A Simple Method for Blocking spam messages in a blog.

A Simple Method for Blocking spam messages in a blog.

Spam is commonly known as Spam, which is the Spam advertisement that is everywhere in the message box. I believe most people have seen it. In the past, when using WordPress, the anti-Spam plug-ins were installed to shield the vast majority of Spam. However, since the migration from WordPress to the new blog platform last month, several Spam have been launched on the first day, all of which are foreign advertising advertisements. Blog visits are very small. If a few Spam entries are sent every day, it will be a waste of time to manually delete the entries, and it is also a small system written by myself, there is no plug-in available. You can only find a solution.

Many websites add verification codes to solve this problem, Because Spam is difficult to identify the correct verification code from the picture, but for normal message recipients, there is one more step out of thin air, so what other method can be used to block these Spam?

After careful analysis, the normal message should be submitted by humans to our server through a browser, and Spam is usually used by a fixed program to scan the Comment Form on the Internet and forge the data in the form, then, judge the form action and POST the data to this action. That is to say, the Spam sender has not normally accessed our form page through a browser. That is to say, the JavaScript on the page has not been executed. To understand this feature, the problem will be solved.

First, we can put a hidden text box in the form, which is invisible to normal users:

<div style="margin:0;padding:0;display:inline">  <input id="checkspam" name="checkspam" type="hidden" value="Hello Ruby" /></div>

Then write a short JavaScript code to change the value of the text box:

jQuery(document).ready(function($) {  $("#checkspam").val('abcdefg');});

For Spam senders, this section of JavaScript is not executed, so the next thing to do is to judge the value of this hidden text box on the server side. If it is not the value changed by JavaScript, therefore, this message is undoubtedly Spam (excluding normal users' browsers that Disable JavaScript ).

The following uses the Ruby on Rails application as an example:

if params[:checkspam] == "abcdefg" @comment.saveelse # It's a spam...end

In fact, this hidden text box serves the same purpose as the verification code, but the verification code is automatically entered by JavaScript.

This method has been used for more than January years, and no Spam has occurred yet.