About a month ago I switched to a javascript-only comment system and haven’t had a single spam comment since.
The new approach to allowing comments here is:
- Require all comment submissions to be accompanied by a token specific to that article.
- Remove the comment form from the article page.
- Some unobtrusive javascript to replace the “To comment on this article you must have javascript enabled” paragraph with a “Add a comment” link which fetches the comment form via XHR and spits it into the DOM.
It’s not full-proof, but you’d have to do an extra HTTP request for each article as well as a bit of custom parsing code to pull out the token.
Seems to be working ok for now. I should shoot a link over to my friend Scenario Girl to see how it fairs with a screen-reader etc.
Archived comments
Comments were previously allowed on articles. Though no new comments are being accepted you can see the old comments below.
-
It sounds really interesting Tim. I’m going to have a look at it – I hope it works out ok, I’m getting stacks of spam atm too!
-
I use a similar system, but instead of a second request I discard regular submits to the form and only accept those sent by a JS callback (with a token).
I think the key is to make it unique to each site. A non-general solution is too small a target to be worth a spammer’s coding time.
-
Lisa: emailing you now…
Evan: True true… if only there was a way to allow people to customise it easily, to have their own non-general approach.
-
I got fed up with comment spam on my site, so I added a dropdown box to my comment section that said “Are you a human?” with the options “No”, “Unsure”, “Yes”, and “Negative”. I captured all results to see how the spammers handled it. About 20% chose the default (No), 20% chose the bottom option (Negative) and 60% chose the correct option!
Amazed, I then changed it to a textbox and wrote “Captcha! Type ‘hello’ here:”. I have not (in over 4 weeks) had a comment get through. The spammers either leave the box empty, or put a random (hash-looking) string. A few (maybe 5%) write “captha! type ‘hello’ here:”.
I was a bit upset, as after they all passed the dropdown box test I was looking forward to getting into some spammer-baiting.
-
Mr Speaker, you’re one of those evil geniuses that sits around plotting and making the rest of us look bad, aren’t you?
Bastard…
:p
-
Earle you’re a crack. “Are you human?” I love it.
-
This works for bots, but what about human spammers? I get comments that I’m sure come from actual people who are paid to type in spam comments on my blog.
Still, it’s great to hear that you’ve had such success.
-
So Tim, how’s your system going 2 months down the track?
-
@topfunky: no human spammers so it seems… or none that have JS enabled :)
@lisa: believe it or not, not a single piece of spam.
-
hey Tim, wanna buy some viagra?