What methods are available to automatically deal with spammers with PHP/MySQL

Question

I am currently creating a news ranking application wherein I have users connected to one another, and can post news items to a database. Users can vote on said news items within a rating of 10 - 1. 10 giving the item the highest possible vote and in turn this determines the ranking of future news items a user may see once logged in.

Currently my approach at dealing with spammers automatically, involves using a threshold whereby say the average rating of the total number of votes that a user has voted on falls below this threshold. Then the relationship between two users will be automatically deleted.

This approach is okay for individual relationships but, let's say a spammer can be identified very quickly by a number of users. How can I deal with this problem more effectively?

Answer 1

One thing that I see happening more and more is the honeypot method. Add some fields in your form and style them in such a way that they are not visible to the end user using css. Then in you code check if the field has a changed (default) value. If so, it is a bot (because humans cannot see and thus change the fields).

If you go this route, don't forget to change the tabstop of those fields. I always enter forms using tab button and it is annoying to tab to a field you cannot see. And even more annoying when I am recognized as a bot then too!

Also, a nice thing to do is saving the spam comment to the database and then showing it on your site, but only to the IP address that posted it. That way, the bot will (hopefully) think that it succeeded posting and move on.

Answer 2

You can protect your vote with using captcha (google ReCaptcha, for example), but it's ridiculous solution which used most of sites. If you like your users use services like uniqpin.com