After 529 comments spam-free, it finally happened (3 comments worth). With this new release I changed the spam protection to use a different method, but alas, it has failed me. So the myth that you can stop spam via CSS is false. I should have known better than to fool with something that was working perfectly.
For the record, I just may hate spam more than anything else in my life—it’s so frustrating.
I just came across a pretty clever way to prevent comment spam (or any web-form spam for that matter). It’s straight forward and sticks to the basics. I’m honestly surprised I’ve never thought of this before.
In order to leave comments here, you must first fill in the spam-prevention field, which basically asks, “Are you human?” Since any extra field is a pain, I’m storing a cookie for you (if you answer correctly once, chances are you’re a human forever). I realized, today, that I can essentially do the same thing without the extra field. Since humans typically fill in fields that aren’t hidden, I could have:
// somewhere in the form...
<input type="text" name="verification" id="verification" />
// somewhere in the css...
input#verification { visibility: hidden; display: none; }
If a value from the verification input is posted to the server, it must be a robotronic spambot that fills in hidden fields, which is obviously not allowed. Personally, I think that’s a pretty clean way to deal with spam. I might use it on golf trac.
The wedding site has been getting blasted with comment spam. I’ve had over 50 random Viagra and Rx comments today alone. In light of this, I’m taking steps toward preventing comment spam on this site. More than likely it’s a temporary solution, but I wanted to get something up quickly. It’s driving me crazy.
I made a disgustingly ugly verification image to prove that you aren’t an automated POS. I know this is by far the worst method to take toward preventing this, but I don’t have the time (right now) to implement a sophisticated spam filter. In order to keep it somewhat user friendly, I’m now storing cookies for your name, site and verification fields. So, you’ll only have to enter it once. I don’t know if that’s a good thing, but I couldn’t ask you to enter it everytime you want to comment. It’s bad enough I’m doing it at all, but that would be much, much worse.
Do you know if storing the verification in a cookie has any drawbacks? If so, please let me know. Oh, and I tested this for about 5-10 minutes and it seems to be working fine. If you come across any bugs, you can email me – rpheath “at” gmail “dot” com. Thanks, and I’m sorry for the annoying solution.
Note: the verification word is “ruhuman” just in case it isn’t clear.
2008 by Ryan Heath | Get In Touch
