How to Avoid Comment Spam?
I’m sure you’ve seen them before, these mindbreaking questions you need to answer or decipher just to comment on an article. After 5 try-outs the horrible thing finally agrees to what you’ve typed down. As a webmaster you don’t want to spend too much time deciding whether the comment was made by a automated bot or not.
As a visitor you don’t want to spend your time solving a stupid question in order to contribute to an article. In this article I’ll show you some of the most common solutions to avoid comment spam.
A good option is to hard-code some level of security yourself, which is not that much work if you are using wordpress as CMS. You can simply disable html tags in the comments textfield to avoid a great deal of spam. Jon Blackburn wrote an interesting piece about it, in where he explains how to disable the html tags.
A second solution is the CAPTCHA (completely automated public turingtest to tell computers and humans apart), which is a reactiontest composed out of numerous randomized characters which need to be reproduced by the user. Some CAPTCHA’s have been broken by OCR programs (optical character recognition), but most of them are still standing ground.
Although the CAPTCHA-image does work, it is burden for the user because the generated images can be hard to read and sometimes need several tries. It’s hard enough to encourage people to leave comments on a blog as it is without forcing them to decipher an image sequence. If you’re still thinking about integrating this into your system, maybe you can have a look at the fancy ajax plugin where you need to drag and drop a certain icon to prove you’re human. John Willis made a summary of 10 examples on how not to integrate it.
Another possibility is to implement a wide variety of questions into the form, which needs to be answered by the visitor. Eric Meyer wrote an article at WP-gatekeeper about this. He suggested to ask simple questions, eg. “what is Eric’s first name?”
It seems innocent and not difficult to answer so this might be a good solution, but it will encounter a problem in the long run: the answers can be put into a database, which spambots can use… it looks far fetched but some people have nothing else to do.
While these last two solutions work ’till a certain degree, they still acquire interaction from the visitor. This doesn’t make the whole story user-friendly. Visitors shouldn’t be victimized by the web designer in their own fight against spam. Instead of asking the user to prove he’s human, you can trick the spam bot into revealing it’s a bot.
Form-filling bots first read the form and then have the tendency to fill out the form as thoroughly as possible, just because they don’t know any better. These bots can be stopped by including a textfield on the form which is invisible to people (this can be done with simple css) and should be empty. These fields are called honeypots and are validated when the form data is posted. If they contain any text, then the submitter must be some kind of bot, and the submission is discarded.
If you are running your website with wordpress as CMS, we have some interesting plugins which are highly recommendable in order to minimize comment spam. The first plugin is Akismet, which is already pre-installed for you. In order to activate it, you’ll need to signup for a wordpress.com account. You receive the API-key by email. It works great, ’till now the plugin blocked all spam-comments and I didn’t do anything so far.
The next plugin is called ‘math comment spam protection‘ and is similar to the “what is Eric’s first name” question, but instead it will ask you to answer a simple mathematical question, e.g. 9 + 2 = ?? . It’s a simple and quick solution and is not that irritating as the CAPTCHA’s but it still need’s special attention from the user.
If you’re not interested in installing plugins, you should definitely change something in the settings of wordpress (if you’re using wordpress that is). Under Settings – Discussion you have some options regarding comments. “An administrator must always approve the comment” gives you the ability to withhold any comments made on the blog. Although this seems a great option, it does give you a lot of work as well. I prefer the option “Comment author must have a previously approved comment”, this way you only need to check if the author is human or a bot once.
Blocking all spam comment is very difficult, if not impossible. The ultimate solution need to be a perfect balance between usability and security, without passing the responsability to the users (so preferably non-interactive). In my opininion Akismet is highly effective at reducing the amount of spam and fore sure kept my comments free from spam ’till now.
In future who knows what is possible, maybe the verification can be done by scanning your fingerprint on a mobile phone with touchscreen or the application can check for brainwaves. But whatever solution you choose, in the end you can only reduce the spam and not block it.