Permanent cure against comment spam

Came up with this a long time ago, but didn’t have the time or will to implement in my own (old) blog. I’m sure it works though. So. The algorithm is hellishly simple, but effective. And better than:

  • Text analyzers (Akismet), because it doesn’t require any extra sever resources.
  • Captcha, because it doesn’t require any complicated setup and there are no problems with “handicapped” users.
  • Hiding fields with CSS, because that can be circumvented (for example, elevating spambots to do some basic CSS-parsing).
  • Moderating, because everything is automatic.

The algorithm:

  1. When a visitor opens a page, we check if he has a cookie saying he’s human. If he does, we show the normal comment form and let everything happen.
  2. If the visitor does not have the cookie, we add an extra field to the form, asking a question along the lines of “how many fingers does a human hand usually have” or similar. This is the creative part of the algorithm, where everyone can express himself fully. You can, for example, ask a harder (meaning – to be googled) question to ensure you only receive comments from people not afraid to think and/or do.
  3. Anyway, if the visitor responds correctly, we accept the comment and in return give him the aforementioned cookie and from now on we’ll always know he’s human.

So, I hope to see a huge number of links to this page, along with a lot of cash for ridding the Internet of comment spam. ;D Anyway, it should work 100% for nearly everyone (some more popular pages might have to change the question regulary or pick a random one from a list everytime), and if combined with any other methods (moderation would probably be most effective and humane) will make the page completely spam-proof.

Addendum: This post refers to the automated, mass-produced spam comments made by bots on thousands of blogs, formus and the like on the Internet. There is always possibilty of manual spam done by actual people, as well as custom-coded bot (once you’ve found out the question(s)/obtained the cookie) that can spam a single blog. For these very specific and comparitively rare occasions the addition of such security measures as moderation (in case of manual spam) or IP-ban/captcha (in case of custom-coded bot[s]) are the way to go.


~ by Shadowbird on 2008-04-01.

2 Responses to “Permanent cure against comment spam”

  1. Can’t spambots pretend to have the necessary cookie? I mean it doesn’t hurt me to answer a question and then give the acqired cookie to my spambot and set it on your comments.

  2. There is not and never will be any pre-emptive protection against manual spam. You don’t even need a bot, you can just answer the question and then type/paste the spam comments by hand. The idea is to stop the thousands of automated spam bots that people code up and let loose on hundreds, thousands and millions of blogs all over Internet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: