Rock Solid Anti-Spam JavaScript

[FirstGateDreamer]

I've tried Akismet. Not for me. I don't even want to bother having to delete hundreds of spam comments per week. I found this which was somehow originated by Brandon Stone of Photoblogs.org.

This is the simplest solution I've seen yet. It doesn't change the appearance of your site whatsoever. It's super simple and I haven't received a single spam message yet. Others can testify that they haven't had ANY for 2 years plus!

What this code does is hide the url which your comments are being submitted to via JavaScript. The only drawback is that users need to have JavaScript enabled. To me this is hardly a problem compared to SPAM. I've seen others use a message that shows up if you don't have JavaScript enabled. I just mention it in the comment box.

I've done this using my alteration of the simple template. You might need to modify accordingly. I can't remember how much I modified my form if at all.

All you have to do is replace the underscores in the FORM ACTION with a different charachter (I used the exclamation point) like so...

Replace this:

Code:

<form method='post' action='index.php?x=save_comment' name='commentform' accept-charset='UTF-8'>

With this:

Code:

<form method='post' action='index.php?x=save!comment' name='commentform' accept-charset='UTF-8'>

Then insert the following code AFTER your comments form.

Code:

<script type="text/javascript">
   trueAction = "index.php?x=save!comment";
   trueAction = trueAction.replace(/!/g, "_");
   document.forms.commentform.action = trueAction;
</script>

Notice that the last line needs to correspond with the NAME of your form (mine was "commentform")

And VOILA! Done.
All you have to do is get over your SPAM-Rage with a nice cold beer!


AKISMET users NOTE: This did not seem compatible with Akismet, but don't worry...just forget Akismet and turn it off.

[Dennis+]

Hmm interesting... The token stuff implemented in 1.6 will stop these events to. Human spammers still get through.

[Dkozikowski+]

This is an interesting idea! I have not tested it but by looking at the code it seems like it may work.

For 1.5 users this is a good way to help prevent spam but as dennis pointed out, 1.6 already has a similar implementation using tokens.

[blinking8s+]

it's been posted on the forum before, it works well for wiki's and several other things. some pixelpost users said it didnt work, i dont know if anyone really adopted it and tested it out...

brandon uses a lot of clever tricks, looking at his source code can teach you a lot (well, it taught me a lot)

[se.nsuo.us]

Quote:

Originally Posted by schonhose

Hmm interesting... The token stuff implemented in 1.6 will stop these events to. Human spammers still get through.

And interestingly I am seeing more and more of those.... The bottomline is no *single* anti-spam solution is going to work, combinations are working much better.

[FirstGateDreamer]

I have yet to receive any Human Spam. In that case I can easily set comments to be moderated. And no doubt the humans controlling these damn robots will find a way around this solution. I'll stick with this until the next full de-bugged version of PP is ready. Now if I can only get my email spam filter to work as good. But then where would I find a good Rolex Replica?

[groovyf]

Implemented this 2 hours ago. Already had 2 spam comments :/

I used a "]" instead of "!"

[FirstGateDreamer]

Quote:

Originally Posted by groovyf

Implemented this 2 hours ago. Already had 2 spam comments :/

I used a "]" instead of "!"

Make sure you replace EVERY instance of 'index.php?x=save_comment'. Are you using the Akismet Add-on? If so, they don't seem perfectly compatible, just turn it off. Also make sure your comment FORM is named 'commentform'.

Either you missed something or you're getting 'human-spam' as schonhose mentioned might get through.

Send me your code via PM and I'll take a look if you like.

[GeoS+]

It is good to use much more complicated values to replace then only ! mark. Many bots can have implemented solution for such simple replacement but with nonstandard it should have a real and quite big problem.
I.e. add to string which is replaced some letters then some special marks and some more letters like:

Code:

<script type="text/javascript">
   trueAction = "index.php?x=saves%p@m!ercomment";
   trueAction = trueAction.replace(/s%p@m!er/g, "_");
   document.forms.commentform.action = trueAction;
</script>

PS Above example code isnt tested!!

[thukai]

I've just tried this method, but it doesn't work for me. At the moment I've forgot the i in index in the script that turns the url back to normal. That means that you can't post comments trough the from, but I still get SPAM.

Any tips and tricks?