views:

31

answers:

3

I'm creating a forum for a website, and plan on implementing a "Report this content" function.

In all honesty, I'm not sure how useful (lit. necessary) the feature will be, since a user account (created by admin) will be required for posting, but the solution interests me.

So in short, this is the scenario:

For all users, there will be read-only access to all (non-restricted) content on the forum. For unidentified users there will be a reply button and report this content button present. The former will proceed to require a login, while I had planned that the latter wouldn't, so that anyone would be able to flag suspicious or offensive content.

The problem I'm thus facing is basically "robot clicks", or rather how to implement the system so it won't be fooled by "robot clicks".

There are a few methods that come to mind:

1) User-agent
2) Requiring several flags (in a predefined timespan?) before reacting in any way
3) robots.txt
4) Requiring human input on a second form (captcha or "specify reason")

What I think of them:

1) Unreliable (as sole solution)
2) This requires a mass of users which might lead to the event never being triggered
3) This is probably the "right" way to go, but will only work for those who respect it
4) Meh, I hate captcha and requiring a reason might raise the bar too high to keep the function useful

What methods would the (highly enlightend) community have to share with me?

+1  A: 

You could simply redirect to a form where the user needs to enter a reason for reporting the content. A robot probably would not enter anything here and the form would not be processed if the user didn't enter anything.

Thorsten Dittmar
Yeah, I though of this (might've been editing my question while you answered), but I'd rather not go there, unless there isn't a better solution available.
nikc
But actually, if the reason would be a multiple choice form, maybe it wouldn't be such a deterrant. But how would that be for spiders?
nikc
Definitely provide an "enter reason" option. Something may sound innocent out of context. Also, name the field in non-standard way ("f0878"), then add a hidden (by CSS) dummy field named in a default way ("reply"). Any notification which sends non-empty "reply" field is spam filled in by a spambot.
SF.
+1  A: 

You missed making the link a nofollow one, but I'd opt for a combination of requiring human input (reason, details of complainant) to counter robots and requiring a number of flags to stop people just flagging people they disagree with/don't like on the forum.

Rowland Shaw
I do have `rel="nofollow"` present, but robots do still follow them, they're just treated differently in pageranking. http://en.wikipedia.org/wiki/Nofollow#Interpretation_by_the_individual_search_engines
nikc
+1  A: 

You could append the 'report this' <form> to the DOM with javascript's appendChild();.

This would prevent a lot of spam.

It would also prevent users not running javascript from seeing the report button. But since this is a feature that does not hinder the user-experience, it is probably an acceptable option.

window.onload = function() {
    var f = document.createElement('FORM');
        f.method = 'post';
        f.action = 'report.cgi';

    var b = document.createElement('INPUT');
        b.type = 'submit';
        b.value = 'Report this';


        f.appendChild(b);
        document.body.appendChild(f);
 }

Note:
The rel="nofollow" attribute makes sure search engines do not 'count' the link, they do however follow it (yes, the name suggests differently).

If you want the search engines not to touch a certain file, use robots.txt

Note 2:
Reporting something is an action that 'changes' something on the server. Thus, it should not be a GET request Instead it should be a POST request. In other words: do not use a <a href""> but instead submit a <form> with its method argument set to "post".

Jacco
Good point on the POST request. How do robots (the nice kind) react to forms? Spamcrawlers do obviously submit forms, so the problem still persists.
nikc
if you add the form to the DOM with javascript, the crawler would have to support scripting to even notice there is a form.
Jacco
'Good' crawlers will never make POST-requests, as it is against the specs.
Jacco
@Jacco: needless to say, the 'Good' crawlers aren't what's worrying me. (As much anyway. I'm sure there are unintentionally sloppy ones in that lot, too.) The JS DOM injection + required input is indeed looking like a good way to go.
nikc