"visits the site of the comment author while they type their comment and retrieve their last blog posts which they can . . . →more]]> Well, Comment Luv is back on this site! I'm rebuilding the reader community and now have a way of rewarding real commentators. A couple of days ago I installed the CommentLuv plugin which:

"visits the site of the comment author while they type their comment and retrieve their last blog posts which they can choose to include at the bottom of their comment when they click submit." - CommentLuv

Readers can click the link to visit commentator's last post. I've set the feature that allows the comment author to see her last 10 posts and select the one that might interest this blog's readers. Cool!

I could see the difference immediately when 2 real comments came in --- how refreshing!

Many bloggers offer the 10 post selection to subscribers only, but I chose to allow this feature for all commentators. I haven't yet decided on offering DoFollow links or Linked keywords for repeat commentators. These would be extra rewards (enticements) for people participating in community dialog. Currently I use the lite (free) version and those features are available on the Premium version priced at $67 for one-time payment.

What is DoFollow?

By default then someone leaves a comment the website link's html format tells Google and other search engines to NOT follow the link to his blog.That means the link never appears as a back link as far as his page rank is concerned. No juice is passed from the owner's blog to the one making the comment.  By contrast you can tell Comment Luv to change the NoFollow link on the commentator's 'latest post' to DoFollow. This is done by means of Html for the link url.  Please note the default for post content is usually DoFollow. See examples below.

Default link within blog post: is DoFollow and requires no extra tag

   <a href="http://wordpress.org/extend/plugins/search-and-replace/">Search & Replace</a>

Customary link within comments: is NoFollow and requires an extra tag

   <a class="url" rel="external nofollow" href="http://letusbuzz.com">sudipto...</a>

CommentLuv override: latest post link to DoFollow using the Rel= tag but blog owner must specify the option.

   <a class="url" rel="external dofollow" href="http://letusbuzz.com">sudipto...</a>

What are Linked Keywords?

With this feature, Comment Luv uses the commentator's preferred keywords to serve as the anchor text for the link. When you add a blog link you may leave the anchor text blank or just key anything associated with the post or website you're linking to. The title= tag holds the anchor text that shows as the mouse hovers over the link.

This text is then used by Google indexing. Example: WPBlogExperts.com has a backlink in the footer on this client site. The link points to the setup page using the keywords "WordPress Setup".  The hope is that Google gives higher search results when someone searches for that service.

One SEO consultant in the tutorial for optimizing keyword links describes the importance of such links:

"Google (and to a lesser degree other search engines) heavily weigh its Search Engine Results Pages (SERPs) towards the anchor text of links to a page."

Warning: There are downsides to these extra enticements in the form of smarter human spammers. They use directories that list blogs with the dofollow comments. Those blogs can then become targets. Similarly if you publicize your permission to use Linked Keywords, monitor carefully. However, Premium Commentluv professes to guard against this...

Prior History with Comment Luv

Similar to third-party commenting systems, I've had on-off again periods where I loved and hated Comment Luv on Blogger. When I used the software on Blogger, it required us to use JS-Kit/Echo, instead of Blogger's commenting system.  That setup turned into a horror for me and for Andy, the CommentLuv developer. He got a LOT of flack from Blogspot users and it got unpleasant. He had to require Blogger sites to use Intense Debate as the third-party commenting system.  Thus began my frustrating hunt for a good commenting system which retains my prior commentator links. If you follow the site news, after moving to WP, I used Intense Debate and Disqus, and only recently reverted to native WP comments. So the time was right to re-instate Comment Luv --- I never stopped 'luving' the actual software!

Can I use this on Blogger or WordPress.com?

Yes, for Blogger. You need to install Intense Debate which allows you to get the CommentLuv features. See this tutorial How to Get CommentLuv on Blogger.

No, for WordPress.com.

Your Turn - Let's hear what you have to say about this software.

What do you think about comment luv? How do you reward commentators on your blog? With your feedback and participation, I look forward to expanding this blog's community spirit.

Increasing your comment count with spam helps no one. You end up looking like someone who doesn't care enough to read comments. Or worse someone who takes all . . . →more]]>
Who doesn't enjoy ranting about spammers? But what about bloggers who not only approve spam comments but actually eat their spam by replying? Please stop.

Increasing your comment count with spam helps no one. You end up looking like someone who doesn't care enough to read comments. Or worse someone who takes all comments at face value. We need to give readers content that adds value, and that includes comments. After all, reader dialog is one of the reasons people visit blogs.

"Commentators will often expand your thoughts, complement specific topics and offer another point of view, enriching your articles." - Daily Blog Tips

I've written several article on spam prevention. Only once did I knowingly communicate with a human spammer. I used the experience to give tips on how to spot clueless spammers and to show the frustration and resolve on both sides.

I have a spam filter so why should I not reply to every comment?

Askimet is a well-known spammer filter that automatically disapproves spammy comments,  'learns over time' and has a 95% accuracy rate. I seriously respect their filtering engine, which scans comments in real time. The site in the image above shows over 182,000 of those critters were corralled in the spam queue during several years of blogging.

If a comment passes Askimet's spam filter it's called 'ham'.Even the best filter can let a spammer through. Your comments may not be all 'ham', but include a good amount of spam. The 'nutrition facts' image is a playful way of illustrating the value of a comment.
How useful do you think this comment is to a serious site about free society:

Comment by Toilet Seat on 7 February 2012: "really useful articles for me"

For the past couple of years, Blogger's default commenting system has been filtering comments, in a 'learning' mode similar to Askimet. Other third-party commenting systems like Disqus provide spam zapping services. These systems learn when you tell them a comment is spam by  sending it to the Spam queue. Don't just 'trash' spam comments that slip through.

It's depressing to see a spam queue of over 500 comments but you should permanently delete them every so often.  After that you can scan down the few as they come in and see if you recognize a reader's avatar (false positive). Again, the filter learns when you un-spam the comment. You can also automatically delete spam on comments over 30 days old. I'd like to see an options where the blog owner can decide on a different time period.

I love that Askimet has a pop-up preview of the site when you hover over the commentator's url --- amazingly you can tell it's a one page site looking for back links. I also notice spammers no longer seek other blog posts that you may have 'forgotten'. Instead they must enroll in RSS feeds and go after the most recent post!Akismet monitors millions of blogs and forums, watching the methods and tricks used by spammers.

Spammers and You

Why do Spammers go to such trouble to spam your site? Often bloggers don't have spam filters and rely on the WP or Blogger option to moderate every comment. Others select moderation that exempts anyone who has at least one approved comment already. So if a spammer gets approved with one ingenuous and/or ingenious comment, then he can spam to his heart's content. That is unless the blogger is vigilant and doesn't blindly reply 'thanks.' I say one site where the spam comment appeared every month on the same post --- almost to a word.  The site owner continued to eat spam by replying!

Some points to remember:

• Don't be penny wise and pound foolish. Askimet used to be free for all WP blogs but if it's not a personal blog you need to subscribe and pay $5/mo for a single site. It's worth $5 to see if there is a difference in published spam comments --- you can unsubscribe at any time. Personal blog signup gives you a field to indicate how much you want to pay yearly, starting at $0 to $120/yr. Now that's pulling at your heart-strings, conscience, etc ...
• It reflects negatively on you if a reader clicks on an obvious 'sale' site that screams 'buy my product'.  Hey, you have your own ads to at least get some cash if the reader clicks..  lol  Also, some of those sites may have harmful content.
• Spammers have a strong network and employ/exploit people to plant those bombs/gems on your site. They want to stay under your radar but often give themselves away with poor language skills, blatant list of keywords or urls, and talk about things unrelated to your blog post!
• Not all spammers are 'idiotic' --- some are intelligent marketers paid to promote a site. These pests don't use the same design for a dozen one-page sites. They spend time making the remarks include your content in some way. Often the giveaway is the use of keywords for the name, instead of John Smith with a picture avatar.
• If you suspect a spam comment, you can use google to search for that text. It's surprising how many blogs may have published the same comment with different name and url!  Take this quote for example which I came across in Shane's Tobacco Road Blues site:
  

  Thanks for every other informative web site. Where else may I am getting that kind of information written in such a perfect manner? ...

  He realized this was spam. How? Well maybe he took the phrase to Google or had read it somewhere else. If you look at the author links they go to one-page sites which paid someone to 'market' them by getting 'back links.' This is just the top 3 in the results list --- busy bees...
  

Your Turn - Leave a comment with some ham!

(no pressure!)

Utter panic overtakes the average blogger when he hears from a reader that his site looks suspicious and browsers are showing the dreaded 'get me out of here' warning! Recently that happened to one of our clients at WPBlogExperts. We're WordPress setup, theme customization and dashboard experts, so fixing actual malware infections was . . . →more]]>  

Utter panic overtakes the average blogger when he hears from a reader that his site looks suspicious and browsers are showing the dreaded 'get me out of here' warning!

Recently that happened to one of our clients at WPBlogExperts. We're WordPress setup, theme customization and dashboard experts, so fixing actual malware infections was not highlighted on our services list. When the client asked us to help we took cleanup actions only to see the 'virus' popup somewhere else.

My WPBlogExperts co-founder, Ishan had some experience with fixing his personal site and also another client's site. He started by deleting some bad files and changing web host passwords. Everything seemed fine until more readers reported the site was redirecting to an unreliable url with a .ru domain name.

We tried a different online scanner to detect other bad files.This time it pointed to the Timthumb file being out of date and vulnerable.  Several themes like Atahualpa and  some plugins use Timthumb software for image cropping, zooming and resizing. About a year ago that software was a throughway in a massive security hole that exposed thousands of WP websites to being hacked. Mark states in his article on how his site  was hacked:

"Timthumb.php simply gets a remote file and places it in a web accessible directory."

We upgraded the Timthumb file and the client's site scanned clean, but not for long --- the damage had been done and was spreading.

Resources for Removing Malware

We needed a much bigger malware cleanup campaign I suggested that the client use Sucuri's removal services. In the end they got the job done in a timely and cost-effective manner. The client was able to give a sigh of relief and get on with running his business.  The removal was guaranteed and included ongoing monitoring and malware removal. I was surprised when they alerted him that we had put the site in 'under construction mode' a few weeks later!

There are lots of articles on what to do when you suspect your site is hacked. However bloggers aren't that technical and may get a brain freeze if they read things like

"Edit your wp-config.php and change or create the SECRET_KEY definition."

That's why if anyone asks for malware help I recommend Sucuri. WPBlogExperts is now an affiliate so this post has affiliate links to Sucuri for cleanup services. After the removal, we can work with you to take care of any technical work needed in WP or on the host. For example Sucuri might tell you to change your FTP or database password to comply with their scan warnings, or when repeated removal actions don't work.

For the Do-it-yourselfers try these resources to address hacked sites:

• FAQ_My site was hacked - a WP document
• Timthumb-vulnerability   - another blogger's story of being hacked
• Sucuri Site Check - Get a free thorough scan of your site. They cache the last scan results so be sure to 're-scan' after you take any removal actions.
• Reported malware sites - use this form to request Google to remove you from the list of blacklisted sites.

Share your thoughts

What's your experience with malware attacks, clean-up or prevention? Feel free to share in the comments below.