Chris Heilmann’s post about suitable replacements for CAPTCHAs reminded me about the little tricks I’ve used to avoid comment spam in the Life of Jalo. While the solution is exceedingly simple it is effective:
- the comment form has a hidden field with an autogenerated value and
- the server checks for the validity of the hidden fields value when submitted.
Currently the autogenerated value is static, but can easily be changed to something a bit more dynamic, especially if session or such are used. By using this approach LoJ hasn’t gotten any comment spam. A matter that was highlighted when I used the same commenting script to allow feedback in Anna’s comic and forgot this little piece of protection. For a site that gets relatively few visitors (about 20 a day then) it took only four hours for the first spammers to use the form. Implementing the spam protection outlined above dropped the amount of spam to zero immediately.
I don’t know if this kind of approach could be used to foil robots and ensure that a human is filling the form, but it is an effective way to avoid comment spam. I know that the current value that’s used would be very easy to hack if spammers had any incentive, but I’d be interested in figuring out if a more complicated key generation would work.
Maybe I’ll get around to testing some approaches sometime later…