Comment spam is undoubtedly one of the most annoying aspects of running a website. It literally sucks the joy out of it. The spam is everywhere, and everyone has problems with it. But, there is actually a way to solve the problem.
Below you can see 8 ways to defeat comment spam - ranging from the simplest solutions, but also the least effective, to some that are very advanced and also highly effective.
Comment spam is for most parts auto generated. A spammer will write a script that can put out millions of spam comments in a very short time. What you need is, simply put, some obstacles that will prevent the script from running on your site.
These works quite well for some people and it definitely doesn't hurt to implement them. But, some sites will still be susceptible to spam (mostly high-traffic sites)
Comment spammers are very lazy people, and as such they go for the biggest target - with the least effort. That means they specifically target popular blogging tools like WordPress, TypePad, MovableType and Blogger etc. The way they do this is to simply try to detect if your site runs on any of these things (it only takes one line of code to do).
What they look for is things like this:
Remove these and you have just removed all the lazy spammers
Note: Only works if your site is not already targeted (hence on the spammers hotlist).
Another thing you need to do is to change your comment form. In the past people said that you should change the "action URL", but that doesn't work anymore. The spammer can detect your new URL with something as simple as this:
What you need to do is to change every part of your comment form, the ID and NAME attributes of all your elements, the action URL - everything. Do not call your website field "website", do not call your emails field "email". Call it something like "joesfish" or "hubba26rrtdh2".
What this does is that it makes much harder for the spammer to write his scripts (remember they aim for quantity not quality).
Spammers can still detect that you have a comment form on your site, simply because it contains 4 active fields - name, email, website and comment. All they really need to do is to detect if your page has 3 active input fields (not including hidden ones) and one textarea.
To stop them from doing that, you can simply add more. Why don't you have 7 input fields of varies types, 3 textareas and 2 radio buttons. That will make it look like anything but a comment form.
Of course this will look very messy, but thanks to CSS you can add "display:none;" to those fields that should not be visible to real people.
It sure will make it a lot harder for spammer to figure out.
Let's move on to more drastic but also more effective methods. Let's make it really hard for the comment spammers. Both these methods successfully prevent external scripting - but it does not prevent in-page scripting (the kind where the script is executed in a browser on your site - for instance using automated bookmarklets).
This is something many people have tried, very successfully. The idea is that you add a fake action URL in your form. This obviously causes any spam to be sent to that URL, but since it goes nowhere it simply vanishes into thin air.
Then to make it work for real people, you change the action URL into the correct one when the form is being submitted.
Note: I use this method on this site - and I do not get any comment spam.
Finally let's move on to some of the more advanced solution. These will have much greater effect, essentailly eliminating spam completely.
You will also limit commenting to the latest browsers (old browser and non-browser devices will not work with this)
Another method to remove the form from your interface is to replace it with an image. I know it sounds strange, but let me explain. What you do is that you insert an image that looks like a comment form, but replace it with an actual form when people click in it.
To the spammer it will look like a page with an image. To real people it is a normal form, because when activated the image is turn into a real form. This will prevent any kind of scripted spam.
Note: Make sure you detect where people click, and set the focus accordingly. If people click on the website area on the image, the image should be replaced with a real form with focus in the website field.
The last thing you can do is to simply detect how fast a comment is written. It generally takes 0.2 seconds to type a character, so you simply detect how long it took to write the full comment and the average pauses between each keystroke.
E.g. 200 characters should take more than 40 seconds to write, with an average keystroke pause of 0.2 seconds.
If it is faster than that, then it is written by a script (thus from a spammer).
Note: You also need to detect when people paste content into your form - For instance when they want to add a link.
You might be able to defeat the spammer using a double form (read comment #14). This approach is 100% accessible and with no semantic problems.
Before we finish let's take a short look at what you shouldn't do
You could add a CAPTCHA (an image with some, often distorted, text) and require that people type these in to add a comment). It works fine, but they are also incredibly annoying. Do not do this - annoying your real visitors is not a good way to deal with spammers (who never sees the CAPTCHA anyway)
This is another solution that also works quite well. But it is a terrible solution. Forcing people to go through a registration process is not only irritating, but it also removes focus. Do not do this!
Spam filters - like Askimet - as one way that many people try to get rid of spam. But it does not work. As with email spam filters your genuine comments is sometimes flagged as spam, and spam is sometimes not flagged. Perhaps it does a really decent job 98% of the time, but since you cannot rely on it 100%, you still have to look through it.
It is not a solution; you are still forced to look at spam. Forget about it.
Full access for... $9 per month
Full access for... $99 per year
Join 'The Weekly Update' to get an email every Friday afternoon with the latest from Baekdal + noteworthy articles from around the web.
What the shift in media is really all about.
Free for subscribers
$8.79 on Amazon
It is not about creating a shop in a tab. It is about turning communication into sale.
Free for subscribers
$7.58 on Amazon