When I decided not to implement user accounts in [The weblog software behind this site.|Pants], I knew I'd have to do something to prevent comment spam. The most popular method for fighting comment spam on sites that don't require user registration seems to be maintaining a huge blacklist of URLs or words frequently used by spammers and checking each comment against the blacklist. Some sites use Captchas, but those are complicated to implement and a real pain in the ass for vision-impaired users. I really didn't want to have to use either of those methods. So I figured I'd wait and see what the spammers did and then figure out something simple to keep them at bay.
Sure enough, within minutes of bringing the Pantsified wonko.com online, I had my first comment spam. It was obviously just an automated spambot filling out forms. By the next morning, I'd had several more spams, and I decided to try the simplest idea I could think of, just to see if it would have any effect.
So I implemented a very basic behind-the-scenes authentication system in about five lines of PHP. When the "Post a comment" form is displayed, Pants generates a key that's unique for each IP and changes every hour. This key is sent to the user's browser as a cookie. When the form is submitted, Pants checks to see whether the cookie is set and the key is valid. If everything checks out, the comment gets posted. Otherwise, no comment for you. It's completely transparent to the user and so simple I didn't think it would actually work.
Obviously, all a spammer would need to do to bypass this system is support cookies. And yet, since implementing it a week ago, I haven't had a single spam comment.
I still find it very hard to believe that defeating comment spam is this simple. I find it even harder to believe that nobody else has ever bothered doing this before. Have I just been lucky, or is every other comment spam prevention system horribly over-engineered?
Comments
Drink More Pepsi
Pepsi! The choice of all generations! That's right! You should drink more Pepsi! The refreshing taste that only Pepsi can bring! Pepsi! Pepsi! Pepsi!!
Har har
hehe
Sorry... Could not resist!
Bug
Oh... looky a bug! If you try to post two comments in a row without going back to the main page first it tells you that you are a spammer.
Hmmm
Shut up you stupid Spammer!
I love SPAM
YUM
That's similar to what I do.
For years I would just delete the stuff - spam in my website's guestbook. These days though I go for a three pronged attack. I use a cookie, as you do, but I also have a silly captchas-like thing I thought up. Since most everyone can count or recognize a six-sided dice pip pattern, that's what I use as my "turing test." I also keep a blacklist of IP addresses and key words for the occasional spammer that goes through the effort of manually spamming me. You can see it in action by clicking on "Guestbook" near the top of the website. Anyway - Cheers and nice work on the new look. I half expected there to be pie somewhere though. Where's the pie?
Hello, friend!
MAKE HER HAPPY INCREASE YOUR FRIEND
MAKE MONEY FAST NOW!!!
Captchas
Blind people use screen readers, and screen readers can't read your dice. Maybe you could put some alt tags in.
Alt-Tags
Mike
No title
spam tastes minghing
wrong thing shit lol
YARRRR!
Join me on the Seven Seas and a swath of destruction we'll wreak! YARrrr, and buy a Chrysler! One with the cupholders ye can carry our GROG Pepsi! It be the drink of a new genarrrrrrrrrrrrrration of pirates!
yay!
Hooray for cookies!
Hot Babes are Looking for you!!!
www.sex.com has all the hot horny women who are looking for you!!! Come visit us on the web today and get laid today!
Hot Babes are Looking for you!!!
www.sex.com has all the hot horny women who are looking for you!!! Come visit us on the web today and get laid today!
Hot Babes
Just checking. :P
Of course I do
and its a hell of a lot of fun! :)
Ride the .wav
This post was sponsored by Pepsi. "Ride the .Wav of the New Pepsi Generation"