No More V1@grA
September 10, 2007 12:45 PM   Subscribe

PHPFilter: I'm about to write part of a web application that allows visitors to submit ratings and comments for events. How can I keep spam to a minimum?

I've discovered, from past efforts, that essentially anything with a textbox will get spammed on the net. There isn't going to be user registration for this, and almost I will be monitoring for certain IPs, it will not be filtered.

So, the parts are CodeIgniter, PHP, MySQL. On a PHP4 server I have virtually no control over.

Any ideas? I'd like to avoid captcha if possible.

posted by tmcw to Computers & Internet (7 answers total) 9 users marked this as a favorite
Have a field which isn't visible on the webpage. If it gets filled out, either ditch the input completely or put it in a moderation queue.
posted by djgh at 1:26 PM on September 10, 2007

posted by sonofslim at 1:28 PM on September 10, 2007

Or Akismet.

On preview - yeah, what sonofslim said.
posted by djgh at 1:29 PM on September 10, 2007

There's a cool plugin for Wordpress that offers a pretty good level of spam protection using simple arithmetic. An example can be found on this site. I've seen it elsewhere, seems pretty popular. Depending on your php skills, you could probably knock together something similar. Good luck!
posted by ReiToei at 2:04 PM on September 10, 2007

re: Akismet. More specifically, you'll want to look into integrating this package into your PHP scripts. You may also want to create at least one moderation queue in your script, and probably a frontend for the queue unless you like tinkering with the database manually via phpmyadmin or the command line.

Other options that don't involve captchas: turn off comments after a pre-defined period of time, like two months after the last comment; this shuts down spammers trying to attack old posts in the hopes of catching you off guard. You can also try requiring an e-mail address, followed by an e-mailed confirmation message with a link to publish the comment (though this may require too much end-user intervention for your tastes).

Finally, you should have a "disable comments" switch on each post/event as a last resort. Sometimes spammers will target posts with specific keywords, but the more important issue is that sometimes you'll also have to worry about flame wars and off-colour discussion, and you'll want a way to shut that down quick. (Parallel to Rule #34, that there's a fetish for everything and you'll find it on the internet, there should be a Rule #35: you can argue about anything on the internet, no matter how trivial or benign.)
posted by chrominance at 2:26 PM on September 10, 2007 [1 favorite]

I find that KittenAuth works for me most of the time. It's a lot easier for users to deal with then other types of captchas but still has accessibility problems that you need to work through. What djgh said will work too but if you do that, make sure you hide a label with the input that says "Don't fill this field in." or something otherwise people without CSS or people using screen readers will be confused as to what it's for and may fill it in.

Whatever you use, just make sure that you customize it. Don't use something out of the box. The trick to defeating spammers is to keep your spam protection unique to your site.
posted by sipher at 2:54 PM on September 10, 2007

Best answer: There are a bunch of ways. A field that should never contain anything is good, as many spam bots put junk in every field.

Also, most spam bots are not cookie-capable, so using a session cookie is a good option at times. Set a hidden-field with an authcode, if the submitted authcode doesn't match what's in the session, then it's possibly fake.

If you're being web 2.0ish, and are willing to require Javascript, you can implement a javascript based MD5 or something, where you submit a hiddenfield with MD5 sum of other selected fields, which is calculated when the fields are 'blurred'.

Those are a few non-invasive options I've explored in the past.
posted by sycophant at 3:27 PM on September 10, 2007 [1 favorite]

« Older Software for easy screen prints   |   How do I make him stop? Newer »
This thread is closed to new comments.