Alyosha Popovich vs Tugarin Snake or how I fought spam

    It all started from the fact that I wanted to keep my blog. As a diligent programmer, I put on comment a simple captcha to prevent spam. But it wasn’t there ... Captcha was hacked ... Twice ... Then I lost my temper and decided to turn off commenting until a decision was made.

    Looking under the cut, I am sure you will appreciate its originality.

    Standing on his head


    I was prevented from programming or looking for a new captcha by a professional skill, namely Laziness. As an excuse, I thought that it was somehow unsounding to strain users to understand an incomprehensible beech-digital heap of characters.

    It was decided to turn to radical methods of solution. Namely, REMOVE CAPTCHA (if you think about it, life will become easier for three “characters” at once: my server, spam bots and users).

    In exchange, a simple ban system was created for IP + pre-moderation of comments. Everything seems to be fine, except that I was tired of banning bots (at that time the number of blocked IPs in the database was approximately 100). And then gritting his teeth, it became clear that something new was needed.

    Observation is the key to success


    After observing the spam comments of day 2, I noticed that they (i.e. spam bots) fill in all fields, even email, which is optional. Guided by a well-known quote ( make your shortcomings your advantage ), it dawned on me.

    Following the logic of the layout, I added another input named phone and using JavaScript I make it hidden (it can also be done through CSS).

    I did not have to wait long to see that spam bots fill this field, with only numbers. Then in the place of adding comments we add a check, if the phone field is filled, then this is a bot, if not, it is a friendly user. After a couple of days, I turned off pre-moderation, although I left the ban system just in case.

    Also popular now: