2009-09-15 11:09:55

There are few things more irritating than comment or contact form spam.

The general sense in the web development community is to add a CAPTCHA. This is great for things like a registration form, or anything requiring security, but for something as simple as spam in your comments and contact forms, there has to be a better way.

I did an experiment, I set up an unprotected contact form on a hidden part of humanbagel.com, and linked to it via the robots.txt. I then logged all the dynamics of over 1,000 spambots over six months.

A few things become clear: all have cookies enabled, all have JavaScript disabled, and all send a 'test' message to see if what they are dealing with, before sending a tailored spam message.

So, I developed a simple system to stop comment spam. Require JavaScript.

Granted, 3% of users have JavaScript disabled, I am sure they can re-enable it just for a moment, as they have to all the time to use the modern internet.

The way I do it, I have a blank 'Action' attribute, that gets filled by JavaScript. Something like

var action = 'comment.php';
document.getElementById('form').setAttribute('action',action);

While this is no solution for a registration page, or anything that requires security, it is a perfect, transparent truing test to prevent spammers from getting to your comments and contact forms.