Saturday, January 14, 2006

Fight guestbook spam

The guestbook of my Andreas website got spammed so much that 2/3rd of it was spam. The spamming frequency increased from once a month to several times a week. It became impossible to clean up the spam manually.

On the other hand, I did not want punish my users by having them type some number before entering there message.

I now use a technique that is just as useful and at the same time does not require any action from the user. When the guestbook is visited, the guestbook form is extended with a (dynamic) secret code. If the user sends the form with his message, the code is sent along. The message processor then checks if this code is the same as the code he expected. Only then the message is allowed.

The code is generated, so that it is different each time. I use a somewhat simple code that remains the same all day. Once you know the code (from the HTML source code), you can spam me all day long :) But the next day the code is different. It is still possible to create a script that creates spam automatically for this site, but I seriously doubt that our spamming friends will go through all that trouble. And if they do, we will, *ping*, enter the next round, and the fight is not lost :)


Post a Comment

<< Home