I was thinking about posting something to Facebook. Their notification has successfully made me rethink my decision.
Tag: spam
@ambrwlsn90 - Thanks for writing that post. A question - how does Webmentions deal with spammers trying to add links to your posts? That was historically the big problem we wound up with both pingbacks and before that trackbacks.
— Dan York (@danyork) January 31, 2021
Dan, since you’re in the WordPress space, there are several pieces in place there. Akismet and other anti-spam tools can still be used to filter webmentions just like any other comment/response on your site.
If you moderate your responses on your site, the webmention plugin has an “approve & always allow” function as well as domain allow-listing for people you know and trust.
It also bears saying: there’s also nothing that says you have to display webmentions on your site either, you can use them simply as notifications on your back end.
In my experience, I’ve also seen people strip active links, scripts, etc. out of their received webmentions as a security precaution. I believe that the WordPress suite of IndieWeb plugins does this by default.
If you need/want to go further, you could work on implementing the Vouch extension of Webmention. Any additional ideas or brainstorming you’ve got to help mitigate these sorts of harms is most welcome.
For the record, for Webmention to work as a protocol, it requires a link to your site to actually appear on a public web page–something neither trackback/pingback required and made them even easier/cheaper to game.
I really wanted to post this 3 days ago, on January 10th. That would have been one year since I started recording the amount of spam I was getting over on my micro-site. I first noticed the problem in November 2018, and in January 2019 started keeping track. This graph shows all the data from the pr...
How is it that the saturated fats in Spam are so incredibly high, yet it doesn’t self-lubricate when cooked in a skillet?
Johan Bové (Johan's Known)Interesting experiment Chris. Too bad that the spam-bots found this site so fast. Especially for that reason I'm keeping the public comments on my own instance closed. What are you using for keeping webmentions to your site spam-free?
To my knowledge, there has yet to be an instance of spam within the broader community using Webmention. Of course, if it does become a problem there are community-based plugins like Akismet which have been very effective in the past. Others are also experimenting with building the idea of Vouch to extend Webmention as well.
cc: Chris Aldrich
👓 The spam technology ecosystem expands | Language Log
Wikipedia describes academia.edu as a for-profit "social networking site for academics", whose misleading .edu domain name "was registered in 1999, prior to the regulations requiring .edu domain names to be held solely by accredited post-secondary institutions". For my part, I'd describe academia.edu as "a source of large volumes of annoying unsolicited email".
Something got me thinking about comments on my website here. Almost no one posts native replies on my posts. I’d have to think that 99.9999% of all the replies on my website are now via Webmention. Perhaps I should cut off native replies just to cut back on the amount of spam I get? Hmmm….
👓 Instagram will remove fake likes and follows | The Verge
Fake likes and follows will be automatically removed
Christopher Tomlinson (Twitter)Have a following problem: lots of bot responses (more than 20 per hour for just one post)
— Christopher Tomlinson (@Christo37433424) October 11, 2018
Curious: what for do they do it?#curious #indieweb #bots https://t.co/WMfaHIZSh7
I suspect I’m missing some context, but taking a stab: the bots are hoping you’ll accept/approve their replies so that you put their links on your page for future clicks as well as SEO purposes. Like most spam operations, they just need an ~2% response rate to make the few cents that make doing this worthwhile. I personally blacklist some of the worst offenders by domain name, IP address, or judicious keywords.
👓 WordPress spam statistics: comments, pingbacks, trackbacks | Ryan Barrett
Comment spam is one of the most common forms of WordPress spam, if not the most common. Here are some anecdotal statistics for this site. During the month of November 2014, snarfed.org received 796…
👓 UDP spam from DirecTV boxes | Nelson’s log
I was watching my new Linux server’s bandwidth graphs closely and noticed a steady stream of about 70kbits/sec I couldn’t account for. 24kbps of that is my three DirecTV boxes sending U…
👓 Dear Marketing by Email “Experts” I’m Serious About Messing With You | CogDogBlog
Hi, Hello. I was wondering whether you’d be interested in selling advertising space on Does the phrase “No, not even after hell freezes over” mean anything to you? The advertiseme…
This is pretty hilarious. I definitely need something like this for my site.
Maybe I wouldn’t hate spam calls so much if people weren’t spoofing telephone numbers, pretending that they knew me based on two data points, or they didn’t so obviously sound like they were calling from the noisiest boiler rooms on the planet. If you’re going to try to waste my time you could also be a bit quicker about it.
On the other hand it is nice to get old school in person phone spam instead of the auto-dialed, pre-recorded nonsense I have been getting.