Closed nickswalker closed 4 years ago
I've added a basic countermeasure. Without out it, there were about 350 spam messages sent over a month. Need to check the server again in a bit and see if this technique has much impact. Next step would be Akismet.
Hmm. About 350 spam messages in October, then 200 in November, and only 80 in December. The spam all seems to be of a similar format (just spammy links, not even an attempt at gibberish text or anything). It is not possible to conclude that the invisible form field had any effect. It's possible that some botnet or crime takedown is temporarily reducing volume. It's also possible that it did significantly reduce the volume of spam, but there was simply an abnormally high amount of spam activity in October.
I came across some good heuristics here. I like the idea of using JS to populate a timestamp field on page load, then verifying that the submission of the form occurs at human speed (say, not faster than 3 seconds). I'll try that next.
Closed with d9f1c65120d16b8eaadd0135d65
Need to implement some type of hidden token field authorization.