Stay organized with collections
Save and categorize content based on your preferences.
Prevent user-generated spam on your site and platform
Spammers often take advantage of open comment forms and other user generated content inputs
and generate spammy content on an unsuspecting victim site. Hosting platforms may be similarly
open to abuse; spammers may create a large number of sites that violate our
spam policies and add
little or no value to the web.
Preventing abuse on your platform or site is usually not hard. Even simple deterrents such as
an unusual challenge users have to complete before interacting with your property may
discourage spammers.
Tell users that you don't allow spam on your service
Publish a clear abuse policy and communicate it to your users, for example during the sign-up
process. Furthermore, allow trusted users to report content on your property that they
consider spammy.
Identify spammy accounts
Keep a record of signups and other user interactions with your platform, and try to identify
typical spam patterns, such as:
Form completion time
Number of requests sent from the same IP address range
User agents used during signup
User names or other form-submitted values chosen during signup
These signals may help you create a user reputation system, which can not only help you engage
users, but it can also help identify spammers. Since many comment spammers want their content
in search engines, consider adding the
noindexrobotsmeta tag on
posts that come from new users that don't have any reputation on your platform. Then, after
some time, when the user gains reputation, you can allow their content to be indexed. This
will greatly demotivate spammers from interacting with your platform.
Since oftentimes spammers are motivated by leaving a link to their site, consider adding a
nofollow or ugcrel attribute to all links in untrusted content.
Use manual approval for suspicious user interactions
Manual approval (or moderation) for certain user interactions can decrease spam on your
platform considerably by preventing spammers to instantly create content that may be spam.
Moderation adds overhead to your daily workflows, however it's a very effective way of
fighting spam. Its efficacy is why, for example, comment moderation is a built-in feature in
most CMSes.
Use a blocklist to prevent repetitive spamming attempts
Once you find a single spammy profile, make it simple to remove any others. For example, if
you see several spammy profiles coming from the same IP address, you can add that IP address
to a permanent ban list. For CMSes (for example, WordPress), there are plugins like
Akismet that can help, but adding the
IP address to your firewall's deny list can be very effective also.
Block automated account creation
In your sign-up form, consider using
reCAPTCHAs or
similar verification tools
to only allow human submissions and prevent automated scripts from generating a lot of sites
on your hosting service.
Monitor your service for abuse
Monitor your property for spam signals such as redirects, large numbers of ad sections,
certain spammy keywords, and large sections of encoded JavaScript code. The
site:
search operator or
Google Alerts can help
detect problems.
Keep an eye on your webserver log files for sudden traffic spikes.
Monitor your property for phishing and malware-infected pages. For example, you can use the
Google Safe Browsing API
to regularly test URLs from your service.
Come up with a few confidence checks. For example, if you're mainly targeting users in
Japan, what are the odds of thousands of user interactions from an Italian IP overnight on
your property? A number of tools are available to detect the language of newly created
sites—for example
language detection libraries
or the
Google Translate API v2.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-02-04 UTC."],[[["\u003cp\u003ePrevent user-generated spam by implementing deterrents like user challenges and clear abuse policies that include reporting mechanisms for trusted users.\u003c/p\u003e\n"],["\u003cp\u003eIdentify spam patterns through analyzing user data such as form completion time, IP addresses, user agents, and usernames to establish a reputation system and potentially employ the \u003ccode\u003enoindex\u003c/code\u003e tag for new users.\u003c/p\u003e\n"],["\u003cp\u003eImplement manual approval for suspicious interactions and utilize blocklists based on spammy profiles and IP addresses to prevent repetitive spam attempts.\u003c/p\u003e\n"],["\u003cp\u003eUtilize CAPTCHAs and similar tools to deter automated account creation and actively monitor your service for spam indicators, including traffic spikes, phishing, malware, and suspicious user activity from unexpected locations.\u003c/p\u003e\n"]]],["To prevent spam, establish clear abuse policies and allow users to report spam. Identify spam patterns like form completion time, IP address, and user agents to create a user reputation system. Add `noindex` to new user content, and `nofollow` or `ugc` to untrusted links. Use manual approval for suspicious interactions. Block known spammers by IP address and prevent automated sign-ups with verification tools. Monitor for spam signals, traffic spikes, and phishing using tools like the Google Safe Browsing API.\n"],null,["Prevent user-generated spam on your site and platform\n\n\nSpammers often take advantage of open comment forms and other user generated content inputs\nand generate spammy content on an unsuspecting victim site. Hosting platforms may be similarly\nopen to abuse; spammers may create a large number of sites that violate our\n[spam policies](/search/docs/essentials/spam-policies) and add\nlittle or no value to the web.\n\n\nPreventing abuse on your platform or site is usually not hard. Even simple deterrents such as\nan unusual challenge users have to complete before interacting with your property may\ndiscourage spammers.\n\nTell users that you don't allow spam on your service\n\n\nPublish a clear abuse policy and communicate it to your users, for example during the sign-up\nprocess. Furthermore, allow trusted users to report content on your property that they\nconsider spammy.\n\nIdentify spammy accounts\n\nKeep a record of signups and other user interactions with your platform, and try to identify\ntypical spam patterns, such as:\n\n- Form completion time\n- Number of requests sent from the same IP address range\n- User agents used during signup\n- User names or other form-submitted values chosen during signup\n\n\nThese signals may help you create a user reputation system, which can not only help you engage\nusers, but it can also help identify spammers. Since many comment spammers want their content\nin search engines, consider adding the\n[`noindex` robots `meta` tag](/search/docs/crawling-indexing/robots/intro) on\nposts that come from new users that don't have any reputation on your platform. Then, after\nsome time, when the user gains reputation, you can allow their content to be indexed. This\nwill greatly demotivate spammers from interacting with your platform.\n\n\nSince oftentimes spammers are motivated by leaving a link to their site, consider adding a\n[`nofollow` or `ugc`](/search/docs/advanced/guidelines/qualify-outbound-links)\n`rel` attribute to all links in untrusted content.\n\nUse manual approval for suspicious user interactions\n\n\nManual approval (or moderation) for certain user interactions can decrease spam on your\nplatform considerably by preventing spammers to instantly create content that may be spam.\nModeration adds overhead to your daily workflows, however it's a very effective way of\nfighting spam. Its efficacy is why, for example, comment moderation is a built-in feature in\nmost CMSes.\n\nUse a blocklist to prevent repetitive spamming attempts\n\n\nOnce you find a single spammy profile, make it simple to remove any others. For example, if\nyou see several spammy profiles coming from the same IP address, you can add that IP address\nto a permanent ban list. For CMSes (for example, WordPress), there are plugins like\n[Akismet](https://akismet.com/) that can help, but adding the\nIP address to your firewall's deny list can be very effective also.\n\nBlock automated account creation\n\n\nIn your sign-up form, consider using\n[reCAPTCHAs](https://www.google.com/recaptcha/about/) or\n[similar verification tools](https://www.google.com/search?q=alternatives+to+captcha)\nto only allow human submissions and prevent automated scripts from generating a lot of sites\non your hosting service.\n\nMonitor your service for abuse\n\n- Monitor your property for spam signals such as redirects, large numbers of ad sections, certain spammy keywords, and large sections of encoded JavaScript code. The [`site:`](/search/docs/monitor-debug/search-operators/all-search-site) search operator or [Google Alerts](https://www.google.com/alerts) can help detect problems.\n- Keep an eye on your webserver log files for sudden traffic spikes.\n- Monitor your property for phishing and malware-infected pages. For example, you can use the [Google Safe Browsing API](/safe-browsing) to regularly test URLs from your service.\n- Come up with a few confidence checks. For example, if you're mainly targeting users in Japan, what are the odds of thousands of user interactions from an Italian IP overnight on your property? A number of tools are available to detect the language of newly created sites---for example [language detection libraries](https://www.google.com/search?q=language+detection+library) or the [Google Translate API v2](https://cloud.google.com/translate/docs/getting-started)."]]
