|
| Javascript
methods
h
|
|
 |
|
 |
Javascript methods have the diatvdanasge of potentially preventing non-javascript users (like those running NoScript) from being able to post. OK, so you might only have one spam get through, but how many did you block and how many legitimate comments got stopped too?We monitor all the comments on our site with no captcha and no javascript validation, and the most successful prevention by far is a honeypot trap.It's simply a field with a common name (e.g. 'comments') whose only purpose is for spambots to fill out. It's labelled with "Do not fill out this field" and hidden with CSS, but to the spambot it's just another junk receptacle. Naturally any form submission with anything in this field is put aside to be manually checked.Potentially there are a couple of issues with this approach:1) Any 'autofill' browser functionality could trigger this trap, however we've found that autofill rarely applies to textareas and not to 'comments' fields.2) It's trivial for anyone specifically targetting your site to circumvent this measure. At that point you have to start thinking about CAPTCHAs and the like, but I can't imagine most sites on the internet are open to that level of attack.However, we've had zero false positives in our case, and provably no legitimate comments have been blocked
|
 |
|
 |
|
|
|
|
|
|
(VISITOR) AUTHOR'S NAME
Daiane
MESSAGE TIMESTAMP
19 december 2014, 23:54:18
AUTHOR'S IP LOGGED
190.39.73.90
|
|
|
|
