tags:

views:

72

answers:

4
Q: 

Preventing Spam

How do you stop bots on a page which is accessible to registered users only? 90% page is accessed by real users and 10% are bot.

I do not want to put captcha or verification method on the page because I know that my users wont like this and they lazy also.

Please share your ideas

Edit

I want to make this question more clear

  1. Registration page has captcha
  2. My site allows users to submit contents in other words its UGC site. Spammers copy other users content and put them on my site so blocking them via askimet is not possible.

Possible Solution

Just got one thing in my mind.

When user click on submit button server will generate a random number (using javascript) which will be then used in hidden field for verification.

Do you think this solution is practically applicable?

+3  A: 

Given you have excluded captcha (which isn't 100% bulletproof), you need to check what your users type and allow or forbid their postings.

This task isn't going to be an easy one, so I would suggest to turn your attention to ready-made solutions such as Akismet.

Anax  2010-07-11 17:20:17
+1 for mentioning askimet. That stuff just *works*.
John Conde  2010-07-12 15:44:23
+1  A: 

One trick I like to use is to add a hidden input field to my forms that a real user would never see or change, but that a bot would blindly fill out.

Something like 

<input name="spam_stopper" value="DO NOT CHANGE THIS" style="display:none;"/>

and then, in your form handling code, make sure the value of spam_stopper is "DO NOT CHANGE THIS".

A smart bot may ignore display:none, but that's not too likely - many do ignore <input type="hidden"> though, so I wouldn't use that...

daryn  2010-07-11 17:21:06
Very smart, but it might conflict with auto-form-filler extensions.
Christian Sciberras  2010-07-11 18:00:19
I am using this method but robots send hidden fields when form is submitted.
jason  2010-07-13 11:16:10
jason4 - you WANT the robot to submit the field, as most will change the value. A changed value means it isn't a human. Christian - good point; I think naming the field something obscure will reduce the likelihood of that happening, as most auto-form-fillers only fill in known fields (like email, firstname, etc..)
daryn  2010-07-13 18:17:26
A: 

Since these bots don't follow robots.txt, you can always block them with an .htaccess, but it's lot of work (need to maintain the block list) since bots/spammers often change IPs. You also risk to block genuine users.

You can see Block Bad Bots for an example.

It can be useful but it's often too much work to block all of them VS let's say a CAPTCHA or similar system.

AlexV  2010-07-11 17:22:45
A: 

Firstly, do you do human-verification on sign-up? That's the first step you should take to prevent spam on your site. Captchas are very effective, and even if you don't want to make users answer a captcha each time they post on the site, having them fill one out to create an account is perfectly reasonable. It only takes 2-3 seconds, and they only need to do it once.

If you're not willing to do that, you're going to have to put up with spam so long as your site is indexed in search engines.

Lèse majesté  2010-07-11 17:46:03

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases