A few weeks ago, I started this Pit thread, in which I bemoaned the time I was wasting killing spam in the comments left on articles on my Web site, and wished unspeakable things upon the spammers.
I decided, instead of spending hours per week fighting them, I’d spend a little time doing research and a little time doing some coding, and see if I could eliminate the problem. I’m pleased to report that I haven’t had a “spam” comment on my site in over two weeks!
I did not put in a captcha. I hate those. Here’s what I did:
-
Disallow links in comments
-
Record the IP address when the form is delivered, and again on the submission page. If they don’t match, discard the comment.
-
Insert a field on the form, but use the style sheet to hide it. Bots find this field and fill it in, but humans don’t. Thus, if the field is NOT blank, I discard the comment.
-
Record the time when the form is delivered, and again on the submission page. If the form was filled in and submitted in less than 3 seconds, it’s a bot. Discard the comment.
Presto. An hour of coding, and the spam is gone!