I got a problem at my blog. I got visits from kind bots who leave "nice" comments to my blog posts :(
I'm wondering if there is a smarter way to keep them out, besides using the captcha modules. My problem with the captcha modules is that I thinks they are anoying to the user :(
I don't know if it's any help to anyone but my site is in asp.net mvc beta.
Have you thought about using this?
http://akismet.com/
From their FAQ
When a new comment, trackback, or pingback comes to your blog it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down.
It's a really easy to use system, which I highly recommend.
I've had good luck with Honeypots and Hashes.
By making it difficult for robots to post successfully, you can let users post without registration, captchas, or false positives from akismet.
Have a CAPTCHA that is really simple. Perhaps make it always "orange"? I don't think anyone's done that before.
Akismet is definitely the #1 method I know of for limiting spam comments. Also nice to offload that to a 3rd party (at a reasonable price).. that way if client complains, just 'shift the blame'
Another option is to incorporate something like mod_security's spammer signature file. They have a list of keywords you can scan a comment for and place the message to be moderated if you got a match. Though if you had a message board that actually discussed topics that contain these keywords, you'll need a lot of moderators. :-)
Also may want to consider scanning IP's and matching them against SpamHaus or DCShield's block lists. We recently started this approach and it has done wonders.
Things that don't work: requiring registration, simple captcha's, user agent... these can be automated or defeated with cheap labor.
I think you have several options...
Require registration to post comments - but thats more annoying than captcha, so probably not the best idea
Examine the user-agent of the poster (see here) for something that looks genuine or exclude those which look suspect
Use a nice Captcha. As annoying as they are, used properly they aren't that bad. It took me 7 attempts to sign up for a gmail the other day because i just couldnt read what it said. A nice captcha though isnt that bad really, kept it short and READABLE
If the spam you are receiving is link-heavy you could assume any comment that contains >= 2 links is a spam comment and not post it to the blog unless the blog author approves them. This is what most comment-spam plugins do. I'm currently working on a blog software and I adopted this solution in the interim until I can integrate akismet fully.
I made spam into someone else's problem by using Disqus to run my blog's comments. There has been no spam since switching, Disqus keeps on top of it.
A few answers advised Akismet but I disagree and consider dynamic captcha approach the best one
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 在下西门庆 的文章《What is the best method to keep bots from spamming》','https://www.manongdao.com/article-574898.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}