[wp-hackers] Simple comment spam experiment
Shelly at WordPress
wordpress at anekostudios.com
Wed Apr 16 14:44:05 GMT 2008
when they visit?
Anyway, to your question - I'm one of those people who *HATE* captchas.
But someone taught me a trick for my own forms (I generally write my
own contact forms) so that I could prevent the automation (like you're
talking about) but allow "real" people through. I've never tried it
with my comments though.
Basically, the thing is, when spammers "automate" - they basically fill
in every input field available. They don't check to see what the fields
are, they just stick stuff in. They do this for hidden fields, as well.
So I've taken that to my advantage, and put in a hidden field labeled
"Surprise". The script then checks to see if any input is placed in
that hidden field. If not, then it's allowed to go through. If content
*is* placed in that field, then it stops it dead in its tracks. (For the
record, I even have an "accessible" notice - so if people are using
screen readers, they get a message telling them NOT to put in anything
in the field.)
It's worked pretty well. I still get occasional attempts, but I've
managed to filter the whole [url] thing and http:// thing to prevent it.
I don't know if that helps any, but I always thought it would be a nice
idea to put something like that in the comments script - it's pretty
simple. I just haven't had the time to try it out.
More information about the wp-hackers