Guestbooks, as well as all public forms on the WWW, are constantly abused nowadays by spam bots trying to fill them with spam links. In the guestbook for my band, I had a ratio of 1/10 – about 9 spams for every valid post. Here are the spam filtering techniques I implemented that worked for me:
- First, a black list. I have an array with bad words (viagria, cialis, roulette, casino) which are common in spam posts and quite uncommon in valid guestbook entries. Every post is checked against the black list. The black list also contains a few URL:s that are often used by spammers (blogspot.com and hometown.aol.com) as well as the tag [url= which is probably BBcode.
- Link spamming. A quick check is made on the number of http:// links, if it’s above 5 – well, it’s most probably a spam!
- Cookie test. This is something I picked up on a mailing list a few weeks ago, and it works brilliantly. The idea is that spam bots aren’t valid browsers, they just look for forms and submit them. The trick is to set a cookie when the form is displayed, and then check for the existance of that cookie when the form is received, before it’s saved. If there’s no cookie – the post isn’t saved! This stops people with cookies disabled from entering posts, but it stops a LOT of spam.
BTW, here’s my entire black list as of today:
levitra,viagra,cialis,porn,roulette,casino,hometown.aol.com,blogspot.com,[url=