If you have ever run a blog, forum, or any other interactive site on the internet, then you probably already know about the great spam problem that there is. Not only do spammers bug us over e-mail, but also on interactive forms – where they post false topics, comments or replies, where the sole intent is to spread a website, or get google to rank a website higher in it’s search engine.
Stopping automatic registrations is easy enough. You can use CAPTCHA to make sure a remote user is a human. Also, confirming that an e-mail address is valid will pretty much ensure that you only have humans registering on your site.
But what about that person who is sitting at their computer, registering on your site, and submitted spam in an input area? Not only is it hard to detect when a person is spamming or not even if you are manually policing your site, imagine how a server would try to determine this.
The only sure-fire way I have found of keeping manual spammers out of your forum is a 3 step process.
- Use CAPTCHA to ensure remote user is human
- Confirm E-mail Address before allowing posting of comments/topics
- Refuse to post links of users under a certain amount of posts
This way, spammers would need to invest quite a lot of time on a forum if they wish to spam it. The general idea is that if a spammer needs to spend too much time working at a location, they will move on to another site. Some administrators also think that adding a NOFOLLOW tag to links of all users who do not have a certain amount of posts helps as well. However, this still allows the posting of nefarious links.
An alternative to the “no link rule” is using a service to check all posted links, and see if they match the links that spammers have been reported as using. This system is used by wordpress in Akismet very successfully. However, in this case you need to rely on a 3rd party system to filter spam messages. Other blogs rely on plugins to perform these same tasks.
Does anyone have other methods they like to use to defuse spammers?