Spam Prevention
Spam Prevention
By Paul
04/13/04 (Edited 02/08/14)
At Admin Panel -> Settings -> General -> "Spam Prevention", you have an option to select a spam prevention method. If you select "no protection" then spammers will be able to employ automated tools which fill out all the HTML forms on your site to send spam to you (and potentially to your submitters, if emailing of submitters/members is enabled). This is not recommended as you'll be inundated quickly.
To prevent spam, the most common method is the CAPTCHA image. When an unregistered guest makes their submission -- such as a article submission, member registration, reporting of a article, or emailing of a article -- they will be asked to copy the letters shown in the image. If they do not copy correctly, their submission will not be accepted. Most spam bots will be unable to read the image and so their submissions will be rejected. This method has a couple of drawbacks, though. Since it's visual, blind users employing screen readers will be unable to fill out forms. Also, because CAPTCHAs are so popular, spam bots are becoming increasingly good at reading them. Note: only unregistered guests will have to solve the CAPTCHA -- it will not appear for members, since they've already solved one in order to register.
The other option is to use invisible field bait to trick the spam bots into exposing themselves so they can be blocked. When this is enabled, an extra field is placed in every form which is invisible to humans using modern web browsers (the field is hidden with CSS). If the spam bot tries to fill out that field, the submission will be rejected. The advantage of this method is that it doesn't delay legitimate people at all. The disadvantage is that as it becomes more popular spambots are being built which take CSS into account and bypass this protection.
The recommended option is to enable both CAPTCHA and invisible field bait for maximum protection. This should cut down your spam rate by 95% or more. If you still have too much spam, you may need to IP ban persistent spammers or block their domain names.
By Paul
04/13/04 (Edited 02/08/14)
To prevent spam, the most common method is the CAPTCHA image. When an unregistered guest makes their submission -- such as a article submission, member registration, reporting of a article, or emailing of a article -- they will be asked to copy the letters shown in the image. If they do not copy correctly, their submission will not be accepted. Most spam bots will be unable to read the image and so their submissions will be rejected. This method has a couple of drawbacks, though. Since it's visual, blind users employing screen readers will be unable to fill out forms. Also, because CAPTCHAs are so popular, spam bots are becoming increasingly good at reading them. Note: only unregistered guests will have to solve the CAPTCHA -- it will not appear for members, since they've already solved one in order to register.
The other option is to use invisible field bait to trick the spam bots into exposing themselves so they can be blocked. When this is enabled, an extra field is placed in every form which is invisible to humans using modern web browsers (the field is hidden with CSS). If the spam bot tries to fill out that field, the submission will be rejected. The advantage of this method is that it doesn't delay legitimate people at all. The disadvantage is that as it becomes more popular spambots are being built which take CSS into account and bypass this protection.
The recommended option is to enable both CAPTCHA and invisible field bait for maximum protection. This should cut down your spam rate by 95% or more. If you still have too much spam, you may need to IP ban persistent spammers or block their domain names.
Description | Prevent automated submissions. |
Rating | |
Views | 1901 views. Averaging 0 views per day. |