A little JavaScript to stop the spaming of your blog comments and forms
We all love spiders when they are used for good like the indexing of our sites for Google. However, spiders can be the demise of any open form element when being overwhelmed with automated spam. My recent post on “Hacking Blogger” provided a method for creating custom comments, with one minor flaw! I needed a method for controlling the devastating amount of “spam” generated from automated messages getting through my comment forms. I found the answer with a little creativity and a little JavaScript.
With the changes happening over at Blogger, it was possible to customize the comment form process, but not the “word verification” process (the standard tool used to distinguish computers/spiders from humans) – the preferred method for solving this issue. So, I came up with a little creative solution for those of us without the luxury of that option. I simply utilized some of the “worst-practices” I remembered from my SEO days; using JavaScript to display content.
document.write(
‘</dd>’+
‘</dl>’+
‘<div class=”buttons”><input type=”submit” name=”post” value=”Post” accesskey=”p” /></div>’+
‘</form>’
);
An example of the submit code I include within an external JS file as apart of my comment forms within this blog to prevent spaming.
Any SEO novice will tell you, never place valuable content within a JavaScript file; spiders can’t read (crawl) them. What, wow, perfect! A solution arises out of a problem; simply place content you don’t want spiders to see within a JS file. It is so simple it is embarrassing – it is just reversing the logic that has been drilled into my head since SEO 101. Not knowing (or caring) much about how spiders function with respect to what they actually use to publish in an automated form, I took a stab in the dark and assumed placing my “submit” element within a JS file would do the trick – hiding the one function required to post.
A month later with absolutely no spam in sight, I can confidently say the solution is working! I should preface, the solution is working for now. As JavaScript becomes overwhelmingly more popular, I am sure the day that spiders can begin crawling our JS files is right around the corner; be on the look out.
- October 19th, 2006
- 20comments
- I am a proud member of the 9rules network
That’s ingenious, much easier than trying to get a captcha or plugin to work.
Thanks for the tip! I think it’s a great idea, and I reccomended it to my readers.
captcha!! Damn, I was sitting here trying to remember that term for like 15 minutes! I hope it works for you!
That is “Completely Automated Public Turing test to tell Computers and Humans Apart”.
How do people who have JavaScript disabled or are not using a JavaScript capable browser post comments?
inhalant abuse Unfortunately, I don’t have a nice degrading option for this JavaScript “hack”. I would recommend placing a nice message within a “noscript” tag. I am running this on “my little blog” and am making the assumption that “my” audience will have JavaScript running and on capable browsers.
Just so that I am clear, this is only an option for those without the resources to do it the “right way”. If you are running a major site or working with a major client, please search out a better solution (you shouldn’t be using Blogger either!).
Anyone with a suggestion on a nice way to degrade this, please share!!
Take a look at the Bad Behavior & Akismet plugins for WordPress & Drupal.
Akismet is working very nicely on my WordPress blog - I haven’t seen it miss a comment spam in several months.
I’m using Bad Behavior at one of my Drupal sites & I find that it can even be too aggressive, so I had to disable some of its tests. It analyzes the HTTP request & based on the headers, user-agent, etc. it will deny requests from spambots.
Some spiders CAN crawl JS now, at least the better ones.
And people without JS (admittedly, a small minority) are hosed.
Personally, I don’t like CAPTCHAs either.
My preferred method is to have a simple text question everybody on the site should be able to answer, like “What is one of the two words that make up this site’s name”
I like to make the person preview their comment first. If they have Javascript enabled I’ll use an AJAX-y approach for the preview and if not they’ll have to suffer through a page reload but it makes things a lot tougher for spiders to deal with.
I’m fairly certain that the number of people running without javascript is a much smaller concern than it is perceived to be.
Thought this was funny … anyone looking for this solution in Spanish can read up at Un pequeño javascript, ¿para salvarnos del SPAM?
its is a great method, but i’m worried. what about users that do not have JavaScript enabled? do you use a noscript tag and place an input button in that, and if so, would that still allow a spam bot to automate message posting? or do you just do away with your audience that does not have JS enabled?
Check about eight or seven comments up — asked and answered. Best of luck!
How do I get the code to work? I don’t know where to put the code.
ICE, do you know how SSI, server-side-includes work? Also, do you get the general idea of how “document.write” works?
If you don’t mind, do a quick google search on those and once you feel comfortable with them simply treat your new JS file like an SSI. Essentially, take the code on the page and cut it out and place it into a JS file (within document.write) and replace that code you just cut with a reference to your new JS file.
Basically, document.write works like an SSI would, it is writing that sinpit of code back onto the page — just using JavaScript to do it.
You can view source on this or any of my posts to see eactly what I am doing.
Very cool idea. I would use this if it didnt force people to run java to just post a comment. Plus, as previously mentioned here. . . Akismet is a great plugin that rarely misses anything.
Brant, if I am reading your comment right, it seems are you worried about having the user run “Java” — this fix uses a little JavaScript (which it different than Java). Javascript is becoming more and more common place. I decided it was worth the trade-off, so far no one has come to my site with JavaScript disabled, yet.
Great summary — appreciate the comment. I agree about booking vacations, definitely a pain on the internet, would much rather talk to someone on the phone.
My only issue with that is most people will continue to re-post their comment — thinking something is wrong or that the comment didn’t go through. Most people also want instant gratification, they want to see what they wrote and how it is presented right after they write it.
Right, but that’s what I mean, it is going to take most real people at least one or two seconds to type their message, as long as it is more than just “…,” or “you’re right,” etc. If it is an automated spamming program (or bot), it will be attempting to insert their comment instantly with no delay.
xmebfjpcq emfcag hrnyato kzuntvq iperwvohm hjtrq pwtyqfbg