Protecting your blog or contact form

Introduction

Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media.

There are blogging engines/CMS’s out there that have built-in functionality to prevent or certainly reduce the amount of spam being pushed on to a site via comments/trackbacks or from a contact form. If your not using software that prevents these invasions then there are free components out there you should be able to integrate very easily or you can implement some simple methods.

Standard Methods

Captcha

 

A CAPTCHA is a type of challenge-response test used in computing to determine whether the user is human. “CAPTCHA” is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”.

Captcha is widely used and works by displaying a picture that has a random mixture of numbers and letters(noisy text) that the end user has to enter into a textbox. The value of the Captcha is usually encrypted and stored either in a hidden field, in session or in a cookie. If the decrypted value doesn’t equal what the textbox contains no post is made.

CaptchaImage

There have been talks reading accessibility issues introduced with this type of control of which a more indepth document can be found over at w3 : http://www.w3.org/TR/turingtest/.

More information:

Encrypt the Session ID, compare and compute.

With this method you grab the session id encrypt it and then either store it as a hidden field on your page or you attach the encrypted session id to the action of the form.

A more indepth article can be found on Mark Voss’s blog.

Tricking a bot with css

This involves creating a couple of input screens and hiding them with css. A normal user wouldn’t fill these fields in as they’re not visible, a bot on the other hand would fill them in. A more in depth article about this can be found over at position-relative.

Ready made Components

I am only planning to cover the 3 components as there are alot of projects out there all with a common goal, to get rid of spam. In the links below there are lists and lists of these projects that cover most technologies. The 3 I am covering are:

  • Akismet API
  • Subkismet project
  • Ajax Tool Kit

Akismet API

In order to use Akismet you need to sign up for a free non-commercial key with wordpress. Akismet is a collaborative effort to rid comment and trackback spam.

Many people have ported it to use with with different systems. A list of libraries can be be found : http://akismet.com/development/

Subkismet project

The Subkismet project is based on code initially developed for subtext and is more than just an Akismet client for .NET. This library contains components that are necessary for any web application that requires user input.

Ajax Tool Kit

The Ajax Control Tool kit that Microsoft released contains a NoBot control. This control employes a few different anti-bot techniques:

  1. Javascript Calculation verified in the postback.
  2. Configurable delay between postbacks.
  3. Limited amount of requests from a specific Ip address

Further Reading and References.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.