Is django comment's honeypot really useful?
Joshua Partogi
I want to ask for your advice here regarding the honeypot field in
django comments. Is it really useful to prevent spam? Or should we add
another method for spam prevention and shouldn't really rely on this
honeypot. I currently been getting several spams on my site but I'm
not sure whether the spammer is a bot or a human though. If it is a
spam bot, it would be very interesting how a bot can recognize there's
a hidden honeypot field and by-pass it. Or would a spam bot be able to
recognize visible fields and fill in only those visible fields?
Anybody have any advise and experience with django comments spam
prevention?
Many thanks for your advise.
regards,
--
Certified Scrum Master
http://twitter.com/scrum8 | http://blog.scrum8.com | http://jobs.scrum8.com
Kenneth Gonsalves
> I want to ask for your advice here regarding the honeypot field in
> django comments. Is it really useful to prevent spam? Or should we add
> another method for spam prevention and shouldn't really rely on this
> honeypot. I currently been getting several spams on my site but I'm
> not sure whether the spammer is a bot or a human though. If it is a
> spam bot, it would be very interesting how a bot can recognize there's
> a hidden honeypot field and by-pass it. Or would a spam bot be able to
> recognize visible fields and fill in only those visible fields?
> Anybody have any advise and experience with django comments spam
> prevention?
the only time I used the honeypot I took tremendous flak from users who were
getting caught in it - and anyway that particular app required a login for
comments, so I safely removed it.
--
regards
kg
http://lawgon.livejournal.com
Michael
I have a site that seems to get crawled by bots quite frequently. I had a feedback form that didn't have a honeypot originally. I got about 3-4 pieces of spam a day. Turning on the honey pot, I only have gotten a few pieces of spam.
The honeypot isn't the most effective spam measure but it is an easy and cheap way to catch the type of spam bots that crawl looking for any input to place their ugliness. You don't need to ping a service like Askimet and the item doesn't need to hit the db.
IMO there is no reason not to have this in any form that you think might get spammed. It helps out, and it doesn't harm anything. I would still use another service for spam as well, but this is the most base check I can think of.
Hppe that helps,
Michael
Joshua Partogi
>
> I have a site that seems to get crawled by bots quite frequently. I had a
> feedback form that didn't have a honeypot originally. I got about 3-4 pieces
> of spam a day. Turning on the honey pot, I only have gotten a few pieces of
> spam.
>
> The honeypot isn't the most effective spam measure but it is an easy and
> cheap way to catch the type of spam bots that crawl looking for any input to
> place their ugliness. You don't need to ping a service like Askimet and the
> item doesn't need to hit the db.
>
> IMO there is no reason not to have this in any form that you think might get
> spammed. It helps out, and it doesn't harm anything. I would still use
> another service for spam as well, but this is the most base check I can
> think of.
Okay fair enough. I guess it really is useful to reduce the number of
spams, although you would still expect spams :-) I have implemented
captcha before, but I found it very inconvenient for the visitors and
as you said the operation is quite expensive. Do you have any other
recommendation of another spam preventer service? I haven't tried
akismet, it sounds really user-friendly compared to captcha.
Thanks heaps.
Eric Abrahamsen
you can adjust your signals so it won't check logged in users or
approved IPs or whatever. In a year or so of using it I've gotten only
one real comment marked as spam, and maybe three or four spams have
gotten through. Not bad.
Michael's point is good: having several layers of spam protection is a
great idea, and if you put the lightweight ones out front, you can
maximize protection while minimizing hits on databases or external
services.
E