rephrasing. honeypot field (i.e. hidden from users, needs to be empty, usually filled by bots) is the "simplier implementation". If users programming bots wants to tackle your site, they find the honeypot pretty easily and then code accordingly, so back to square 1.
Second one is js execution. This is effectively mitigating a lot (>90%) of attempts on the aforementioned site. I don't know why you state that js verification can be passed by bots... usually they don't want to waste cpu resources loading a full js environment (spidermonkey, phantomjs) just to crack your site (that's the other <10%) Next on the moderation: everything gets checked in as draft and then moderators check those messages and "publish them". Anthony's solution is the best "bang for the buck" one, but a management "console" has to be programmed anyway, and every bot that gets in needs to be removed anyway (as right now) Here we stop about "transparent to the users" solutions to the problem. Next step, we want to "annoy" users.....then requiring filling a captcha, replying to a question, require to register all make sense, but it kinda shifts the problem. captcha are passed right now, a small database of answers gets pounded easily if the bot's programmer is looking at your site (or, with wolphram alpha, he wants to enjoy natural language programming). Another step, pass everything through predefined filters, as stopforumspam. Surely won't get you killed, but can be heavy on a social app (thinking about slices that runs on pythonanywhere, don't know how much "juice" has got). Yet another step, pass everything to akismet (@alan beat me while I was writing the post). Doesn't work always and can ban for false positives. Sync use slows the comment form a lot, async one needs some machinery to work (again, checking in everything as draft, then submitting to akismet and pruning whatever returns "it's a spam message"). > >> -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
