Hiya all, I am currently getting alot of comment form spam on my blog currently and I was wondering what is the BEST way to combat this.
Appologies if this not entirely relevent to Umbraco, but I wanted to discuss this topic with other Umbraco developers to see how they are solving this.
So I am aware of the following techniques:
Honeypot technique - A field to be left blank by users as hidden with CSS
Captcha - The annoying unreadable characters
3rd Party services - These check whether the comment or not is spam
Am I missing other methods on how to solve this?
So if you have ever created a website form that has been hit by spam, what did you do if anything to resolve the problem.
From our own experience at gecko, adding a simple honeypot to Doc2Form forms cut out about 99% of comment spam. I still need to go and delete the occasional bit of (probably human generated) spam but it's remarkably effective for the majority of spambots out there. That coupled with the fact that .net will often throw an error if someone puts html in a form (which spambots are keen on doing) keeps out a lot.
Besides the options you list, we've also tried variations on these
Setting a timer on the page (was the form submitted too fast to be human?)
Checking referrers - often the spambots just post directly to the post URL, without actually going through the form.
How best to resolve form spam?
Hiya all,
I am currently getting alot of comment form spam on my blog currently and I was wondering what is the BEST way to combat this.
Appologies if this not entirely relevent to Umbraco, but I wanted to discuss this topic with other Umbraco developers to see how they are solving this.
So I am aware of the following techniques:
Am I missing other methods on how to solve this?
So if you have ever created a website form that has been hit by spam, what did you do if anything to resolve the problem.
Thanks,
Warren :)
Evening
From our own experience at gecko, adding a simple honeypot to Doc2Form forms cut out about 99% of comment spam. I still need to go and delete the occasional bit of (probably human generated) spam but it's remarkably effective for the majority of spambots out there. That coupled with the fact that .net will often throw an error if someone puts html in a form (which spambots are keen on doing) keeps out a lot.
Besides the options you list, we've also tried variations on these
I think this is a helpful post, based around building a scoring system for form submissions e..g
Then a threshold is set, over which the comment is marked as spam.
The net result is that there is no perfect method, just a series of reasonable steps to take.
Dan
I wish I'd written Dan's post... it is exactly what I wanted to say! :)
cheers,
doug.
Thanks Dan a very detailed reply, that is very useful.
I think I may try the honeypot method with /Base for when I work on updating this comment form.
But I am still open to any other suggestions/ideas.
Warren :)
I did use the Ajax.NET nobot protection and works pretty good: http://www.asp.net/AJAX/AjaxControlToolkit/Samples/NoBot/NoBot.aspx
NoBot does work ok, but it relies on javascript - making it unusable for most cases as far as I can see. Shame though
is working on a reply...