The most common spam blocking technique for web forms used nowadays are captchas. I think this is the most effective way, too, as it is difficult to process and read the captcha images automatically and it is quite expensive in terms of CPU and memory resources.
There are a lot of alternative way out there, more or less brilliant, more or less useful. All of those anti spam measures I know not using captchas would not work if they would find a wide usage, as with a little bit more of spam bot intelligence they would be useless.
- Referrer check: A simple one, known to not work as this can be (and is actually) faked easily in automatic HTTP requests.
- Using a token as described here years ago using the user session is easy to break implementing sessions and cookies into the spam bot.
- A mathematical question: This is used in Flatpress’ accessible antispam plugin and there is an extension for Typo3 implementing this, too. It is not widely used in comparison to captchas and this might be the reason that it might work for some cases. It would be easy to break.
There is another way to achieve the same level of spam protection making it significantly more user friendly:
<form name="commentform"> <label for="intput_a">Name:</label><input name="intput_a" type="text"/> <label for="intput_b">Email:</label><input name="intput_b" type="text"/> <label for="intput_c">Web:</label><input name="intput_c" type="text"/> <label for="intput_d">Leave this field empty!</label><input name="intput_d" type="text"/> <label for="intput_e">Comment:</label><textarea name="intput_e"></textarea> </form>
Know what I mean? Why asking the user to put something and why not asking him to explicitly put nothing?
You could use CSS to hide the label and input which should be left empty so that a normal user won’t be bothered. You could even leave the label text out and hide the input with CSS if you assume that all user agents visiting your site support a basic kind of CSS.
Spam bots will try to fill something in this field and so you can recognize easily the spam entries. I use this method on a site with not so few traffic, so this is not just a gedankenexperiment, it works. Of course, it is not as solid as captchas, but faster, easier and more user friendly. And it is at least as good as the mathematical problem measure, if not better.
P.S.: Sorry that I still have the math question in my blog comment form. I did not write the Flatpress plugin implementing the empty field yet. But I will.
Update: I implemented the same principle in another new web site’s guestbook which started to get bombed by spammers and it works fantastically. No spam since then, and, looking at the log files, no real comments sorted out.
As I want to reduce my webhosting and server accounts, I need a kind of gallery software written in PHP for my photos to replace Gallery2. I don’t like Gallery2, and it is big, needs a lot of memory and is damn slow. I collected some requirements I have (no hierarchical storage but tag/keyword based, fast, PHP, themable, no MySQL required, SQLite or flat file based, searchable, …) and I did not find any PHP gallery out there matching those. (If you have an idea, please tell me!)
So I started to write a generic system (second try, I have some nice ideas but the implementation lacks of some concrete content, a nice overhead, little more at the moment) to built a gallery on top of. And, what I did, too, was looking for existing PHP frameworks which could help me. There is a huge list of usable MVC frameworks on Wikipedia.