Spammers beaten into submission?

A few weeks ago, I started this Pit thread, in which I bemoaned the time I was wasting killing spam in the comments left on articles on my Web site, and wished unspeakable things upon the spammers.

I decided, instead of spending hours per week fighting them, I’d spend a little time doing research and a little time doing some coding, and see if I could eliminate the problem. I’m pleased to report that I haven’t had a “spam” comment on my site in over two weeks!

I did not put in a captcha. I hate those. Here’s what I did:

  1. Disallow links in comments

  2. Record the IP address when the form is delivered, and again on the submission page. If they don’t match, discard the comment.

  3. Insert a field on the form, but use the style sheet to hide it. Bots find this field and fill it in, but humans don’t. Thus, if the field is NOT blank, I discard the comment.

  4. Record the time when the form is delivered, and again on the submission page. If the form was filled in and submitted in less than 3 seconds, it’s a bot. Discard the comment.

Presto. An hour of coding, and the spam is gone!

Very clever. Of course the spammers will re-code their bots as soon as they figure out #3 and #4. They might work around #2. But #1 is the same one that YouTube uses (though it is a drag for those of us who actually need a link to answer a question like “Where can I find more info about this artist?”)