Wala lang… just so I can get to use naman this category once in a while.
The guestbook script I use both here and in http://www.bukaspalad.com has always been subject to spam commenters ever since I put them up. I usually do a general clean up once week to erase those unwelcome entries. Of course I don’t get to do that all the time so there are days that the guestbooks are flooded with irritating spam entries. A guestbook entry is set to email me – and daily, I see more or less 10 entries that are purely spam on the average.
So a couple of days ago, I took the time and searched the web for an updated version of the script, in the hopes that there has been some spam protection integrated in the new build… no go.
But I was able to find a modified version of the script by someone who put a simple passcode provision to avoid spambots. I’m happy to say that I haven’t received any spam since then.
It isn’t one of those randomly generated image-based anti-spam filters… nor is it like the bayesian blacklisting plugin I use on my blog… so it’s just a matter of time before some spam will get through.
Though the logic behind its effectiveness is that most spambots have an algorithm they follow depending on what “interface” they’re trying to automate – in this case, it’s the PHP Advanced Guestbook script. Even if the spam filter isn’t hard at all (as you will notice I even practically spelled out what you have to type in for your comment to go through), it still is deviating from the interface routine that the bots are probably programmed to follow.
So normally, if spam does get through it means that it’s ether manually typed in, or that a fairly complex bot has figured out the routine. In both cases, I foresee these instances to be rare – so doing a manual cleanup wouldn’t be a hassle at all.
If a lot of bots happen to read the new code (passkey) and use it increasingly, then I’ll simply change the code. If a lot of bots then start parsing that line above the passcode field (where I explicitly put in the passcode), I can easily turn it to a question.
Whatever the outcome, it makes my life easier so I’m not complaining.
What I’d like to see implemented though is a way to detect actual keyboard pressing. Cuz all we really want is human input at the end of the day. I can live with some spam if I know someone took the time and typed it manually into the system. So if theres a way that sites could just detect if the vaules/data being passed to the server were from actual keystrokes from actual keyboards, and not just automated processes, then you can do away with the passcodes etc. entirely! Just check the entry field themselves and see if it was done by hand or not. Unfortunately, I’m not so sure if that’s doable – it would’ve been done already if it was possible.