Implementing "Report this content" and detecting spammer or robot triggered event

Question

I'm creating a forum for a website, and plan on implementing a "Report this content" function.

In all honesty, I'm not sure how useful (lit. necessary) the feature will be, since a user account (created by admin) will be required for posting, but the solution interests me.

So in short, this is the scenario:

For all users, there will be read-only access to all (non-restricted) content on the forum. For unidentified users there will be a reply button and report this content button present. The former will proceed to require a login, while I had planned that the latter wouldn't, so that anyone would be able to flag suspicious or offensive content.

The problem I'm thus facing is basically "robot clicks", or rather how to implement the system so it won't be fooled by "robot clicks".

There are a few methods that come to mind:

1) User-agent
2) Requiring several flags (in a predefined timespan?) before reacting in any way
3) robots.txt
4) Requiring human input on a second form (captcha or "specify reason")

What I think of them:

1) Unreliable (as sole solution)
2) This requires a mass of users which might lead to the event never being triggered
3) This is probably the "right" way to go, but will only work for those who respect it
4) Meh, I hate captcha and requiring a reason might raise the bar too high to keep the function useful

What methods would the (highly enlightend) community have to share with me?

Answer 1

You could simply redirect to a form where the user needs to enter a reason for reporting the content. A robot probably would not enter anything here and the form would not be processed if the user didn't enter anything.

Answer 2

You missed making the link a nofollow one, but I'd opt for a combination of requiring human input (reason, details of complainant) to counter robots and requiring a number of flags to stop people just flagging people they disagree with/don't like on the forum.

Answer 3

You could append the 'report this' <form> to the DOM with javascript's appendChild();.

This would prevent a lot of spam.

It would also prevent users not running javascript from seeing the report button. But since this is a feature that does not hinder the user-experience, it is probably an acceptable option.

window.onload = function() {
    var f = document.createElement('FORM');
        f.method = 'post';
        f.action = 'report.cgi';

    var b = document.createElement('INPUT');
        b.type = 'submit';
        b.value = 'Report this';


        f.appendChild(b);
        document.body.appendChild(f);
 }

Note:
The rel="nofollow" attribute makes sure search engines do not 'count' the link, they do however follow it (yes, the name suggests differently).

If you want the search engines not to touch a certain file, use robots.txt

Note 2:
Reporting something is an action that 'changes' something on the server. Thus, it should not be a GET request Instead it should be a POST request. In other words: do not use a <a href""> but instead submit a <form> with its method argument set to "post".