[wp-hackers] Simple comment spam experiment

[Shelly at WordPress]

Otto -

I was wondering how effective it is if people have javascript turned off 
when they visit?

I dunno.

Anyway, to your question - I'm one of those people who *HATE* captchas. 
  But someone taught me a trick for my own forms (I generally write my 
own contact forms) so that I could prevent the automation (like you're 
talking about) but allow "real" people through.  I've never tried it 
with my comments though.

Basically, the thing is, when spammers "automate" - they basically fill 
in every input field available.  They don't check to see what the fields 
are, they just stick stuff in.  They do this for hidden fields, as well. 
  So I've taken that to my advantage, and put in a hidden field labeled 
"Surprise".  The script then checks to see if any input is placed in 
that hidden field.  If not, then it's allowed to go through.  If content 
*is* placed in that field, then it stops it dead in its tracks. (For the 
record, I even have an "accessible" notice - so if people are using 
screen readers, they get a message telling them NOT to put in anything 
in the field.)

It's worked pretty well.  I still get occasional attempts, but I've 
managed to filter the whole [url] thing and http:// thing to prevent it.

I don't know if that helps any, but I always thought it would be a nice 
idea to put something like that in the comments script - it's pretty 
simple.  I just haven't had the time to try it out.

~Shelly