Spam is annoying when it’s in your inbox, but when it’s on your website, it can actually be highly destructive and even undermine your business. If you’re trying to create an active comments section on your blog for instance, then having it slowly fill up with spam is a sure way to drive away people who might otherwise have commented and possible even to cause offense (some spam promotes products you’d probably rather not associate with your site). If you don’t look like you can keep your own house in order… then why should a visitor trust you as a business? It can even affect your SEO.
Worse still, there’s always a chance that spam can go deeper than affecting comments. Some spammers will actually go so far as to edit your code, thus creating changes that can’t easily be undone. All they need in order to accomplish this is the details for your server or a hole in your security and an understanding of the CMS (say WordPress or a forum). And if spammers can do this, they might even damage your site permanently.
Understanding ‘Brute Force’
The first step to blocking this kind of malicious spam is to understand how it happens in the first place. Often, this involves a technique called ‘brute force’ which is a method of hacking any site or device that has a password. Essentially what brute force involves, is the rapid trial and error of hundreds or thousands of username/password combinations, performed either by an automated ‘script’ or manually by one or many people.
Brute force attacks are what enable people to hack into accounts on your site – including the admin account – and they are what enable spam to be posted even when you have a form that tries to prevent it.
The best solution is to use ‘CAPTCHA’, which is a test designed to make sure that the user trying to log in is human and not a ‘robot’ (a script). To do this, it gets the user to copy down a series of symbols and letters that have been obscured in an image. More and more obfuscation is required these days though thanks to smarter ‘optical character recognition’ or ‘OCR’. The key is to walk a fine line between disrupting your users and keeping your site safe and that means choosing the best CAPTCHA from a variety of different options. This still doesn’t prevent manual spamming though.
Creating the Perfect Password
Another important thing to do is to use the best possible passwords for your own accounts. Choosing a good password, means picking something that is unlikely to be chosen by chance and that is unlikely to be picked by a human either. There are many tips you can follow for choosing a strong password, but one of the best strategies is simply to choose three random nouns then add some upper case and numbers at the end. Make sure you use different passwords for different accounts too.
More Precautions to Take
Any page on your site with a form where users can upload files or even raw text is potentially a danger because it may allow those users to upload malicious files. This gets very complicated so you’re best off asking a professional web design team to handle this process for you.
Another important precaution to take is to ensure security is as efficient as possible on your own computer. Otherwise malware might allow hackers to see the passwords and usernames by spying on your own computer. Keep your antivirus up-to-date and be weary of public WiFi.
Finally, to combat manual spam in your comments, it might be worth hiring a moderator. At first you’ll be able to handle this job on your own, but as your site becomes bigger, the need for a moderator will likely increase and you’ll find that this is an invaluable investment to make.