Jim Westergren
A blog about me, my projects, SEO, Web Development and Personal Development.
"If we did all the things we are capable of, we would literally astound ourselves." - Thomas A. Edison

A new approach to block web spam

This article updated on the august 11, 2010.

Around half a year ago or so I had a unique idea (at least I had never heard or read about it before) on how to block web spam. It is very simple, yet very powerful.

Normally comment spam, false registrations and other such spam are being submitted by bots (evil programs or scripts) that send their spam to millions of web sites and blogs automatically. This is a major problem on the internet. Check out State of Web Spam written on the April 22nd, 2010 by Akismet.com.

My technique does not:

My technique:

The solution is so simple you could laugh on it – but yet I have never heard about it before despite all my reading on the subject.

The solution?

Check how long time it took from the page is loaded until the form is submitted. If less than 10 seconds (or whatver you choose) block with a message. :)

Example for WordPress

Open up the file comments.php in your theme and just before </form> add this:

<input type="hidden" name="time" value="<?php echo time(); ?>" />

Then open up /wp-comments-post.php in the root and on the top after <?php add:

$minimum_seconds = 10;
if (!isset($_POST['time']) or $_POST['time'] + $minimum_seconds > time()) {
	die("Error: blog post read, comment written and submitted in less than ".$minimum_seconds." seconds. This is meaning that you are either a spam bot or you didn't read the post and wrote a good comment before submitting it. <a href=\"javascript: history.go(-1)\">Go back and try again if you are not a bot and have good intentions</a>.");
}

The above code should work on pretty much all PHP powered websites. Just add the hidden input value with the time and then the code on the page submitted to with POST.

111 days of testing (april 22 – august 11, 2010)

I added the above to this blog and deactivated both WP-SpamFree Anti-Spam (over 6K lines of PHP code) and Bad Behavior (insane logging into database) to see how it is going. I also added some small logging.

Now I am after 111 days I update this article with the test results.

Spam comments blocked: 10257
Spam not blocked: 547
Good comments: 245

The spam that was not blocked was mostly from bots and catched by Akismet and some was from humans that commented something stupid just to try to get a link.

That is 94,94% of the spam blocked with 5 lines of code. Not bad.

Caveats

Does not work with caching enabled. ;(


I am using this same technique (along with others) on the contact forms on my free website system N.nu. There are more than 1K 4K active websites and this is one of the techniques I use to block all messages from bots without compromising the user experience.

Let me know what you guys think.

Boomark This! Subscribe to the RSS feed
About the Author Jim Westergren Jim Westergren is a web entrepreneur from Sweden now living in Bolivia. He is happily married and has two lovely children. Some of his interests are web development, SEO and writing. He is the Founder and CTO of TodaysWeb and his current major project is N.nu. Read his . Follow Jim on Twitter or Google+.
  • Killjoy

    Not entirely unique, but a very good idea. I have been using this technique since 2001, but haven’t told anyone. Don’t tell anyone I’m doing so. Please destroy this message after you have read it.

  • http://www.jimwestergren.com/about-me-jim-westergren/ Jim Westergren

    Did it work well for you? How many seconds did you use and many percent spam did you stop?

  • http://ostnan.com Ostnan Mk

    A very good idea,My phone notification a lot messages on my mail.They all come from you.The original is because you are testing.
    I opened your n.nu on a website and my friends.
    Perhaps, you could easily find us, haha

  • http://www.jimwestergren.com/about-me-jim-westergren/ Jim Westergren

    Hi Ostnan,

    Sorry for those test comments – I had to test it :)

    Nice that you are trying out N.nu – I hope you like it.

  • Killjoy

    Jim: I used 15 sec min and 600 sec max. That stopped about 80% Then I later started to encrypt the time stamp I reached 100%

  • http://www.brusselsprout.net Kevin

    Hi Jim, just discovered you and your site, very interesting & inspiring.

    Yes it’s a simple idea. But – just as simple for the spammers to jump over. They just need to increase the time period before they send the spamm .

    Of course it’ll work though for a while, and I guess it’s worth it for that. The spammers are always trying to be one step ahead of us.

  • http://www.jimwestergren.com/about-me-jim-westergren/ Jim Westergren

    Killjoy,

    Jim: I used 15 sec min and 600 sec max. That stopped about 80% Then I later started to encrypt the time stamp I reached 100%

    How did you encrypt it? Feel welcome to e-mail me.

    Hi Kevin,

    Yes it’s a simple idea. But – just as simple for the spammers to jump over. They just need to increase the time period before they send the spamm.

    It’s not that easy …

    If a spammer sends a spam to 1 million blogs and has to wait 10 seconds for each one then it would take 115 days for 1 spam comment …

  • http://www.sokmotoroptimering.nu/ David

    Sorry to tell the “bad” news but this idea is not new. For example there are plugins for vBulletin that does this and xRumer probably beats it already too.

  • http://ostnan.com Ostnan Mk

    Hi,Jim
    I use the proxy to your Twitter.
    ShangHai World Expo yesterday, and you have plans to Shanghai?
    Your Motherland is Swedish right? I want to see your country venues.
    This is my N.NU’s Blog:www.ostnan.n.nu

  • http://www.jimwestergren.com/about-me-jim-westergren/ Jim Westergren

    Hi David,
    Thanks for that info – then I learned something new. I have been running the above code for a while now and it blocks around 90% of the spam which is quite good but not good enough. Later when I have the time I will make some adjustments.

    Hi Ostnan,
    Yes, I live in Sweden at the moment and sorry no I don’t have any plans on coming to Shanghai. Good luck with your N.nu site and just ask if you get any questions.

  • http://ostnan.com Ostnan Mk

    Hi!Jim
    What a pity! You don’t this plan.I think we have a dream around the world, although it isn‘t practical. But people still yearn.
    World Expo is a great platform, It helps me understand some of the country inaccessible.
    It is very attractive.
    If you have the opportunity I will go to Sweden, just let me fascinated by her name.
    If you plan to come to China, be sure to tell me, I think I would be a good guide.
    I have been here for a night, perhaps you there will be a sunny weather.Good night or good luck day?

  • http://www.phplinkdirectory.com David

    Yea, I’m seeing lots of innovation in this area. One idea I like also is having a separate url that is just for comments, keeping the main url completely free of external links. Calculated Risk Blog does this.

  • http://www.jimwestergren.com/about-me-jim-westergren/ Jim Westergren

    Is this David as in “dvduval” – Administrator of phpLD?
    Nice to hear from you – I have been using your script since 2005. Thanks for making it or help to make it.

    Yes, having it on another URL is one way – but ugly in my opinion.

    Smashingmagazine.com are using another approach – not displaying any author URL.

  • http://www.esoftload.info esoftload

    it’s new for me. thanx for sharing….

  • http://www.phplinkdirectory.com David

    Yes, that’s me. :)

    I also really like the Disqus addon. It not only helps protect from spam (I think everything is in javascript). It also makes it easy to track conversations across multiple blogs.

  • http://www.sem-service.com Gwendolyn

    Finally! An even handed and informative discourse on this interesting and diverse subject. Here’s hoping the author re-visits the issue with more information in the future

  • http://www.jimwestergren.com/about-me-jim-westergren/ Jim Westergren

    @David,

    Yes, I am actually seriously considering to implement Disqus on this blog. I am running it as a comment system for the websites on http://www.N.nu and it is great.

  • http://www.microwebnet.com/ Aleks

    Web spam is web evil. All people must fight with it.
    Not bad information. Great.

  • http://www.microwebnet.com/ Aleks

    It is very difficult to fight with spam. We can help on the site
    Web studio MicrowebNET

  • http://www.sem-service.com/ Gloria

    I’m re-thinking what I thought I knew before reading this. Thanks for a well written piece that breaks through the fog to present a clear picture on a fascinating subject.

  • http://how-to-create-websitefree.blogspot.com/ karan

    great info tutorial,super thanks a lot

  • http://www.approachnet.com florida web design

    Nicely done. I’ve had to integrate CAPTCHA’s in to my clients’ sites and it stops 100% of the spam.

  • http://www.rankingsolutions.com Jack harris

    Nice blog, Glad to see this!SEO Ranking Solutions is renowned as the leader in the scenario of search engine optimisation by providing excellent, cost effective services. SEO is a highly competitive marketing tool requiring intense focus and intact knowledge in the working of search engine algorithms and robots. Internet is used as the optimal device to search for diverse products and services. Millions of searches are performed to find out particular information.

  • http://how2program.com Learn Programming

    When you can stop spam with captcha but there are some tools which recognize then captcha and attacks you.

  • Oleg

    Hi Jim! Just discovered your method and i like it very much. I have some idea too. I use it with forms in my sites with user-generated content and it protects them well. I call it multilayered captcha, look for details here http://makebusiness.ru/idea/49 (russian lang., but there is working example+google translate will help). It also have some potential to extend..

  • http://buuzo.com MultiSearch

    Well my personal opinion is that no matter what we do, we cant totally stop it. There are various captcha verification software and session creating apps which can fail our checks.

  • http://www.smallchestfreezers.net Ira Mann

    Very interesting idea on how to block spam. Sometimes the easiest solutions are the simplest one (I think that is a quote from the movie “Contact”). Anyway, nice post as usual.

    Thanks

  • http://joygoround.com K Jones

    Hi, I clicked your blog link from phplinkdirectory signature. I really love this trick you have here. And it is easy to understand and should work on those autoposters. I friggen hate the world of spam. Are you signing up with that new project honeypot cloud thing?

  • http://www.sapiencebpo.com bpo projects

    Yes i appreciate your words,its really very great one this one very helpful blog for the business men.the i’ll absolutely get lot’s of information regarding seo process that how it works.

  • http://www.kingston.grab-discount.co.uk/ Kingston Upon Thames

    I amazed how Matt Cutts handle all the spam team of Google. Really its one of the main tough task to maintain all the spam. I appreciate your knowledge,its really very great one this one very helpful blog for the business men. Wonderful post, I really enjoyed reading it! The people you meet when you travel really are often the best part of it all!

  • http://www.webcreationuk.com/advancedseo.htm Bogdan

    Jim, this is an awesome idea, will definitely use it for some of my blogs!

  • http://www.jimwestergren.com/about-me-jim-westergren/ Jim Westergren

    I just updated this article with some stats.

  • http://www.shoping-store.com caily

    Web spam is really annoying which troubles me a lot.Thank you for the article I will test the sugestions you provide.

  • http://www.farauctions.com Free Online Auctions

    nice one JIM,. your probably a WP guru.

  • http://www.tirol.nl martin

    Good idea. My blog gets spammed all the time. Will try this solution. Thanks.

  • http://easypublicspeaking.co.uk/ Keith Davis

    Hi Jim
    I’ve just started using a new plugin by Andy Bailey of CommentLuv fame.

    No need to type in a captcha code, just click a box and if you don’t click the box a reminder comes up without navigating away from the page.

    I’ve deactivated Akismet and no longer have to check my spam for real comments.

    Take a look on my site and see what you think.

  • http://www.techkol.com Techkol

    Nice topic, but today many of human spreading spam for backlink…

  • http://www.mauirealestatesearch.com Alex Cortez

    So simple, yet so genius. Kudos, Jim.

  • http://www.northshoremauivacations.com Kaiholo Hale

    Great stuff, Jim. I had actually had stopped allowing comments due to spam, but perhaps it’s time I revisited that.

  • http://www.laptop-adapters.org/ halay

    Great stuff, Jim. I had actually had stopped allowing comments due to spam, but perhaps it’s time I revisited that.

  • Tonkin

    Hi Jim, I like your approach and use this on my site http://godona.com. Could you please share the logging code? I would like to implement it as well.

    BTW: I have your site on my blog roll. You are quite brilliant.

  • http://www.jimwestergren.com/about-me-jim-westergren/ Jim Westergren

    Thanks Tonkin.

    I made a file called spam-log.txt in the root and made it writeable by PHP using CHMOD 777 and then I simply used the following:

    $minimum_seconds = 10;
    if (!isset($_POST['time']) or $_POST['time'] + $minimum_seconds > time()) {
    	$fh = fopen("spam-log.txt", a);
    	fwrite($fh, "1");
    	fclose($fh);
    	die("Error: blog post read, comment written and submitted in less than ".$minimum_seconds." seconds. This is meaning that you are either a spam bot or you didn't read the post and wrote a good comment before submitting it. <a href=\"javascript: history.go(-1)\" rel="nofollow">Go back and try again if you are not a bot and have good intentions</a>.");
    }

    Then I just counted how many 1′s there was in that file.

  • Brian

    Hi Jim,

    Thanks for showing this to me. Unfortunately, I am having trouble implementing it. I would to put on a quote form to test it out. My php skills are practically zero. I just wondering the steps it takes to make this work.

  • http://www.personligassistent.nu/ Tord

    Hello, I will try the program and get back with my results as an tribute to this thread. If its working well I have som idea on acually how to make money on it.

  • http://www.assistansersattning.com/ Assistansersättning

    As for Brian, I have the same problem. Will try it again. Get back to you if it dosen´t work. Best John

  • http://www.assistansbolag.info/ Assistansbolag

    I have had much problem will spam and will try your instructions for my wordpress. If its working I will backlink you!

  • http://www.admain.co.uk/internet_marketing_scams.html Advertising scams

    Nice trick. :) A lot of people I know hate completing certain types of datacaptcher codes, which I can understand as some of the newer ones are really difficult to read and you end up refreshing the images several times until you get one you can read.

  • http://www.goldschmidt.co.za AndrewG

    Hi there,

    I notice that there are quite a number of awesome posts listed above in the comments – clearly from bots. So, just how well is the system working on your blog?

    ;-)

  • http://websitedesignmiami.net/ Jennifer

    Very nice trics.I will surely use this technique for my blog.

  • http://my.opera.com/ShadD8/about/ phen 375 ltd

    I simply couldn’t depart your web site before suggesting that I extremely enjoyed the standard information an individual provide to your visitors? Is going to be back frequently to inspect new posts

Previous post in category:

Next post in category:

Design, text and custom cache solution by myself.

Page generated in
0.00401 sec