5 June 2020

Spam protection for sites

If the site provides the possibility of commenting by users or, for example, the site has a guest book, then sooner or later the question arises of reliable protection of the site from spam, because every day more and more spam attacks are sprinkled on the site. How is spam protection implemented in modern “site building”?

For dishonest SEO-optimizers (the so-called “black” optimizers), the presence of a comment form or guest book on any site is a great chance to publish a spam link to your resource and thereby attract the attention of search engines. Often, such links are of extremely low quality: they do not correspond to the subject of the site, and can also lead to pages with substandard content. This harms the reputation of the site.

The first thing you need to do to protect your site from spam is to properly set up commenting forms or forms for adding entries to guestbooks. So, for example, it is necessary to check (programmatically) that all required fields of the form are filled in, that the sender’s e-mail address is valid (i.e., the corresponding rules for creating e-mail addresses). This, incidentally, is important for the overall security of the site.

If there are not many comments on the site, then you can manually protect the site from spam. To do this, usually before publication, all comments are moderated – checked by the administrator for spam links. This method works until there are no more comments on the site: hundreds and thousands of comments per day are difficult to process manually. Hence the need for automated protection of the site from spam. What methods can do this?

The most common automated spam protection method for sites is the so-called captcha (CAPTCHA). CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is the name of a special test that distinguishes computers from people. A real person can easily solve the problem proposed in the test, but the computer will not cope with it. Most often, captcha looks like a picture with slightly distorted letters or numbers. For people with low vision there is a sound captcha.

Among all captchas, captchas such as reCAPTCHA, YaCAPTCHA, CheckBot, etc. are widely known and used. ReCAPTCHA is considered the most reliable test for recognizing a person and a computer, but it is difficult to pass it correctly even for real people, so it often causes user dissatisfaction. Other captchas are less complex, but their degree of protection is slightly lower.

Installing captcha on commenting forms and guestbooks can significantly reduce the risk of receiving spam comments and spam posts. But this is not the only way to protect the site from spam. Also for this purpose anti-spam methods are used that allow you to “catch” automatic spam comments by checking for certain keywords in the text, filtering by the REFERER parameter, checking for the form filling time, etc. For common content management systems (CMS ) there are ready-made anti-spam plugins.

The easiest and most affordable way to protect against spam on the site is the lack of a “link” or “website” field in the comment forms or in guest books. If you can’t leave a link in a comment or guestbook entry, then the site is simply not interesting to spammers. However, in this case, conscientious users are deprived of the opportunity to leave “normal” links that correspond to the subject of the issue under discussion in the comments, and therefore the decision on the need for fields for links in the comment forms is taken by the site owners at their own discretion.