The field called Username is actually a hidden unused field that users can't type anything into. The actual username field has an obscure name.

As spam software will probably be scouring the HTML for fields it will sometimes come across the username field and automatically fill it in. This means when the form is submitted with this username field containing any value we can reject the registration. Actual users wont be filling this input box with any values!

This method is also very effective, blocking a few registrations a day. There are other ways of doing honeypots - they all rely on the fact that the spam bot isn't smart enough to realise the actual username field is a different one, or that the field is hidden. To work those things out is actually pretty darned difficult so I don't imagine there are many spam bots out there that do this.

Following up Spammers

On occasion I have visited some URLs spammers have posted before deleting them. I contact the site support/owners and ask them why they are spamming our website.

Most of the time they are oblivious to it. Some of the time they feign ignorance. The ones who are oblivious to it after a bit more questioning appear to have hired 'SEO Experts' to help improve their website rankings. These 'experts' then start up their various pieces of spam software and sit back often charging the site owners a lot of money for that service.

The SEO industry is full of spammers and ignorance. There are GOOD and HONEST SEO people out there, but they are rare and to find them you need to know what you are looking for in the first place which is a skill in itself. When buying SEO, always understand exactly what you are buying. If you're hiring in the dark, you're probably helping to support the spam industry.

Other times the site owners just tell me to get over it and remove the links if it bothers me. This is frustrating for webmasters as it's really not empathising with how much time folk like us have to spend daily cleaning up other people's spam! It can be laborious and frustrating. It's also an important job, a clean forum and website leaves a good impact on new visitors.

Awesome Moderators and Users

A small amount of manual work is still necessary to clean up the small amount of spam that slips through. Also, some spam is posted by actual hired people rather than automatic software, and it's never going to be easy to automatically prevent that kind of "manual" spam. Fortunately, since it's expensive to do this, the volume of manual spam is small. We're also lucky on this site to have an excellent group of moderators and users! The moderators spend time helping us deal with any spam that does get through and for that we are very grateful!

The same applies for our users who report spam when it gets through - a big thank you as well! All of this allows us to promptly clean up whenever something gets through.

The Problem with CAPTCHAS

CAPTCHAS are those boxes on websites that verify you're a human being by asking you to type in some words you see, or answering a question to verify your probably a human.

Uhhhhhh.....

The above image is of course an exception usually but it illustrates the point well. Sometimes they go wrong, and the assumption your users can actually complete them reliably can be costly. They take time to fill out and can be annoying. All these factors will lose you signups.

Not only this, but some websites I've visited and attempted to register on get you stuck in an endless washing machine of re-entering information. You squint and carefully enter the CAPTCHA. It's wrong! You re-enter it correctly and resubmit. You need to enter your password again! You enter your password again. Please re enter the CAPTCHA code! No! I can't be bothered anymore! Using a CAPTCHA on your website has to be executed very carefully as common implementations like this will lose you a lot of registrations.

General accessibility is another important point in regards to CAPTCHAS that has been debated heavily. It's really best not to have them if possible. Also, some of them are so reliably solved by software that they provide no protection at all! This sometimes makes them a good way to frustrate all your users for no advantage at all.

Final Words

With the simple honeypot and renamed entry point pages we get one or two spammers a day now. This is easily manageable with manual anti-spam and worth the efforts of prevention. These days it's also a much more effective prevention than a CAPTCHA.

A lot of spam prevention on a website is staying ahead of the pack. Most people can't be bothered/don't know how to implement some spam prevention techniques. This means for a site that does, the spammers will generally move on to the easier and juicier targets. Cleaning up any spam that makes it through promptly is one way of staying ahead of the pack.

Some spammers are paid humans, or even backed by CAPTCHA human farms in poorer countries. For this kind of spam there really is not way to block it easily. The only thing we can do is discourage the behaviour by making it not cost effective. The way to do that is by cleaning the spam as soon as it appears!