How to keep spammers off your web site

How to keep spammers off your web site

A good friend has just been made to look a complete pratt on Facebook.  His fault?  Not at all.  He was the innocent victim of spammers.  This is what happened…

Like many of us, he’s linked up Facebook, Twitter and his web site blog so that a post on any one of them automatically replicated itself on the other two.  Very good practice social networking.

The only problem was spammers had got into the midst of the action and done a great job promoting their Viagra across his social networking streams and web site.

The volume of spam is increasing exponentially

In the last quarter the volume of spam on web sites has increased dramatically.  I’ve seen a comment form on a blog get over 2,500 posts promoting all sorts of things you really don’t want to be associated with.  And it happened overnight.

Don’t be fooled into thinking this is something that only happens to somebody else's web site.  It isn’t.  It’ll happen to you unless you take positive steps to stop it.

What can you do about it?

All the major web site content management systems – Drupal, Joomla and Wordpress – have good security add-ons.  Make sure you’re using them.

Any form on a web site is a target.  Login boxes, comment forms, enquiry forms, shopping carts – they’re all fair game for spammers.

The best solution is to use a Captcha on every form.  A Captcha?  Here’s how Wikipedia define a Captcha:

A CAPTCHA or Captcha is a type of challenge-response test used in computing to ensure that the response is not generated by a computer.

The process usually involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade.

Because other computers are unable to solve the CAPTCHA, any user entering a correct solution is presumed to be human.

Thus, it is sometimes described as a reverse Turing test, because it is administered by a machine and targeted to a human, in contrast to the standard Turing test that is typically administered by a human and targeted to a machine.
A common type of CAPTCHA requires that the user type letters or digits from a distorted image that appears on the screen.

In our experience the strongest and best of the Captchas is the Google owned reCaptcha.  There are easy ways to integrate reCaptcha into most web sites, so no excuses to put this job off until tomorrow.

What else can you do?

Wherever possible, make all actions on your web site subject to Administrator approval.  Two areas stand out for immediate action.  These are:

  • Two step login/register web site processes are pretty standard these days.  The two steps being somebody tries to register, but their registration is subject to approval by an administrator before going live.
  • Blog commenting should also be subject to administrator approval.

Sure this means you have a daily task of clearing out all the phoney registrations and comments from your web site, but that’s preferable to suddenly finding your business web site has been hijacked and is selling Viagra, prostitution and worse.

Can we help you?

  • All this sounds worrying and you’d like to understand it better?
  • Haven’t had a problem yet but you’d like to take preventative action?
  • Are you being spammed and you’d like it stopped?
  • Has your website become a victim?

If any of these apply, give us a ring on +357 99 860725 or contact us.

Resources