Spam Blocking Technologies – A Quick Glance

May 22, 2009   //   by Hackadelic   //   Featured, WordPress  //  7 Comments
This entry is part of a series, The Spam Chronicles»

Die MadeIn the last couple of months, the amount of spam I’ve been receiving increased to an extent that it became impossible to manually check the spam queue. A logical step was to install a spam blocker that would block spam from being submitted in the first place.

My short research revealed there are two styles of spam blocking methods: Those which require extra user input (ex. captcha’s and quiz questions), and those which don’t (of which I only new about the first one before). I hesitated to increase the “entry barrier” to posting comments here by introducing a captcha or a “quiz”, so I decided to go for the second type.

Of those who don’t require user input, there are three sub-types:

Some are “JavaScript-oriented” in that they rely on the assumption that spam-bots don’t “have JavaScript turned on”, while “98% of the normal users do”. As I have a lot understanding for turning JavaScript off, I knew I wouldn’t like these.

Others modify the internal names of the HTML input fields in the hope that spam-bots would not find them. This probably works out well regarding spam, but there are apparently plugins which rely on those internal names and consequently collide with the blocker.

Others yet – and these are my current faves – rely on hidden fields with predefined (though often randomly permuted), expected values, that spam-bots would fill blindly with wrong values. This strategy works out well with generic spam-bots, but may fail with targeted spam-bots (which specifically address WordPress sites), as they could just fill in exactly those fields, that the user would. Luckily, targeted spam-bots are a minority, so these spam blockers are likely to do a fairly good job nonetheless.

You can find a long list of anti-spam solutions at wordpress.org. At first sight, I found “Invisible Defender” and “NoSpamX” the most attractive solutions. Finally I selected “Invisible Defender” because it was the leanest solution – only 4 kB of code.1 I’ll see how it works. I know already it won’t eliminate all spam. But I’d be happy already if it would shrink my spam queue to a size that I can overlook well again.

I’m interested to read about you experience with spam blockers. What software do you use? How well does it perform?

In the mean time, if you think your comment has been blocked accidentally, just drop me a note.

  1. If in doubt, always select the smaller, leaner solution – it is the least likely to have bugs, and the easiest to understand and extend by yourself. (Or by a friend of yours if you can’t code. What else is open source good for, right?) []

7 Comments

  • I just started my website in WordPress and I believe applying spam blocking technologies is a must. I have friends that recommend me Akismet others AntispamBee. Wich is better?

  • i wanna ask can one use akismet and invisible defender on blogger or is it dedicated only for wordpress.?

    • AFAIK they are WP only

  • I have also faced spam problem , sometime upto 20 a day.
    I install “wpspam free” but it did some false positive for some genuine comments, later i installed a comment system called disqus spam is 0, u may also try this.

  • See also the AntispamBee plugin for WordPress: http://antispambee.com

  • So Akismet wasn’t cutting it for you anymore? My site gets maybe ten spams per day, and I’ve only ever had one or two false positives. Also, does Invisible Defender work in conjunction with Akismet or have you deactivated Akismet?

    Alan

    • Alan, Akismet is a spam filter, while Invisible Defender is a spam blocker. They complement each other. Akismet puts comments it considers spam into the spam queue, it doesn’t block them. Yes, I do use them both.

      Whether you need a spam blocker or not depends on how you deal with potential false positives. If you are not willing to sacrifice them and just blindly purge your spam queue, you’d have to go through it and check every comment. This option starts to suck when your spam queue is several pages long.

      A spam blocker will block (most of the) incoming spam from ever being put into the spam queue, but it will never block real comments. False negatives will still pass through to your queue, but it will be just a couple of them, and checking those is a lot easier.

Blog Categories

I have come here to chew bubblegum and kick ass...
and I'm all out of bubblegum.
-- Nada in They Live