Preventing Spam

Question

How do you stop bots on a page which is accessible to registered users only? 90% page is accessed by real users and 10% are bot.

I do not want to put captcha or verification method on the page because I know that my users wont like this and they lazy also.

Please share your ideas

Edit

I want to make this question more clear

Registration page has captcha
My site allows users to submit contents in other words its UGC site. Spammers copy other users content and put them on my site so blocking them via askimet is not possible.

Possible Solution

Just got one thing in my mind.

When user click on submit button server will generate a random number (using javascript) which will be then used in hidden field for verification.

Do you think this solution is practically applicable?

This may help http://stackoverflow.com/questions/1577918/blocking-comment-spam-without-using-captcha — Mike B, Jul 11 '10 at 17:20

score 4 · Accepted Answer · answered Jul 11 '10 at 17:21

4

One trick I like to use is to add a hidden input field to my forms that a real user would never see or change, but that a bot would blindly fill out.

Something like

<input name="spam_stopper" value="DO NOT CHANGE THIS" style="display:none;"/>

and then, in your form handling code, make sure the value of spam_stopper is "DO NOT CHANGE THIS".

A smart bot may ignore display:none, but that's not too likely - many do ignore <input type="hidden"> though, so I wouldn't use that...

answered Jul 11 '10 at 17:21

daryn

908
5
11

Very smart, but it might conflict with auto-form-filler extensions. – Christian Jul 11 '10 at 18:00
I am using this method but robots send hidden fields when form is submitted. – Maximus Jul 13 '10 at 11:16
jason4 - you WANT the robot to submit the field, as most will change the value. A changed value means it isn't a human. Christian - good point; I think naming the field something obscure will reduce the likelihood of that happening, as most auto-form-fillers only fill in known fields (like email, firstname, etc..) – daryn Jul 13 '10 at 18:17

score 3 · Answer 2 · answered Jul 11 '10 at 17:20

Given you have excluded captcha (which isn't 100% bulletproof), you need to check what your users type and allow or forbid their postings.

This task isn't going to be an easy one, so I would suggest to turn your attention to ready-made solutions such as Akismet.

score 0 · Answer 3 · answered Jul 11 '10 at 17:22

Since these bots don't follow robots.txt, you can always block them with an .htaccess, but it's lot of work (need to maintain the block list) since bots/spammers often change IPs. You also risk to block genuine users.

You can see Block Bad Bots for an example.

It can be useful but it's often too much work to block all of them VS let's say a CAPTCHA or similar system.

score 0 · Answer 4 · answered Jul 11 '10 at 17:46

Firstly, do you do human-verification on sign-up? That's the first step you should take to prevent spam on your site. Captchas are very effective, and even if you don't want to make users answer a captcha each time they post on the site, having them fill one out to create an account is perfectly reasonable. It only takes 2-3 seconds, and they only need to do it once.

If you're not willing to do that, you're going to have to put up with spam so long as your site is indexed in search engines.

score 0 · Answer 5 · edited May 23 '17 at 12:26

0

Prevent not sort out the spam

edited May 23 '17 at 12:26

Community

1
1

answered Jan 25 '11 at 10:23

Gennady Vanin Геннадий Ванин

9,445
10
71
102

What is the point of doing a search on spam and commenting and answering 20+ very old posts with no useful new information? – profitphp Jan 25 '11 at 16:07
And what is the purpose oа exaggerating? I did comment less than 5 old posts and in total (with new posts) they are far below 20. And I believe I did not include any old info – Gennady Vanin Геннадий Ванин Jan 25 '11 at 16:57

score 0 · Answer 6 · answered Jan 05 '19 at 10:20

Yes, CAPTCHAs are not user-friendly. There are a few techniques that you can use to prevent spams without using CAPTCHAs which some of them have been already mentioned by others:

Smarter Server-side Validation: This is specific to the form but for example in contact us form you can filter lengthy messages or messages including a lot of URLs. Or if you expect to get an email you can ping the domain.
Blacklist Mechanism: flag spammers by IP or phrases in a blacklist database. If you're using PHP a simple library like Guard can be helpful
Honeypots: This is already mentioned in the accepted answer
Time-based Protection: To check time to post a request is more than X seconds
Score-based Google reCAPTCHA v3: This version is totally re-designed compared to the previous one and detect spams behind the scene.

I've written a post recently and you can find more in depth there.

Preventing Spam

Edit

Possible Solution

6 Answers6

Linked