Alyosha Popovich vs Tugarin Snake or how I struggled with spam
It all started from the fact that I wanted to run my blog. As a hard-working programmer, I put a simple captcha on commenting to prevent spam. But it was not there ... Captcha was hacked ... Twice ... Then I lost my temper and decided to turn off commenting, until the moment a decision was made.
Looking under the cat, I'm sure you will appreciate its originality.
I was prevented from programming or searching for a new captcha by professional skill, namely LAZEN. As an excuse, I thought that it was somehow unremarkable to strain users to understand an incomprehensible beech-tsifernuyu heap of characters.
It was decided to turn to radical solutions. Namely, CLEARING THE CAPPA (if you think that way, life will become easier for three “characters” at once: my server, spam bots and users).
')
In exchange, a simple ban-system for IP + pre-moderation of comments was created. Everything seems to be fine, except for the fact that I was tired of banning bots (at that time, in the database, the number of blocked IPs was approximately 100). And then gritting his teeth, it became clear that something new was needed.
After watching the spam comments of day 2, I noticed that they (ie, spam bots) fill in all fields, even email, which is not mandatory. Guided by the famous quote ( make your faults your advantage ), it dawned on me.
Following the logic of layout, I added another input with the name phone and using JavaScript I make it hidden (you can also use CSS).
Not long had to wait to see that spam bots fill this field, with only numbers. Then in the place of adding comments we add a check, if the phone field is filled, then this is a bot, if not - a friendly user. A few days later I turned off the pre-moderation, although I left the ban system just in case.
Looking under the cat, I'm sure you will appreciate its originality.
Standing on your head
I was prevented from programming or searching for a new captcha by professional skill, namely LAZEN. As an excuse, I thought that it was somehow unremarkable to strain users to understand an incomprehensible beech-tsifernuyu heap of characters.
It was decided to turn to radical solutions. Namely, CLEARING THE CAPPA (if you think that way, life will become easier for three “characters” at once: my server, spam bots and users).
')
In exchange, a simple ban-system for IP + pre-moderation of comments was created. Everything seems to be fine, except for the fact that I was tired of banning bots (at that time, in the database, the number of blocked IPs was approximately 100). And then gritting his teeth, it became clear that something new was needed.
Observation is the key to success
After watching the spam comments of day 2, I noticed that they (ie, spam bots) fill in all fields, even email, which is not mandatory. Guided by the famous quote ( make your faults your advantage ), it dawned on me.
Following the logic of layout, I added another input with the name phone and using JavaScript I make it hidden (you can also use CSS).
Not long had to wait to see that spam bots fill this field, with only numbers. Then in the place of adding comments we add a check, if the phone field is filled, then this is a bot, if not - a friendly user. A few days later I turned off the pre-moderation, although I left the ban system just in case.
Source: https://habr.com/ru/post/127604/
All Articles