On the Web, everyone’s got an opinion—and you probably don’t agree with all of them. Any website that offers comment fields, collaboration, and content sharing will become a target for two main groups of mischief-makers: spammers and trolls.

Spammers want to pollute your site with irrelevant content and links to sites. They want to generate inbound links to their sites from as many places as possible in an effort to raise their site’s rankings or influence search engines. This is only getting worse. According to Akismet Wordpress’s stats found at http://www.akismet.com/stats, SPAM comments have been on a steady rise since they started tracking spammy entries in early 2006.

To combat this, many search engines’ web crawlers ignore any links that have a specific nofollow tag in them, and blogs that allow commenters to add links routinely mark them with this tag. Nevertheless, blog comment spam is a major source of activity on sites; not only does it need to be blocked, but it must be accounted for in web analytics, since spammers’ scripts don’t help the business, but they may count as visits.

Trolls are different beasts entirely. Wikipedia describes trolling as a “deliberate violation of the implicit rules of Internet social spaces,” and defines trolls as people who are “deliberately inflammatory on the Internet in order to provoke a vehement response from other users.” Since Wikipedia is one of the largest community sites on the Internet, it has its own special troll problem, and a page devoted to Wikipedia trolls (http://meta.wikimedia.org/wiki/What_is_a_troll%3F).

While common wisdom says to ignore the activity of trolls and to block spammers, you should still care about them for several reasons:

Your antispam software will probably provide reports on the volume of spam it has blocked, as shown in Figure 3-15.

Figure 3-15. Spam messages flagged by the WordPress Akismet plug-in

Dealing with spammers and trolls is the job of a community manager. In systems that require visitors to log in before posting, spam is easier to control, since the majority of spam comes from automated scripts run on a hijacked machine rather than from users with validated accounts.

How do you detect spammers and trolls? One way, employed by most antispam tools, is to examine the content they leave, which may contain an excessive number of links or specific keywords. A second approach is to look at their behavior. Spammers and trolls may comment on many posts with similar content, move quickly between topic areas, or befriend many community members without having that friendship reciprocated.

A far more effective approach is to harness the power of the community itself. Sites like Craigslist invite visitors to flag inappropriate content so that editors and community managers can intervene. You can capture the rate of flagged content as a metric of how much troll and spammer activity your website is experiencing.

Since every site has slightly different metrics and interaction models, you will likely have to work with your engineering team to build tools that track these unwanted visitors.

What to watch: Number of users that exhibit unwanted behaviors; percent of spammy comments; traffic sources that generate spam; volume of community flags.

If your site lets users post content, you may have to take steps to ensure that this content isn’t subject to copyright from other organizations. Best practices today are to ask users to confirm that they are legally permitted to post the content, and to provide links for someone to report illegal content.

It’s hard to say what’s acceptable in a quickly changing online world. Services like Gracenote and MusicDNS can recognize copies of music, regardless of format, and help license holders detect and enforce copyright. Yet the Center for Social Media (http://www.centerforsocialmedia.org/files/pdf/CSM_Recut_Reframe_Recycle_report.pdf) points out that “a substantial amount of user-generated video uses copyrighted material in ways that are eligible for fair use consideration, although no coordinated work has yet been done to understand such practices through the fair use lens.”

So as a web operator, you need to track the content users upload and quickly review, and possibly remove, content that has been flagged by the user community.

What to watch: Users who upload significantly more content than others; most popular content; content that has been flagged for review.

If your site contains personally identifiable information, worry about privacy. Safeguarding your visitors’ data is more than just good practice—in much of the world, it’s a legal obligation.

As with other site-specific questions, you will probably need to work with the development team or your security experts to flag breaches in privacy or cases of fraud. The best thing you can do is to be sure you’ve got plenty of detailed logfiles on hand that can be searched when problems arise.

One type of fraud that web operators should watch directly, however, is account sharing. Many applications—particularly SaaS and paid services—are priced per seat. Subscribers may be tempted to share their accounts, particularly with “utility” services such as online storage, real estate listing services, or analyst firm portals.

We’ve seen one case of a user who shared his paid account to an analyst’s website with his development team, in violation of the site’s terms of service. The user carefully coordinated his logins so employees never used the account at the same time. The fraudulent use of the account was only discovered when a web administrator noticed that the user seemed to be traveling from Sunnyvale to Mumbai and back every day.

Pinpointing account fraud can be challenging, but there are some giveaways:

To track down violators, generate reports that identify these accounts, and provide this data to sales or support teams who can contact offenders, offer to upsell their accounts, or even demand additional payment for truly egregious violations.

What to watch: Number of concurrent-use logins per account; number of states from which a user has logged in; number of different user agents seen for an account.