There seem to have been more spam accounts leaving comments saying things like "Updated version here" with links to suspicious sites. While I delete and report these whenever I receive them, it feels like there should be a way to not have these very obvious spam comments be displayed on game pages. (It is a slight improvement over the porn gif comments that were being spammed previously, at least.)

Would it be possible to implement a feature where comments that link outside of itch are not displayed until the creator of the page approve them? This could be an opt-in feature so creators who want to have their comments be a free-for-all like they are now can still have that, but it could be a nice in-between option for people who don't want to close off comments entirely but also don't want to keep deleting suspicious-looking spam comments, and it would make itch comments safer because people wouldn't be led off itch to suspicious external websites.

Yes, this is a problem for me too. Every day, I receive 3-4 spam comments that the spam bot doesn't catch. There should be an option that requires moderator approval for comments containing links before they are posted.

What about a limit on how many comments a user can post in say an hour? I feel there is no need to be able to post 50 messages in 30 minutes.

If we can get fancy, use something like Leaky bucket -algorithm, https://en.wikipedia.org/wiki/Leaky_bucket

Set bucket size to 3, so user can post 3 messages in rapid succession. Bucket fills +1 every hour or maybe 30 minutes, so after those three rapid messages user can post one message per hour.

Hi, I was about to post my own thread about this.  

Itch.io already has the ability to detect links on their platform, and indicate where they are coming from.  I value comments on my page, I don't value people spamming links from malicious sources to it.  

I could even go as far as saying there should be a whitelist that a developer can control, for instance, because I do appreciate people who leave feedback via a youtube video of my work.  

But at the very least, you should be able to give developers the tools to prevent a comment of posting a link onto our comment page.  

Was gonna post about this as well. Getting a lot of "updated version here: (link)" comments. 

If you could auto mod certain phrases or make it so comments with links require approval,  it would probably prevent that type of spam.

It's been happening much more frequently lately, we need a solution from itch about this. I'm tempted to submit a support ticket about it.

This topic is 3 months old...and it doesn't look like itch.io did anything to adress the issue!

just came on here to complain about the same thing. I'm getting 2-3 of them a day

I still say that limiting rate of postings would help a lot. Recently it is 2 days old accounts that have posted 320 messages. Limiting to one posting per hour would reduce that substantially.

We're absolutly spam-bombed this days. Anything that would make it harder for bots to post hundreds of messages daily would help
- Comments with links automoderation
- Option to ban links in the comments
- Limits for users on the comments number per hour
- Captcha before comments
- Allow for comments only for users that have downloaded/purchased the game/product

Anything!  

I’ve been getting this daily at last for a couple weeks now.

exact same phrase and link, but never caught in the spam filter. 

It’s quite frustrating 

I host a game jam, and almost every single game submitted to it is getting spammed with these links. Can't wait until itch.io actually does something about it.

I am getting spammed with these links a few times a day. It gets very tidious to remove them all!

Bump. This is a huge site-wide problem.

This is really getting out of hand. I just deleted an spam message, came here to see if there's something in the works, and got another spam message while I was reading this post!

Hi. The same problem. I'm reporting, cleaning and banning about 10+ such spam comments a day... every day... 365 days a year. And having just terrible headache on patch releases because of it feels like a bot total attack. 

My suggestion to the itch development team: please make it possible to automatically redirect posts with links to the pending section. I really need this! 

Benefits : it could wait for moderation there. And when it is checked I'll be able to deside what to do with it. And as a dev I won't miss smth important if community sends me link to video or Bug-report. 

Just give me the possibility to automatically send posts containing links to pending section

Recently, spam has decreased by about two times. But pictures have appeared - something new. Well, the good news is that they could not put links in the picture. And this means that no one will manually retype the address from a dubious comment. Well, or natural selection should do the trick. 

On the other hand, it is still annoying. Still, it would be easier to give developers the opportunity to check and confirm comments on their pages while they invent new methods of combating spam. If it were possible to configure it even more in detail, such as sending all links and/or pictures to waiting/checking, it would be great.

I was about to post about this issue, I wanted to suggest (like WitchPotion) to ban links in comment entirely, but some answers made me think it could indeed cause problem to legitimate people. This is becoming very troublesome, I think NPCKC solution is very elegant and would work perfectly well, I really want to support it.

itch.io really needs to come up with ANYTHING for us to deal with this spam. Since we have plenty of power on our own stuff's pages, I feel like having a checkbox that says "Allow HTML in comments?" would be a good start - that'd deal with links and images. Deimus' idea of having comments in a moderation line, where they won't appear to anyone else is also a good option, I think it would fit perfectly with the HTML checkbox - if a comment has any <tags>, it goes to the moderation line and awaits for approval.

What is catching my attention now is that some of the spam is linking to itch "games", which I bet are just a bunch of malicious javascript code.

Yup, been having this issue a bunch lately; lots of "Updated version here: >suspicious link>"

funnily enough i actually got flagged for posting a regular comment on a game, and i really don't know why my account was flagged when spam comments are getting through fine.

i already had 2fa activated on my account... i have contacted itch support via email about this issue, but as of this comment, i have not received any response & don't seem to have a way to check if this warning on my account has been removed or not.

so clearly itch is trying to do something, but what it's doing is flagging real human accounts & not spam bots.

anyway, not a great solution but what i've been doing is adding custom css to hide the comment box entirely.

pros: it leaves up the old comments at least.

cons: real people can't leave new comments and that's sad...

the code:

/* hiding comment box */
.community_post_form_widget {display:none;} 
.community_post_list_widget::before {content:'[Comments closed due to site-wide spam]\00000a \00000a \00000a'; white-space: pre-wrap;}