Answer the question
In order to leave comments, you need to log in
Is it worth using an alternative to captcha when commenting by Anonymous - prohibiting the publication of comments containing http:// ?
Most captchas can be hacked, well, or massively bypassed with the help of "Chinese". Why not use this option?
Answer the question
In order to leave comments, you need to log in
It’s better to just set pre-moderation (and leave a cookie after the post, so that if the person is not a bot and his comment is approved, he will automatically pass moderation on this cookie)
Many people do this, and it works.
If you put a captcha, then any Hrumer will bypass it. If you really want to break off the bots, then change the name of the fields, for example, where to enter mail, put name="nameUser" there, and where the name is entered there - name="email". Of course, the bot will stumble on this for sure, and the users will not care.
You can also use hidden fields, for example name="url" and style="display:none;". If something is entered, then send it, if not, then everything is ok.
In addition to the above two methods, I also use a timer (well, an anonymous person cannot write a comment, enter a captcha and fill in the name field in one second).
I have not seen spam for two years in the comments from anonymous people.
Bots just shit with meaningless comments - no better. You understand that now they are not even interested in whether an active link has appeared or not? They stupidly shit everywhere and take in quantity.
I don't think it will work. what prevents a person from writing http://?
or just no prefix, just an address. For example habrahabr.ru
They are afraid of wolves - do not go into the forest.
What if you need links? For a photo, an article?
You should not overshadow the life of your own users with such prohibitions :) Yes, and it is better to choose a captcha that is convenient for a person.
Links should be made non-clickable. You won't be able to kill at all.
Instead of captcha (or together with it) - encryption of field names. This is already quite a "strong" protection against auto-spam. If we add to this a simple algorithm on the server that tracks and changes session identifiers, we get protection against brute force, etc.
All this has already been done in great abundance, and, as a rule, is available in frameworks.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question