Fighting Spam with SilverStripe
August 16, 2011 by Jeremy

I decided to fight back against the spam mounting up on this blog. Over several months I explored different techniques of combatting it.

SilverStripe Spam Protection

SilverStripe contains a spam protection field: "MathSpamProtection", which asks the visitor to add two numbers together. I can't say I'm too proud to the be author of that one, as it did not take spam bots to figure a way around it (by reading the numbers).

Round 1 - fight!

I've now written a better form of protection, which I've called "HoneyPotSpamProtection". This adds a field to your form, which is hidden by CSS, so humans can't see it. If the field is ever filled out, the form validation will fail.

Spammers may figure out how to get around it by not filling out any fields with the honeypot name. However my next improvement in this war will be to made the name of the field random so that it can't be guessed.

Evil spammers may select certian fields for bots to fill out, but I'll think of something else. There are always services like Mollom and ReCapture which I could employ. Lets see how this new technique goes first.

Round 2

It turns out my new approach is not good enough, as the spam is still coming. I assume the spammers are using a front-end approach...perhaps by automatically filling out specific form fields. The growing ammount of traffic from India and China in my ananltyics reports.

I have blocked all traffic India and China, which apparantely are the culprits for all the spam, but this isn't an ideal solution. I'll probably continue to get spam from elsewhere.

Round 3 - Down, but not out

Even with blocking India and China, I still recieved ample spam within a day or two. I have now resorted to the captcha, which I'm guessing will solve my spam woes for good. I was hoping for a solution that didn't require visitor interaction.

I'm using reCaptcha , which is owned by Google, and helps to scan books text in the process.

Round 4 - KO!

Now four months on, I'm getting less spam, but I'm still getting plenty of it. I'm surprised that actual humans are filling out the comment boxes. My theory is that there is a sweat shop in some remote country with human spammers generating terrible backlinks all day long. I feel sorry for the website owners who are wasting their money on these people. During my fight, I came up with an idea for making money off spam, which relates to this.

I've decided to change tactic. I've enabled moderation of comments. This way my laziness to check messages won't cause my site to be riddled with messages. I think this is actually quite a smart step forward, because now I'll get an immediate notification of a new message, meaning that i can respond quickly to proper messages.

 

In approximately round 3, I removed the ability for author names to be links. I may re-introduce this now that I'm moderating comments, perhaps as a nice way to reward those who comment.