Spam comments on websites and through website forms affect the search rankings of the website. That is because search engine crawlers identify websites receiving spam as equally spammy and of poor quality.
In many cases, some commenters use spam comments to link back to their sites by leaving a link on your website. Spammers sometimes do not have to do it – they sometimes buy spam comments in bulk which are sent out by a service using bots. It is a shoddy way of promoting their website.
Other reasons for spamming websites include diverting traffic to a given website with malicious intentions. They can also be used to send the wrong traffic to your website. Spammers also directly promote their businesses using spam messages and form submissions. Website spammy submissions and messages are also used by hackers to exploit website weaknesses before advancing malicious attacks. For instance, they can exploit form codes by injecting browsers with malicious code on the user side and end up accessing the server.
How to Stop Spams Without Captcha
1. Require Registration
Requiring users to register before submitting a form is very effective in controlling spam submissions. The user is required to give a genuine email, which can be counterchecked to ensure it is real and that it works. Further, some websites will require the user to confirm signup from a link sent via the same email. This happens to be a very effective way of controlling bots. It not only slows them from submitting many queries but also blocks them totally because they cannot sign up.
2. Using a Test Question
Test questions are effective options for captchas. They work like captchas in that the user must fill in a correct answer to a question before accessing the desired page. The questions can be customized by adjusting settings on the plugin. You can adjust the number and difficulty of questions as wished. The submissions that do not give a correct answer will not go through. Spammy bots are unable to jump these test questions or provide wrong answers which means the form does not go through.
3. Implement a Web Application Firewall
Web Application Firewalls prevent XSS attacks and SQL injections. These injections involve adding malicious code to users’ browsers and launching them. It can be done to replace website content and submission forms with the original content. Hence those using this fake website will submit data to thieves who can also steal data and cookies. SQL injections can also bypass authentication mechanisms and access the database. Hence they can read and launch files from the database and server operating system. This can become a very serious attack on a website.
4. Embedding Additional Authentication Data
Other forms of attack include sending a Cross-Site Request Forgery to a user’s browser to launch actions the user has not authorized. It will damage the user’s browser. Embedding additional authentication data to the submission form allows the web application to detect those submissions that are unauthorized by the user. For instance, you can require sending Double Submit Cookies. In this case, a random value is the same in the HTTP request, and a cookie is sent. The server confirms that the two are equal before allowing a CSRF attempt. You can also require the server to compare tokens in the incoming requests to those in the cookies. This tactic is known as using anti-forgery tokens. You can also add additional authentication for sensitive actions just in case a user forgets to log out on a public computer.
5. Adding Unseen Fields or Honey Pots
An anti-spam honeypot solution involves adding an extra form field that the bots can detect but which humans won’t. It should not add any extra steps to the signup process. You will know it is a spam bot when this field is filled out. It will in most cases comprise wrong answers if it is a question.
This can be done easily by adding CSS and Javascript to third-party plugins to the submission form.
6. Not Allowing Form Submissions and Comments
This is the easiest method of stopping spams and spammers. Many web owners are convinced that removing comment sections and form submission is effective due to the boom in social media sites. Due to the boom, not many people comment on blogs and articles these days. A company can also easily substitute form and comment submission with social media pages on which users can respond to company issues that concern them.
Removing web form submissions stops anyone from leaving links by removing comment and form widgets and plugins and sections on the websites. It, however, limits genuine people from responding to genuine issues.
7. Time Analysis
In this case, you estimate the time it takes to fill out a form. The time will depend on the amount and nature of entries. Ideally, humans will take more time to fill those forms than bots. If the form is filled instantly, the time analysis barrier will prevent the form from being submitted. When implementing a time cut, take into consideration human-based auto-completion. This is the feature that allows automatic recognition and filling of the form fields without typing the details again into the form. However, the filling will still not be automatic.
8. Manual Moderation
This involves subjecting all the forms and comments to manual moderation before they can be published or allowed. For very busy websites, manual moderation can be a tedious way of controlling comment submission on a website. A person must be hired to read, accept, or remove the comments once posted.
9. Moderation Plugins
Moderation plugins automatically moderate a website by checking all the comments and forms to remove spammy ones and leave those appearing genuine. These plugins employ coded rules to recognize spam commenters and bots. For instance, they can use keywords to filter and remove comments.
10. Banning IP Addresses
Banning IP addresses can be done manually on many content management platforms such as WordPress. You simply list the IPs you want to block. However, it will turn out tedious for very busy websites. Thus people use plugins that help to burn the IP addresses.
Many web owners prevent spammy content and submissions by disabling forms for certain locations. Simply identify those areas with a high risk for spams and block them.
11. Limiting IP Signups and Submissions
This option allows you to block every IP that is signed up. You can also block email addresses immediately they are used to sign up, to prevent them from signing up again. This may not be an effective way of managing the Contact Us forms.
In conclusion, moderation and blocking IP addresses can be effective in stopping basic spam form submissions, but using web application firewalls, embedding additional authentication data, and can help rid of advanced attacks on websites.