Anti-Spam Techniques In PHP, Part 2
Other Methods Of Spam Prevention
We’ve had a look at CAPTCHA to prevent spam, but it’s not the only way. There are some other ways to help combat this, but be aware that this list is by no means exhaustive. In fact, it may be a hybrid of these methods that works best for you.
Manual Approval / Moderation
The way this works is that for every person who signs up (or for every comment that is posted, etc.), a trusted person (e.g. the site administrator), checks this new account (or comment) and manually validates it.
The biggest drawback with this method is that there’s a lot more work involved. It’s important to spend a bit more time in the development of the approval system in order to make your life easier down the track:
- Have a script in your administration section which lists all the items awaiting approval. Each item could have a Approve/Delete checkbox next to it which processes the items in bulk.
- Email each new item to you when it is submitted, with a single link for each item you can click to approve or delete the item
From an implementation point-of-view, all this really requires is a single extra field in your SQL table which indicates whether or not an item is approved or not. You may also want to track the date/time items were approved, but this depends on your requirements.
If you’re trying to protect your blog or Wiki from unwanted spam, you can use a text filter. This basically checks for “spammy” words and blocks the post if they are found. Wordpress has built-in functionality for this, and as such they have a nice list of common spam words that you can check for.
Just be aware that people may create posts that legitimately use these words – so make sure you know your topic.
Blog comment spam is useless unless it has links in it, since the spammers are aiming to improve their backlinks for Search Engine Optimization purposes. As such, you could also automatically approve posts that have no links in them, but put posts that have links in an approval queue (this is a hybrid of this method and the previous method).
The final method I’ll briefly cover is to use email validation. This is a similar idea to CAPTCHA but works somewhat differently. This method involves the user entering their email address with their comment submission or account registration. Then in order for the account to be approved, then must click a link that is sent to their email address. This ensures they are using a valid email address.
Note that this method is probably very easy for spammers to defeat with a bot, but at least they’ll need a working email address to do so. Just make sure you then make them validate their new email address if they ever want to change it.