Jim Westergren
About me, my projects, SEO, Web Development and Personal Development since 2005
"If we did all the things we are capable of, we would literally astound ourselves." - Thomas A. Edison

A new approach to block web spam

This article updated on the august 11, 2010.

Around half a year ago or so I had a unique idea (at least I had never heard or read about it before) on how to block web spam. It is very simple, yet very powerful.

Normally comment spam, false registrations and other such spam are being submitted by bots (evil programs or scripts) that send their spam to millions of web sites and blogs automatically. This is a major problem on the internet. Check out State of Web Spam written on the April 22nd, 2010 by Akismet.com.

My technique does not:

My technique:

The solution is so simple you could laugh on it - but yet I have never heard about it before despite all my reading on the subject.

The solution?

Check how long time it took from the page is loaded until the form is submitted. If less than 10 seconds (or whatver you choose) block with a message. :)

Example for WordPress

Open up the file comments.php in your theme and just before </form> add this:

<input type="hidden" name="time" value="<?php echo time(); ?>" />

Then open up /wp-comments-post.php in the root and on the top after <?php add:

$minimum_seconds = 10;
if (!isset($_POST['time']) or $_POST['time'] + $minimum_seconds > time()) {
	die("Error: blog post read, comment written and submitted in less than ".$minimum_seconds." seconds. This is meaning that you are either a spam bot or you didn't read the post and wrote a good comment before submitting it. <a href="javascript: history.go(-1)">Go back and try again if you are not a bot and have good intentions</a>.");
}

The above code should work on pretty much all PHP powered websites. Just add the hidden input value with the time and then the code on the page submitted to with POST.

111 days of testing (april 22 - august 11, 2010)

I added the above to this blog and deactivated both WP-SpamFree Anti-Spam (over 6K lines of PHP code) and Bad Behavior (insane logging into database) to see how it is going. I also added some small logging.

Now I am after 111 days I update this article with the test results.

Spam comments blocked: 10257 Spam not blocked: 547 Good comments: 245

The spam that was not blocked was mostly from bots and catched by Akismet and some was from humans that commented something stupid just to try to get a link.

That is 94,94% of the spam blocked with 5 lines of code. Not bad.

Caveats

Does not work with caching enabled. ;(


I am using this same technique (along with others) on the contact forms on my free website system N.nu. There are more than 1K 4K active websites and this is one of the techniques I use to block all messages from bots without compromising the user experience.

Let me know what you guys think.

22 Apr 2010

About the Author Jim Westergren Jim Westergren is a Swedish web entrepreneur currently living in Spain. He is happily married and has three lovely children. Some of his interests are web development, SEO and writing.
He is the Founder of DomainStats and N.nu. Read his .