xikka

A collection of things I have made and things I find interesting.


Fake Comments

Sunday, 3rd February 2019 ◆ Unwanted maps returned (4)

Not long after I added a commenting system to my site, I felt oddly proud to discover I was getting spam comments. I made the commenting system from scratch, so I thought I would be safe, expecting that bots would specifically target blogspot or wordpress comment boxes (or other recognisable forms).

So, what feature of my comment system have the bots latched onto to realise it's for comments? On this page, I've embedded four comment forms (in addition to the real one), along with a counter on each to track how many times it's been submitted to. With luck, the bots will discover this page, try to submit to it and then we will be able to see which comment forms are the most popular.

I hope I continue getting spammed!

No. of submissions
NORMAL
A form which is as similar to my normal comment form as I could make it
2
WEIRD FIELD NAMES
As above, but the field names are "holmes" and "watson" instead of "name" and "comment"
0
WEIRD FIELD NAMES AND SUBMIT BUTTON
As above, but the submit button's text is "Nonsense text"
0
CAPTCHA WHICH DOES NOTHING
A normal form, but with a field called captcha (the captcha does absolutely nothing, though)
0

NORMAL



WEIRD FIELD NAMES



WEIRD FIELD NAMES AND SUBMIT BUTTON



CAPTCHA WHICH DOES NOTHING



What is 2+2?

I've also added a honeytrap to the real comment forms. This is a juicy extra field called "message", which I hope bots will be eager to fill in. However, the backend will reject any attempts to submit where the field is given a value. In a browser, the field is hidden so humans can't enter a value. Prior to this, I was getting about one spam comment every 10 minutes, but that's now been eliminated. I'm hoping I won't need to resort to more heavy-handed third-party approaches like reCaptcha...

Comments

There are no comments yet.