0

I am currently creating a news ranking application wherein I have users connected to one another, and can post news items to a database. Users can vote on said news items within a rating of 10 - 1. 10 giving the item the highest possible vote and in turn this determines the ranking of future news items a user may see once logged in.

Currently my approach at dealing with spammers automatically, involves using a threshold whereby say the average rating of the total number of votes that a user has voted on falls below this threshold. Then the relationship between two users will be automatically deleted.

This approach is okay for individual relationships but, let's say a spammer can be identified very quickly by a number of users. How can I deal with this problem more effectively?

Pixulated
  • 33
  • 1
  • 7
  • I have edited my post, if there is anything that is unclear please do tell me and I will explain in further detail. – Pixulated Feb 27 '14 at 14:11

2 Answers2

3

One thing that I see happening more and more is the honeypot method. Add some fields in your form and style them in such a way that they are not visible to the end user using css. Then in you code check if the field has a changed (default) value. If so, it is a bot (because humans cannot see and thus change the fields).

If you go this route, don't forget to change the tabstop of those fields. I always enter forms using tab button and it is annoying to tab to a field you cannot see. And even more annoying when I am recognized as a bot then too!

Also, a nice thing to do is saving the spam comment to the database and then showing it on your site, but only to the IP address that posted it. That way, the bot will (hopefully) think that it succeeded posting and move on.

Veda
  • 2,025
  • 1
  • 18
  • 34
  • actually, this is the best solution to use against spam-bots – Xatenev Feb 27 '14 at 14:20
  • Yes, I quite like the idea of this method and I would like to thank you for suggesting it, as actually I was unaware of this method prior to your post. I would like to ask you though, so you think I should do this for both user registration and for the form which allows the user to post the url? You think protecting both forms is a good idea or just the former or latter? – Pixulated Feb 27 '14 at 15:16
  • I think doing this to both forms is a good idea. Although if the "user post url" page is only usable with an account, it is (hopefully) not needed. In that case I would put priority to the registration form. – Veda Feb 28 '14 at 07:31
1

You can protect your vote with using captcha (google ReCaptcha, for example), but it's ridiculous solution which used most of sites. If you like your users use services like uniqpin.com

Toorion
  • 11
  • 2
  • Sorry I should have mentioned this, I'd rather not go down that route if I am totally honest. – Pixulated Feb 27 '14 at 14:05
  • 1
    Plz don't use uniqpin.com. I, as a non native English reader have a hard time solving it. I have to use google translate to know what picture to click. – Veda Feb 27 '14 at 14:14
  • Yes, If your site for non English users, you should use another solution, but if you want to protect your content from but english then it's preferred solution... – Toorion Feb 27 '14 at 14:17
  • That site smells anyway. No contact information, hidden whois information. – Jens Erat Feb 28 '14 at 08:53
  • My opinion - for free service it's not a problem. Problem is - lost time for filter spam or for push user fill annoying captcha.. – Toorion Feb 28 '14 at 13:40