Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Mark Leighton Fisher (4252)

Mark Leighton Fisher
  (email not shown publicly)

I am a Systems Engineer at Regenstrief Institute []. I also own Fisher's Creek Consulting [].
Friday February 02, 2007
06:19 PM

Use Invisible Fields to Combat Comment Spam

[ #32312 ]

Another technique to combat comment spam in your blog is to add some fields to your blog's comment form that cannot be seen. I am not talking about HIDDEN fields, although those might work in some cases (I have no idea how smart spambots are). A clever technique that I had not seen before in the above blog post sets the CSS style for these extra fields to invisibility. With a separate stylesheet,the common spambot might not ever realize that it is filling in a field that a human or other sentient would never see. You can just accumulate the comment spam in your database while hiding it from view (the approach taken above), but if you can modify your blog software, then comment spam can just be ignored before it makes it out to the database that is what I would do. In any case, another tactic to combat comment spam (and less annoying than some CAPCHTAs).

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • You may not have seen it anywhere else, yet there's been a blog post [] that got linked to from Reddit, two weeks ago. That post itself in turn points to yet another article.

    Anyway, that's not what I wanted to comment on. What I did want to say, is that another link found on Reddit, a "movie", clearly showed that with tools currently in use by comment spammers, captchas are easily bypassed, completely automatically. A test shows [] a submit of the same post on 400 different forums in about 10 minutes time.

  • Unfortunately, just like many CAPCHTAs, wouldn't this keep those with visual disabilities from commenting? How are users not using CSS's screen profile (or not using CSS at all) going to know that this particular form field should not be filled in?

    Still, an interesting idea. I think ultimately the solution may be for everyone to roll their own solution with modified software, such that there is no one technique that spammers can break.
    • Instead of making the form field invisible, create a div that's invisible via CSS, with text and the form field. The text then noting that the field is for spam prevention and is not to be filled in. That way anyone using a screen reader or not CSS enabled, can understand why the field is there.

  • DVD John's blog [] uses WP-Hashcash [] which is another interesting idea adapted from email spam ideas. I don't know how it degrades for those who don't have Javascript, though.

    Basically, submitting a comment requires your browser to devote a certain number of processor cycles to calculating something that is quickly verifiable by the server [].