问题
Currently
- I am using captcha image
- I created text field and hide it using javascript. i want its value to be empty on server side, because bots are supposed to fill all the fields on the form. if value isn't empty it it does not process comment.
- I also use timestamps to check how long it took while submitting the comment. I supposed if the comment was submitted within 15 seconds, it comes from bot so i also stop processing the comment.
But still I couldn't control bots to submit my comments form. Please help what should I do now?
回答1:
Add a hidden field with a misleading id / name
<input type="hidden" id="Username" name="Username" value=""/>
If a bot comes along and fills out your form, they are likely to fill in the hidden field, which users should not be able to, so just disallow the submission if the hidden field has data.
回答2:
Why not implement Akismet and let them handle it for you? They have a well documented API, and thousands of people rely on it for spam prevention on Wordpress blogs. I haven't seen a spam comment in probably 3 years now using Akismet on my wife's blog.
回答3:
Lyuben Todorov has suggested a good solution to prevent BOT spammers. But if you still have spam and probably its human spam, then use Akismet anti spam system.
回答4:
- Use no-follow for all links in comments. This will not prevent the spam, but it will remove much of the incentive for spamming. ( see here how it works )
- Require user authentication to be able to comment.
- Use non-descriptive form elements ( don't name the div "comment").
回答5:
Try to create unique captcha to stop any standard bots (but if someone wants to get exactly you spammed it wouldn't work).
Another approach is to add verification by phone number.
来源:https://stackoverflow.com/questions/13158611/how-to-stop-bots-and-spams-from-submitting-comments