October 12, 2003
Foiling comment spam
Several ideas come to mind when thinking of how to foil comment spammers.
One powerful idea is to use shared blacklists. The idea being as different sites learn the IP addresses of the spammers we share them. This would help block them across many different sites before they even get there.
To make this even more powerful I'm thinking about applying an old idea I've used for robots.txt. That's to put up some 'bait' pages and hidden forms. If hidden forms are put into comment pages it might be possible to capture the IP addresses of things that attempt to use them. As in, hide a form or two in your legitimate comment page. Have them point to another page that actually accepts postings. Then track the IP addresses of anything actually using the page.
The idea here is that nothing should be noticing, let alone using, those hidden pages. But if something spidering along happened to accidentally visit the pages you wouldn't be banning them unless they actually tried using them.
An added safeguard would be to put the URLs of the hidden form pages into your robots.txt file. No legitimate spider or bot should ever visit a page listed in robots.txt.
This way you'd really only end up catching addresses making deliberate attempts to abuse your site.
