Comments on: Dealing with SPAM

By: dashifen

dashifen — Wed, 19 Sep 2012 21:06:00 +0000

I’d agree if I ever had one of those. The only complaints about a CAPTCHA I got was on an old PHPBB forum. While I agree 100% with the hate for them, I think they’ve become such an expected “feature” of the web that people just deal and move on.

By: Ben Brocka

Ben Brocka — Wed, 19 Sep 2012 20:12:00 +0000

I’d rather get complaints from nosey web developers whining that I don’t have a captcha than from angry users whining that I DO have a captcha…

By: Heath Huffman

Heath Huffman — Wed, 19 Sep 2012 17:57:00 +0000

We have used every technic, including all that you mentioned, in combination with each other, and its almost impossible to stop bots. For smaller traffic sites, a lot of this stuff works. But when you start getting thousands of unique vistors each day like our website, you draw more attention to yourself. Spammers want their spam on high traffic sites. We own and operate a free website builder (Doodlekit). We draw lots of attention from spammers as you can imagine because they want to use bots to create thousands of spam sites using our tools. We have spammers that specifically create bots just for our website.

We have finally found a simple and easy to use captcha system that works great (100% effective against bots). I highly recommend them: http://areyouahuman.com. As far as I know (for now) there is no way a bot can get through this.

We still get lots of spam sites created daily, but they are all done manually by spam farms in India and other countries. Stopping manual spam is a whole different beast, but this should prevent any bot spam you would get.

By: Heath Huffman

Heath Huffman — Wed, 19 Sep 2012 17:50:00 +0000

We have finally found a simple and easy to use captcha system that works great (100% effective against bots). I highly recommend it: http://areyouahuman.com. As far as I know (for now) there is no way a bot can get through this.

By: Jon

Jon — Wed, 19 Sep 2012 16:54:00 +0000

I highly recommend WebAIM’s article / techniques on Spam-free Accessible Forms. Using these techniques has virtually eliminated all spam from all the client sites I’ve used it on, with no burden on the user: http://webaim.org/blog/spam_free_accessible_forms/

I know in the past there were some issues with honeypot fields and user’s form auto-fill tools (the auto-fill tool would fill out the hidden honeypot field, especially if it had a recognizable name like “email2″). This may be less of an issue now, but worth testing on any implementation you do.

By: dashifen

dashifen — Wed, 19 Sep 2012 11:40:00 +0000

I made a form without a CAPTCHA and with a honeypot (apparently we … or maybe just I … learned them as honeypots and not honeytraps; US vs. UK difference perhaps) and I actually go messages from other web programmers about how my form wasn’t secure!

I finally had to add a CAPTCHA back onto the form that was always correct regardless of entry. I didn’t even check it; it was a complete waste of time. But, it made legitimate people stop sending me messages about how I should have a CAPTCHA on my form.

This was a few years ago, though, so hopefully more people in the community have come around to the honey(pot|trap) way of thinking.