Jump to Navigation

war against spam

Now, after I am using Spambayes as my learning Spam filter for Emails, I thought Spam would be something from the past. But I was wrong, I am now getting comment spam. Basically, the spammers post in my comment fields with links to their pages. This way, the can not only reach new people with their posts, but can also raise their Google PageRank. So how to stop all of this effectively? Well, there are some ways, let me list them to you:

  1. Moderation. If you save and review your comments, there will be no way for those spam messages to get through. But this method has one crucial disadvantage. Moderation needs time! So when you are busy, your comments won’t show up. Or even worse, when you get too much spam, you could accidentally delete ham (good posts).
  2. Graphic verification. Many big websites uses this method. They show some code in an image which is readable by humans but not by bots. By asking the user to confirm the code, bots will be kept out very effectively. But using this is very annoying. Sometimes you can’t even correctly read the code.
  3. Spam filter. This is just like using one for you mail program, but with possibility of false positives (ham being deleted).
  4. Network based black lists. Some people try to use a blacklist of IPs which spammers use. This method has 2 major disadvantages. One is that spammers IP will change, always letting them through as soon as they change their IP. The other one is that Spam will be first let through.
  5. Checksum method. This requires the user to have JavaScript turned on. When posting something, the browser calculates a checksum and sends it with the message to the server. The server checks whether the checksum matches. If it does, the post gets accepted or else rejected. But using this will keep all people without JavaScript from leaving messages.

Nothing really fitted my needs, so I thought around and combined Method 2 and 5 to a user friendly version. This is how my method works:

The server generates a 3-digit number and a verification field before the comment fields. At the same time, it inserts a hidden input field named “code” which contains the same number somehow encrypted. For now, this sounds like Method 2. Now here is the tricky part. Next, I added a JavaScript behind the comment field. This JavaScript reads and decrypts the code in the hidden input field and puts it in the verification field. At the same time, it hides the code and the verification field. This way, user with JavaScript on won’t need to enter the code. Only the users with disabled JavaScript will see the Code and the verification number. This Method comes from the idea that spammers have JavaScript disabled. JavaScript is slow and will slow down their process a lot. So when spammers disable it, they would have to enter the code which they cannot, so the bot spam will be kept out.

Of course this method isn’t perfect, as it doesn’t keep manually inputted spam away, but it will definitely not have any false positives. But this method will allow users with JavaScript to be able to comment comfortable.

Comments are closed.