By “manually-submitted”, I mean someone is actually taking the time to create a (probably fake) e-mail address, registering on the site, confirming the e-mail and then submitting their pieces of spam one-by-one. When last I counted, I receive about 100 to 200 spam content items by this method per week. That the spam never sees the public eye doesn’t seem to deter spammers in the least. None of this spam is ever “published” on the site, it is all held in a queue until I can manually delete it. A pain for me, and of absolutely no value to spammers. I’d e-mail them and ask why they bother if I thought it would result in an answer.

Under the assumption that my pleas to stop would go unanswered, I decided to sit down and come up with an efficient way of dealing with it. The problem is that the queue could potentially hold submitted material from new users (once a user has submitted good content, they immediately get a role that allows them to bypass the queue), so each item must be vetted as either ham or spam.

A while back I began using the Spambot module, which does a great job. With it you can click a “Spam” link on a user’s profile page and immediately delete them and all their content. What’s more, you can report them to the excellent Stop Forum Spam service and give the spammers a slightly harder time respamming (or spamming others).

Spambot is great, but slow. To moderate, I need to look at a piece of content, determine if it’s spam, click the submitter’s name, click the “spam” menu item, select some options and then delete. For intermittent spam submissions this would be fine, but for dozens of spammers every few days, it’s too labourious.

And so today I came up with a better system of bulk/batch killing mass amounts of manually submitted spam in one fell swoop, and also report the spammers to Stop Forum Spam. The following is what I did and how I did it. Please, please read the disclaimer + warning at the bottom of the post before proceeding.

How To Do It

My goal was to create a system whereby I could simply select all the spam content directly from the main list of Drupal content, select a “Kill Spam” action from the “Update” dropdown and be done with it. So if a spammer submitted 10 articles, I could simply select one, flag it as spam and the system would kill all the content by that user, delete the user and report them to Stop Forum Spam.

First things first, you’re going to need a few Drupal modules:

• Rules
• Views Bulk Operations (VBO) (and, of course, for VBO to work, you need Views)
• Flag

Once we have those installed, we need to configure each one to do what we need.

Create a “Spam” flag

The first step is to create an action we can use on the Content page to flag our content as spam (and then automatically do something with it). For this we turn to the appropriately named “Flag” module — /build/flags/add — give the flag any name you wish (eg. “kill_spam”) and then click “submit”. The following screen will give you a number of fields to fill in to define your flag. The key fields are:

• Flag Link Text: this is the text that will be shown as the update action on our Content page. Set it to something obvious (“Flag as Spam”)
• Global flag: make sure it’s checked
• Roles that may use this flag: You’ll probably want to limit this to the administrator (or moderators)
• What nodes this flag may be used on: You can limit which content types this flag can be applied to

Create a VBO View to list all content by a certain author

Things are going to start to get a bit trickier, but hold on tight and we’ll get through this together. Next up is creating a list of content we can perform batch operations to. We want to be able to select a single piece of content and from that get the user who submitted it, and all their other content. To do this we use the extremely powerful combination of Views and Views Bulk Operations (VBO).

Create a new View (Site Building -> Views -> Add), call it whatever you’d like (eg. “content_by_user”) and make sure View type is set to “node”.  The settings for the view are:

• Style: Bulk Operations – Under the Style Options you’ll be presented with a long list of available operations. Put a check beside “Delete Node“.
• Items to display: Unlimited
• Add an Argument of User: Uid — This filters the results by a specific user ID. Very important, as we don’t want to bulk delete just any old content. See this screenshot for detailed settings.
• Fields — strictly speaking, you do not need to add fields, as the bulk operation isn’t going to use them. However, I found it handy for testing and so added a few.
• Filter — The only filter I set was for “Published” and then set it to “no”. This was a bit of a failsafe to assure that I could only ever bulk kill unpublished nodes.

That’s it, if you set everything right, it should look similar to the screenshot below. You can test and see if the right results are occurring by putting a spam user’s UID in the argument field for the preview section below the view (you’ll need to have added some fields as mentioned in the points above). It should list all the spammer’s content. If no argument is given, no content should show up. If content does show up when no argument is present, double check your settings.

What your View should look like

Creating the Rule & putting it all together

The final step is to create an action (or rule) that triggers when the content is flagged. We do this with the (again, appropriately named) Rules module — /admin/rules/trigger/add.

Give it a label, any label, and then select A node has been flagged, under “Spam Flag” for the event. The next screen will allow you to choose conditions (IF) and actions (DO).

Conditions
We only need one condition, and if that is optional.

• Content is Published: NOT. You need to check the “Negate” checkbox to get the NOT part. This is another failsafe so that the action will never get triggered unless the content you’re flagging is unpublished. It’s not strictly necessary, and may not be applicable in all cases (ie. if your spam content could potentially be published when moderating it).

Actions
We will add four actions: Load the flagged content author, Use user object to execute a VBO programmatically, Report to StopForumSpam.com, Delete user.

1. Load the flagged content author: From the select box choose Content->Load the content author. This is where we get the author (ie. spammer) UID to pass to our VBO View we created above. The “Content” select box under “Argument configuration” should have “flagged content” selected.
2. Use user object to execute a VBO programmatically: This action deletes all content by our spammer based on the Bulk Operations view we created above. The key part of this step is supplying the View with the user UID of our spammer. On the edit screen, use the following options (screen capture):
   • Object: We choose “flagged content author”.
   • View: We select the view we created earlier, in my case it’s called content_by_user.
   • Operation: Assuming you followed the directions above, you should only have one option here, Delete Node.
   • View Arguments: This is where we pass the UID argument to the view. Simply input the following into the box: return array($object->uid);
3. Report to StopForumSpam.com: This is an optional action that will report the spammer to StopForumSpam.com and hopefully help prevent the spammer from spamming your site or mine in the future. For this step you’re going to need a free API key from StopForumSpam.com. To create it we create a new action of the type “Execute custom PHP code”. Give the action a label (eg. “Report to StopForumSpam.com”) and put the following PHP in the PHP Code area. NOTE: You should not include the <?php or ?> delimiters:
   

   Code block

   <?php
   $hostnames = array();
    
   // Retrieve IPs from any sessions which may still exist
   $result = db_query("SELECT DISTINCT hostname FROM {sessions} WHERE uid = %d", $author->uid);
   while ($object = db_fetch_object($result)) {
     $hostnames[] = $object->hostname;
   }
    
   // Retrieve IPs from comments
   if (module_exists('comment')) {
     $result = db_query("SELECT DISTINCT hostname FROM {comments} WHERE uid = %d", $author->uid);
     while ($object = db_fetch_object($result)) {
       $hostnames[] = $object->hostname;
     }
   }
    
   // Retrieve IPs from statistics
   if (module_exists('statistics')) {
     $result = db_query("SELECT DISTINCT hostname FROM {accesslog} WHERE uid = %d", $author->uid);
     while ($object = db_fetch_object($result)) {
       $hostnames[] = $object->hostname;
     }
   }
    
   // Retrieve IPs from user stats
   if (module_exists('user_stats')) {
     $result = db_query("SELECT DISTINCT ip_address FROM {user_stats_ips} WHERE uid = %d", $author->uid);
     while ($object = db_fetch_object($result)) {
       $hostnames[] = $object->ip_address;
     }
   }
    
   $hostnames = array_unique($hostnames);
    
   // We now submit a report for each IP address found attached to the spam user.
   foreach ($hostnames as $ip) {
     $sfs_api_key = 'INSERT STOPFORUMSPAM.COM API KEY HERE';
     $url = 'http://www.stopforumspam.com/add.php?username='.$author->name.'&ip_addr='.$ip.'&email='.$author->mail.'&api_key='.$sfs_api_key;
     $sfsresult = drupal_http_request($url);
     if (!empty($sfsresult->code) && $sfsresult->code == 200 && empty($sfsresult->error) && !empty($sfsresult->data)) {
       $sfsdata = unserialize($sfsresult->data);
       if (!empty($sfsdata['success'])) {
         return TRUE;
       } else {
        watchdog('spamcleaner', t('Request unsuccessful: @url !dump', array('@url' => $url, '!dump' => "<pre>\n" . print_r($sfsdata, TRUE) . "</pre>\n")));
       }
     } else {
       watchdog('spamcleaner', t('Error contacting service: @url !dump', array('@url' => $url, '!dump' => "<pre>\n" . print_r($sfsresult, TRUE) . "</pre>\n")));
     }
   }
   ?>

   Much credit for this code is owed to Spambot, as a good chunk of it was lifted directly from that module. The code hunts down various IPs that the user used to access the site, including Sessions, Comments, Statistics (if enabled) and User Stats (if enabled — the User Stats module is required).

4. Delete user: The final action simply kills the spammer user account. Make sure the User setting is set to Flagged content author.

Your Rule should now look something like the following:

Spam Cleanup Rule

Wrap Up

If you made it this far, give yourself a pat on the back — that wasn’t for the feint of heart. You should now be able to head over to your Content list, select the spam content items and choose your flag from the “Update options” list. As soon as you hit update, your system should trigger the rule, which will delete the spam content items, report the spammer and delete the spam user’s account.

This simple plugin gives WordPress-powered sites an easy way to add a “return to top” link to their pages. You can see it in action here, simply scroll down the page a bit and you’ll see a “return to top” link appear.

New in v1.2: You can now completely customize the positioning of the link/graphic. All the pre-sets (top-left, bottom-right, etc.) are still there, but now you can also define your own offset values. Additionally, you can now customize the ToTop Link image to be whatever image you’d like.

Check out the plugin’s page, or on WordPress.org’s plugin page.

EDIT: Version 1.3 Replaces Version 1.2

I jumped the gun a bit with yesterday’s release of ToTop Link 1.2. One of the new features was using getimagesize(), a PHP function that on some systems will return an error. I’ve reworked the plugin to avoid this issue, and have also sexed up the admin interface a little bit. You can upgrade to v1.3 via your site’s admin interface, or just go directly to the WordPress page and download it.

I’ve also added an option that allows you to define whether you wish your category description to be used as the category page’s meta description. Optionally, you can use the content of the top-most article in the category listing. If set to “category description”, and no category description is available, it will default to the top-most article’s content (which was what occurred in SEOSimple 2.0). This is actually a re-addition, as this behavior was (and still is) standard in the original Joomla 1.5 version of the plugin. As such, if you’re still using Joomla 1.5, there’s no update for you, as no new features were added.

You can go here and download the plugin directly, or visit the official SEOSimple homepage for more details and instructions. And please report any problems you have either on the SEO Simple Support Forum, or in the comments on the SEOSimple home page (preferably the support forum).

And please, if you use SEOSimple and find it useful, vote for the plugin at the Joomla Extensions site.

This simple plugin gives WordPress-powered sites an easy way to add a “return to top” link to their pages. Rather than explain how it works, simply scroll down the page here and you’ll see the link image appear in the top right corner.

Settings allow you easily to adjust the positioning and style to best fit your site. As always, it’s the first version, so all bug reports and feature suggestions are warmly welcomed.

Check out the plugin’s page, or on WordPress.org’s plugin page.

Here at Dao By Design we near exclusively build using one or the other, and I couldn’t agree with Matt’s comment that initially Drupal was a very powerful and complicated CMS that has become easier to use, and WordPress was a simple platform that has become much more powerful. Some things are still easier on one or the other (WordPress still leads with backend UI/UX; whereas Drupal has better i18n support and much better handling of custom content types).

Squabbles aside, I agree with Matt that either CMS could handle the scope of virtually any project.

Also check out Dries most recent blog post, “Sitecore FUD“, a fantastic taking apart of a proprietary software vendor’s slagging review of opensource CMS projects (specifically WordPress and Drupal).

This spam is virtually all “link building” spam. This means that — unlike e-mail spam — the intention of the spammer is not to get you to visit the site or product they’re linking to, but rather they are building a massive collection of links back to the source. The reason for this is because search engines use the number and quality of links back to your site to help determine your site’s authority (or PageRank). In a perfect world, such links would all be genuine “votes” for your site from other Web sites, in our world it results in paid linking schemes, and this sort of spam.

I realize the Internet both fosters and requires a healthy level of cynicism in its usership, but I try my best to maintain the view that most people are good people. I believe that the vast majority of Web sites that are spamming my sites are not actually the culprits directly responsible. I would guess that in well over 50% of cases, they have paid a firm to handle the rather nebulous “SEO” work. Frequently this is just the guy that designed their Web site, who then heads over to an outsourcing resource and offshores the work to cheaper labour in India, Eastern Europe or Asia.

It is then this sub-contractor that employs questionable tactics in an attempt to boost the site’s SEO value. The problem, aside from being an incredible time-suck in my day, is that not only does it have a very low return value, it runs the very real risk of doing far more damage to the site than no link building at all.

A lack of benefits paired with dangerous consequences

First, most spam messages land in spam traps and never see the light of day. Of the millions of spam comments, profiles and various other submissions I’ve received on my sites, very very few ever actually make it to the “live” indexed site. Most are simply auto-moderated and deleted. This blog, for example, gets approximately 1,000-2,000 spam comments per week, and I never even see most of them.

Those that do get through are often tagged with a “nofollow” attribute that tells search engines that it is valueless and shouldn’t be used as a “vote” for the link’s authority.

But worst of all for the offending site are people like me — people who go out of their way to report spam Web sites to blacklist Web sites and the search engines themselves (see resources below). This has the potential of not just lowering the spam site’s ranking in search engines, but having it removed completely. And should the offending site get on a Domain Name System Blacklist (DNSbl), it could hurt the site’s ability to have their e-mail received by customers and clients.

To me, that’s a lot of risk to take in hopes of getting your site well-positioned on Google. It’s a risk a lot of spam/affiliate sites are obviously willing to take, as they’re not “real” businesses and so can quickly be shut down and pop up again under a different name/domain. However, for genuine businesses engaging in similar reckless behavior (with their knowledge or not), could find themselves with a useless domain, no search engine ranking, and a need to find a new IP or hosting provider; never mind that it also flushes their reputation down the toilet.

Punish the site, not the spammer

Most spam catching does so through the use of IP addresses and the e-mail address of the spammer. Unfortunately these are very quickly switched and regenerated for a new batch of spamming, and thus mostly useless as an effective way of stopping spam.

This is why I think the best way we can prevent spam, at least from legitimate businesses, is by punishing the legitimate business. Actively trying to get a legitimate business that is ignorant of the blackhat actions of their SEO “expert” might sound harsh, but it is the most effective way of assuring better consumer education, which in turn will encourage SEO firms to develop better practices or risk losing newly-informed clients to more ethical firms.

If you run a Web site that gets spammed, I hope you’ll join me in taking a hard line against this sort of spam. It’s easy to just flush it and forget about it, but a little bit of reporting can go a long way to reminding companies hiring spammers that ignorance of the method is not absolution. If you are a company looking to increase your search ranking and considering hiring an SEO firm? Please educate yourself on at least the basic do’s and don’ts. Here is some advice from Free Marketing Zone:

Researching Before Hiring an SEO Firm

Find out a little bit more about the company and its clients. If they publish a list of the clients they have worked with, contact those clients and ask about the SEO firm. You can go to search engines and see if their clients rank highly by selected keywords or keyphrases.

If a company doesn’t provide a client list, you can ask in forums and message boards about an SEO firm. Maybe some clients will show up and advise you about the firm.

Another way to check if a firm is worthy is to see who links to them. Go to Google and Bing and type in:

link:www.seofirmname.com

Look at 20 pages at least. If you see that links are from blog comments, link farms, FFA pages, or there are hundreds of links from non-related Web sites linking to them, then there’s a red flag. Various related pages or client sites linking back are a good sign.

Some Resources

• Google’s Webmaster Tools has a recently revamped reporting page for Webspam. You will need to have a Google Webmaster account, which if you own a Web site you should have anyway.
• Bing.com also offers a similar reporting feature for spam or malicious content found in their search results.
• And Yahoo as well.
• Here is a great list of links to various reporting and spam tracking sites.
• If you’re concerned your domain/IP might have been blacklisted, you can check it at BlacklistAlert.org.
• Kaiser the Sage has some creative and ethical ways in which you can purchase links and build your site’s traffic without running the risk of blacklists.

That’s not all — I’ve finally fixed a number of small bugs that have been growing dust on my todo list – including fixing the K2 compatibility issue and the occurrence of an “uninitialized strong offset” error.

I’ve also added a couple new features, namely an expanded number of options for Front Page titles, including not modifying it at all (while still modifying regular pages); and a NOINDEX on Category Pages feature that when enabled modifies the ROBOTS meta tag on all category pages to be “noindex, follow”. “NOINDEX, FOLLOW” means that search engines wont index the page and potentially penalize your site for duplicate content, but it tells the search engine to still follow the links on the page (to regular articles) and index those. This feature is still very much a “beta” feature, so please test it out and report back any bugs.

You can go here and download the plugin directly, or visit the official SEOSimple homepage for more details and instructions. And please report any problems you have either on the SEO Simple Support Forum, or in the comments on the SEOSimple home page (preferably the support forum, as the # of comments is a bit insane).

Oh! And remember to vote for the plugin at the Joomla Extensions site.

I’ve just released a new WordPress plugin that adds honeypot functionality to the popular (and frankly, awesome) Contact Form 7 plugin for WordPress.

Built out of self-necessity, the Contact Form 7 Honeypot plugin simply gives CF7 users an additional “honeypot” element to use when building their forms. A honeypot, for those unaware, is a spam trap that attempts to prevent spam bots from clogging up forms with their junk.

This is a non-intrusive method of spam stopping that, in contrast to ugly captchas, works behind the scenes to provide similar challenges for bot-submitted spam. Don’t get us wrong, CAPTCHA technology is cool and we use it as well. However, sometimes you just don’t want to muddy up your form with a chunk of ugly/squiggly intentionally hard-to-read text.

All feedback on the plugin is greatly appreciated. Please leave your comments here.

As such, we’re extremely proud to present the China Blog Network.

And of course, no overhaul would be complete without a bunch of new features to assist in facilitating the site’s primary purposes — helping China bloggers connect to one another and getting their blog discovered by a wider audience.

The premise of the CBN is simple, members submit their sites, and the sites are then “connected” to one another in traditional Webring fashion facilitated by the completely redesigned CBN Widget.

Additionally, the CBN features a categorized directory of sites about China, with each site receiving its own detailed profile page complete with a full description of the site, an auto-generated site thumbnail, placement on the CBN interactive location map, latest posts feed, a “like” button, tracking of fans of the site, and a list of similar blogs to help easily find other relevant sites

The China Blog Network also includes a community-supported forum where bloggers and site developers can get answers and discuss topics related to blogging, site creation and China.

We built the site using the powerful open-source content management system, Drupal. In addition, the site includes integration with OpenLayers, a excellent dynamic and interactive mapping script, to handle on-map display of community member blogs.

While the program doesn’t focus on the role NeochaEDGE’s Web site plays in achieving the Shanghai-based company’s goals, you can catch several glimpses of people using the site in the video above — which as far as Web sites getting featured on TV goes, is pretty cool by me.

NeochaEDGE is one part creative agency that represents leading-edge Chinese creative talent and one part web-magazine that showcases inspiring creative content from China. For anyone that’s ever said China is lacking in creativity, I urge you to check out the site — it’s absolutely bursting with amazing Chinese art and artists of all styles and mediums.

For details on work we’ve done with Neocha, please click here.