Avoiding Comment Spam with JavaScript
Aug 16 2006Originally I explained this on the Code Igniter forum, and since others are blogging it, I thought I should bring it here.
I guess I was nervous about sharing my anti-spam techniques on my own blog in case any spam bots are smart enough to read this article and somehow mutate and adapt. We'll see.
For a while, I had no problems with comment spam. Then I started to get a couple. Then one day I got like 50 at once, so I did something "extreme" - I made it so users have to have JavaScript to submit comments. I have a randomly generated spam key in PHP, and then use something like this on the page:
<form id="cform" style="display:none"> <input id="txtauthor" name="<?= $spam ?>a"/> <input id="txtemail" name="<?= $spam ?>e"/> <input id="txturl" name="<?= $spam ?>u"/> <textarea id="txtbody" name="<?= $spam ?>b" rows="10" cols="40"></textarea> <input type="hidden" id="antispam" name="antispam"/> </form> <script type="text/javascript"> document.getElementById('cform').style.display = 'block'; document.getElementById('antispam').value = '<?= $spam ?>'; </script> <noscript>Sorry, you need JavaScript to post comments.</noscript>So if the spam key is 'xxxx' the author field is 'xxxxa', email 'xxxxe', etc. The spam key is filled using JavaScript. Then on the server side I do this:
if (isset($_POST['antispam'])) { $antispam = $_POST['antispam']; $cauthor = $_POST[$antispam . 'a']; $cbody = $_POST[$antispam . 'b']; $cemail = $_POST[$antispam . 'e']; $curl = $_POST[$antispam . 'u']; if ($cbody && $cauthor) addComment($id, $cemail, $cauthor, $cbody, $curl); }This has majorly cut down on the number of comment spam I get. I still get the occasional one here and there, but they must all be done by hand instead of with some automated bot.
Unfortunately, this method means that users without JavaScript can't post comments on here. I regret that, but since nobody posts comments on here anyways, I figure it's not such a loss. :) One day, I would like to add some kind of captcha or approval system to allow posting of comments without JavaScript.
View 2 Comments | Add a commentComments
1. donn at 6:59pm on January 25, 2007
Hey,
Thanks for this. I was looking for a solution to my comment spam and your stuff was easy to integrate into my site.
Donn2. Anonymus at 3:28pm on March 29, 2008
Why not just use the code at http://javascriptkit.com/script/script2/accept_term.shtml and make the users confirm that they are NOT spamming.
Add a Comment
Recent Articles
- Google is Hosting Ajax Libraries
- Parse Accept-Language to detect a user's language
- Three years of The Future of the Web
- Saving data to a file with PHP
- Easy web scraping with PHP
- See all the articles
- IBM: Where and when to use Ajax
- Code Igniter 1.6.0 Released
- Update a Dev Site Automatically with Subversion
- See All...
Older Articles
- June 2008
- May 2008
- April 2008
- February 2008
- January 2008
- December 2007
- November 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- April 2005
- See All...
