I have had a lot of trouble with spammers inserting multiple comments in this blog, with links advertising the usual spammer wares. Even though I had added some basic checking, it didn't do enough to block this. The problem was so extreme that I actually shut down the ability to add comments for a while.

Captchas are very popular as a human verification method, but I don't like them. As a user I find them a pain and they put the burden on to the user instead of on to the site's manager. I'm sure this stops a lot of legitimate posts.

So I have been searching for alternative methods and this is my first attempt. I am keeping the original method were users have to answer a simple sum before posting a comment, but then I am using a lot more validation in the server-side processing. Hopefully I can find a combination of methods that will allow legitimate comments while stopping the mass of spam.

Now to see if my methods work...
First test: see if a legitimate comment will be accepted.

by Sarah on April 20 2010

Now to test adding a valid link. Daring Fireball is one of my favourite blogs.

by Sarah on April 20 2010

All right. So far it all looks OK. Now to leave it up and see what happens to the spammers.

by Sarah on April 20 2010

Now I've added some logging facilities, so I want to see if they work - firstly for a valid post.

by Sarah on April 20 2010

So far, my new spam prevention has kept out 15 attempts. But this is only the first few hours. I need to see how well that lasts.

by Sarah on April 20 2010

In the last day and a half, this new technique has blocked 47 attempts to spam the comments on this page. I was getting hundreds in a day before, but it seems that the spammers give up if a few spam posts get blocked. If one succeeds, then they start sending them in bulk.

So now I can extend this technique to other places on my site that need to allow comments.

by Sarah on April 22 2010

Sarah, you rock!

by Stephen Barncard on June 24 2010