tags:

views:

291

answers:

7
+5  Q: 

What is the best method to keep bots from spamming your blog?

Hey all!

I got a problem at my blog. I got visits from kind bots who leave "nice" comments to my blog posts :(

I'm wondering if there is a smarter way to keep them out, besides using the captcha modules. My problem with the captcha modules is that I thinks they are anoying to the user :(

I don't know if it's any help to anyone but my site is in asp.net mvc beta.

+12  A: 

Have you thought about using this?

http://akismet.com/

From their FAQ

When a new comment, trackback, or pingback comes to your blog it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down.

It's a really easy to use system, which I highly recommend.

jonnii  2008-11-03 21:59:28
A: 

I think you have several options...

  1. Require registration to post comments - but thats more annoying than captcha, so probably not the best idea

  2. Examine the user-agent of the poster (see here) for something that looks genuine or exclude those which look suspect

  3. Use a nice Captcha. As annoying as they are, used properly they aren't that bad. It took me 7 attempts to sign up for a gmail the other day because i just couldnt read what it said. A nice captcha though isnt that bad really, kept it short and READABLE

Andrew Bullock  2008-11-03 22:03:08
A: 

If the spam you are receiving is link-heavy you could assume any comment that contains >= 2 links is a spam comment and not post it to the blog unless the blog author approves them. This is what most comment-spam plugins do. I'm currently working on a blog software and I adopted this solution in the interim until I can integrate akismet fully.

Jared  2008-11-03 22:07:59
+3  A: 

Have a CAPTCHA that is really simple. Perhaps make it always "orange"? I don't think anyone's done that before.

 2008-11-03 22:08:44
To anyone voting down this apparently silly idea: it is what Jeff Atwood (a co-creator of stackoverflow) does on his blog, and it seems to work...
Ned Batchelder  2008-11-03 22:38:33
Yeah, I don't know why this answer was voted down. It's a legitimate answer, it obviously works (well, at least on Jeff's blog it works). And it's funny too. Guess the people that downvoted this either never read codinghorror.com or don't have a sense of humour.
Sandman  2008-11-03 23:18:33
I used to do this. I made my own captcha image that read abc123. It never changed. One user actually commented on the fact it was always the same.
Andrew Hedges  2008-11-22 07:55:45
With this sort of a solution, wouldn't it invite bots to target your site specifically? While an individual blog might not be large enough to warrant such attention from bot writers....couldn't large sites that are of particular interest to bot writers be exploited?
mezoid  2008-11-25 04:26:28
+2  A: 

Akismet is definitely the #1 method I know of for limiting spam comments. Also nice to offload that to a 3rd party (at a reasonable price).. that way if client complains, just 'shift the blame'

Another option is to incorporate something like mod_security's spammer signature file. They have a list of keywords you can scan a comment for and place the message to be moderated if you got a match. Though if you had a message board that actually discussed topics that contain these keywords, you'll need a lot of moderators. :-)

Also may want to consider scanning IP's and matching them against SpamHaus or DCShield's block lists. We recently started this approach and it has done wonders.

Things that don't work: requiring registration, simple captcha's, user agent... these can be automated or defeated with cheap labor.

Adam  2008-11-03 22:11:08
+6  A: 

I've had good luck with Honeypots and Hashes.

By making it difficult for robots to post successfully, you can let users post without registration, captchas, or false positives from akismet.

Ned Batchelder  2008-11-03 22:37:45
+1 for this, the same approach has let every human message through our filters and blocked every automated spam (I keep records just to check my filters' efficiency)
Gareth  2008-11-03 23:14:45
A former colleague had great success using honeypots
Ian Oxley  2008-11-04 09:52:31
A: 

I made spam into someone else's problem by using Disqus to run my blog's comments. There has been no spam since switching, Disqus keeps on top of it.

DGentry  2008-11-04 03:20:54

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps