battling site spam/just a minor issue
published on:September 26, 2008 / 11:59
back to overviewSpam, it's been around for a while. First it infiltrated our email boxes, then it found its way to our blogs and registration forms. Spam was a pest, which needed to be dealt with, fast. This resulted in several quick and dirty counter measures, the captcha method probably being the most notorious one. Today, we have better ways to our disposal, but still captchas linger around and hamper our freedom on the web. Let's take a look at some solid alternatives.
countering the captcha
Those of you who are familiar with accessibility concerns know that captchas are a lot of trouble to implement well. Not only do you need audio alternatives for those with visibility problems (if you're using visual captchas, which are most common), there's also the challenge of finding captchas that evade machine intrusion but are still easy enough for humans to figure out.
Even if we ignore accessibility issues for a moment, captchas remain a drag. No matter how easy they are to solve or enter, whenever I run into one I can't help but sigh. It's an extra barrier I'm not always willing to take, especially when I'm not in the mood for leisure surfing. So most of all, they are plainly unneeded on the modern day web.
Protection against spam these days is not very difficult or something to bother your visitors with. Below is a little rundown of both techniques I'm using on this blog.
the birds and the bees
The first method I use on my blog is the honey pot method. It's a very simple solution where you add one extra input field to your comment/contact/register/... form and hide it through css. Normal users will never notice this field, many spam bots will be caught simply because they try to enter every field available in the form. If something is entered inside this field, you can assume you were hit by a spam bot.
For accessibility reasons, a label needs to be attached to the hidden field explaining its purpose so people using screen readers or text browsers understand its function. To be on the safe side it might be better to avoid words like spam or empty inside the label, though I never really ran into trouble with that.
The honey pot is not perfect, and some bots are already adapting to it. But if served me well and still stops a fair share of the spam messages I'm receiving. Still, a few weeks ago I got hit a couple of times by smarter spam bots, so it was time to take extra measures.
akismet
Most blog platforms have a selection of plug ins you can use to battle spam. Akismet was first developed for WordPress, but quickly offered an extra service for people using their own platforms. It is a system that evaluates spam, based on more intelligent techniques. Not only automated analysis techniques, but also indications from blog owners marking messages as spam which got through the Akismet filter in the first place.
It's a system that learns, the more people who use it, the smarter it becomes. It doesn't look at the way spam is entered, but it looks at the message itself and evaluates the possibility of it being a spam message.
Akismet isn't perfect either, but it has the potential to become only better in time, as more people will start using it.
combining both
On my blog, I use both methods. Akismet is a very nice feature, but it's a service and services can go down unexpectedly. It's pretty safe but also not perfect. The honey pot is a little easier to pass but is as solid as can be and is easy to implement.
By using both, I haven't seen any spam pass through anymore. Best of all, no users are harmed in the process. So throw away those ugly captchas and secure your forms in better ways.
Article info
External sources
contact me
If you want to send me a quick message or you have any questions, don't hold back.
the archive
All my articles are neatly filed inside the archive. Search and filter your way to the articles you want:
7 comments in total
Mollom is, like Akismet, something you can implement to battle spam. They're helping over 4000 websites already to stay spam-free and have recently gone out of beta. Mollom was founded by Dries from Drupal fame together with a friend of his, Benjamin Schrauwen. They seem to be doing quite well so far, blocking almost 10 million spam messages with an efficiency of 99.79%. The drawback is that currently they don't have that many plugins for the various CMSes and website-building software yet. So far thery have Drupal, Wordpress, Joomla and Radiant plugins. I'm curious to see Mollom grow.
I fully agree with you on the inaccessibility of captchas. About a month ago, we were having the same problem and decided to implement a similar combination of spam protection systems. More information on that right here: http://www.socialgeek.be/blog/read/o-spammers-where-art-thou
What are your thoughts on cognitive questions to thwart bots?
roses are? 1 + 1 = ? The sky is?
They are a little better, but still require some effort from the user that could be avoided. I know Zeldman has them, and even though they aren't as irritating as visuals captchas, they require extra focus.
From the examples you've given, I'd only consider the calculation to be efficient enough. Skies can be cloudy and the "roses" reference is a cultural one. No way to be sure that some guy in Ethiopia will know what to answer.
So better than captchas, but still unnecessary I think.
Mollom is great indeed, telling you this as a Drupal user and site builder. And your article is great, maybe I will translate it into Russian so that more people here would be armed with your techniques vs spam.
Be my guest :)
Already translated, thank you, Niels. (RU: Перевод статьи тут - http://contorra.ru/spam-oborona-dlya-saitov-alternativnye-metody)
* required fields