Dealing with spamWe currently have a bit of an issue with spam bots. It’s not a huge, insurmountable, problem. However we are consistently seeing a few bots slip through the net. But, as they’d say in Audax, tendit in ardua virtus!
[1]What we currently utiliseAs it stands, we use three key methods of anti-spam protection:
- Email verification: requires newly-registered users to activate their account via email
- CAPTCHA: This consists of those annoying letters that everybody struggles reading
- Anti-spam question: These are usually easy to answer
This multi-layered approach is similar what we used at Zetaboards, and even then saw spambots slip through the net. The same is happening now.
Now, unlike with Zetaboards, we are in a position to improve that situation. Having considered our options, I’ve decided to adopt the following three
additional measures:
- Form time gate: Spambots are fantastic. They’re beautiful. And they fill those forms in within milliseconds. Fortunately, we know that. And so the time gate will automatically block any user that attempts to register within X amount of seconds (I know what it is, but let’s not make it too obvious).
- Hidden question: We’ve hidden a question that 50% of the time users can’t see. Bots can see it though (they just use the source code!), and if it gets filled in, then it will reject the application
- Akismet anti-spam: This system was adopted from WordPress and is effectively a last line of defence, meaning if the spambots get through, Akismet will flag the post by detecting what it considers spam content, then will place it in the mod queue.[2]
So overall we now have 6 countermeasures against spam. We’ll still probably get the occasional spam bot, but hopefully these occasions become much fewer and far between.