently posted… Free Guide To Making Money Online In Nigeria

Reply

Klaus December 9, 2010 at 23:09

“Simple Trackback Validation” is not going to help me with the spam comments I showed a screenshot of above, in the post, as they made it through GASP as “real” comments (despite being obvious spam, two of them probably automated and one of them a human attempt on spamming a site not relevant to his comment).

But I’m using GASP and Akismet now – both of them. Works just fine ๐Ÿ™‚
Klaus recently posted… Photo of the week- Snowy tree

Reply

Doug Neubauer December 28, 2010 at 06:56

Just made a version of GASP using PHP instead of javascript. The concept is still the same, check the correct checkbox and your comment gets through, check the hidden box and you’re a bot! I used CSS to hide the “hidden” box, hopefully making it a bit harder for the bots.
Doug Neubauer recently posted… Click Through Rates and Search Classification

Reply

Udegbunam Chukwudi December 28, 2010 at 10:45

Can we get a link to your php version?
Udegbunam Chukwudi recently posted… Comment Luv Tricks &amp Blog Posts Of The Week 31

Reply

Doug Neubauer December 29, 2010 at 01:23

Hi. Just made a blog article with the PHP, etc. code here…
http://dougneubauer.com/2010/12/php-g-a-s-p-for-wordpress/

Just wrote the code yesterday, but it’s working for me, so hopefully there’s no bugs!
Doug Neubauer recently posted… PHP GASP For Wordpress

Reply

Rich Kent April 28, 2011 at 09:25

Thanks for the writeup. I see that you’ve gone back to using GASP – assuming you’re using it with Akismet, and I think I’ll do the same thing. While it’s fine having posts get dumped in spam, I hate having to clear out the spam folder periodically as it bloats the database. GASP seems better than adding captcha.
Rich Kent recently posted… One Hour Backlinks Review

Reply

Raymund Camat June 3, 2011 at 09:41

I really like GASP. Spam comments in blog decreased from 100 a week to almost zero. That’s an awesome improvement. I am just sad that many bloggers are using it with Akismet. They are not perfect in combination.

Reply

Paul G. October 9, 2011 at 02:13

I don’t see any reason not to combine the Akismet and GASP. In principle they can’t interfere with one another since their mechanisms are completely different.

I found this while looking to see if GASP had been made useless because I get the odd SPAM sign-up on my site even though I use it on my registration forms. But I guess there’s not a lot you can do about manual SPAMmers.

I do have one comment on your “Dofollow” principle based on what you mentioned earlier… if you suspect someone is abusing this, why don’t you just remove their url? You could put the comment up if it’s borderline and strip the url you suspect their linking. If they’re legitimate and spot the url missing they’ll follow up. Anyhow, that’s how I manage it and I’ve never received a complaint.

Cheers for the post.
Paul.

Reply

Klaus October 9, 2011 at 13:26

Hi Paul,

What you mention about removing the URL, I’m already doing that. I did remove do-follow from the URL itself though a while back, but kept it for CommentLuv, so most real bloggers will be able to benefit from the CommentLuv do-follow link. But I still remove the URL from borderline-comments or if the site is obviously only created to earn affiliate-sales and AdSense etc., and not to provide real value.
Klaus recently posted… Using Internet TV to learn Languages

Reply

Anna May 25, 2012 at 18:47

After reading this post, I just installed the GASP plug-in. I have had some problems with Aksimet and their billing. And yes, I’ve had to rescue quite a few legit comments from my spam folder when I was using Akismet.

GASP sounds perfect for me and my needs. I don’t mind sorting through a little spam in order to ensure that the legit comments don’t fall through the cracks.

Reply

Kris October 14, 2012 at 09:01

A simple modification that may work would be to add another field that is visible in the input tag, but hidden via style tags. This way it would be unseen to the standard css-enabled browser, but potentially filled in by the page-scraping bot..

The disappointing side of this is I know there are services out there that pay people in lower income countries to enter captcha codes all day long.. So it is also possible that some spammer is paying cents/hour for someone else to spam your blog..

Reply

 

Leave a Comment

CommentLuv badge

{ 4 trackbacks }

Previous post:

Next post: