Comment spam defeated at last
Posted 15 years ago
For years when running this blog, I would have to log in each day and delete a dozen comments due to spam. This was a chore, and I tried many ways to stem the tide.
Finally, a few months ago, I found a way that worked 100% of the time. This raw text file shows what I'm up against, containing all server variables and full text of every comment I've gotten in the last couple of months.
Here's the code for the comment form below. Can you spot my solution? (No, it's not the "http:" part, which almost worked)
<div class="roundedcornr_top_473174"><div></div></div>
<div class="roundedcornr_content_473174">
<div id=commentBox class=commentBox>
<div class=pad>
<h2>Post comment</h2>
<form action="/blog/index.php" method=POST onsubmit="return validateCommentForm(this);">
Real Name: <input type=text name=displayname /><br>
<span style="visibility:hidden"> Your Email (Not displayed): <input type=text name="email"/></span><br>
Text only. No HTML. If you write "http:" your message will be ignored.
<br>
<textarea cols=60 name=comment rows=10 wrap=soft ></textarea><br>
<input type=submit value="Post" />
<input type=hidden name=id value="75">
</form>
</div>
<div class=comment>
</div>
</div>
</div>
Steve Hanov makes a living working on
Rhymebrain.com,
rapt.ink,
www.websequencediagrams.com,
and Zwibbler.com. He lives in
Waterloo, Canada.
Post comment
edit
jim dorey
14 years ago
i was wondering, confused, about there being the hidden e-mail entry... i guess that was it...clever.
edit
Eric
15 years ago
Brilliant! You can use JavaScript and external style sheets to make it even harder for the spam bots to know that field isn't displayed.
edit
rwhitworth
15 years ago
So the spam bots auto fill the email field, whereas the rest of us using web browsers never even see the email field. Very nice. I wonder how long it'll be before the bot writers notice this and work around it.
Cross-domain communication the HTML5 way
Making a web application mashable -- useable in another web page -- has some challenges in the area of cross-domain communications. Here is how I solved those problems for Zwibbler.com, using HTML5 cross domain communication.Email Etiquette
If you begin your emails with "Hi, <name>!" then they will seem less rude.Finding Bieber: On removing duplicates from a set of documents
Using a locality sensitive hash, you can mark duplicates in millions of items in no time.
How to run a linux based home web server
Sometimes you need complete control over the server, and don't want to pay $20 to $40 a month for a VPS. In this article, I'll describe step by step how to set up a home web server using Ubuntu, capable of handling modest spikes in traffic.Four ways of handling asynchronous operations in node.js
Javascript was not designed to do asynchronous operations easily. If it were, then writing asynchronous code would be as easy as writing blocking code. Instead, developers in node.js need to manage many levels of callbacks. Today, we will examine four different methods of performing the same task asynchronously, in node.js.Zwibbler: A simple drawing program using Javascript and Canvas
Now it's a commercial product, but Zwibbler was once a fun side-project, and here's some details on its implementation.