So for anyone that’s really in to it, I had to take comments offline for a bit today. There’s nothing wrong with the system, it’s just that some bastard spam bot has decided that I’m a very lovable target, which sucks.
There is no overall problem, because most of my mantraps seem to work well. So, these buggers just keep posting and I keep seeing crap email because of it. And frankly, due to the fact that I get so few comments on the site, I just don’t want to have a new email notification every five minutes about a new comment that really isn’t a new comment and didn’t even get posted on the site.
But, this isn’t a probably that just my site has. It affects pretty much anyone who allows the public to submit information to their site. We all have to deal with it and some of those ways to deal with it are really annoying, such as those annoying groups of letters and numbers you have to enter.
I really don’t want to saddle and end user with that, so I try to take on the fight behind the scenes. This is done in four parts:
1. Get the offending IP and block that user in .htaccess. This is really useful (albeit heavy-handed) when you have a site in say, Spanish and you’ve got spammers coming from China. You can block whole networks and it works pretty well.
2. See if the user is just tossing data at your site. Setting up an authentication “session” for users works well for some spammers because they will try to post information at your site from their server without actually viewing your site. Giving someone a token when they visit a page and then checking for that token really goes a long way. Of course, there are plenty of ways around this.
3. See if they’re human. A human being can’t type a comment in five seconds, but a machine can since there is no typing going on. If you check to see if they spent that long writing a comment and block them if they did. This works well and has yet to snare any real people.
4. In rare instances on some sites, I require any comment with links to be approved. Most users on most general sites never leave link comments. Spam bots do though, since that is the main reason they’re doing what they’re doing. Checking for a bit of link code, or better yet, just dropping comment with five or more links can catch other annoyances.
So, that’s it. A couple of the tricks I use to keep my site crap free. Now I just need a filter to run whenever I write about things that piss me off, so that I can make the site totally crap free. I’ll probably enable comments again after the holiday if it’s causing you a lot of pain not to have them.