Simon developed a variety of techniques for stopping blogspam and tried them out on some heavily spammed blogs, then tallied up which techniques stopped the most spam:
1. Renamed the page that handles form submissions to stymie any bots that just assume it's in the default location.
2. Preceded the form where you enter comments with two dummy forms – an empty one (for really stupid bots) followed by one that looks identical to the real one. Both these forms submit their info to the wrong page. They're hidden from real people using the magic of CSS.
3. Did the same thing after the form, in reverse order, in case any bots start at the bottom of the page and work their way up.
4. Added a hidden field to the form which gets sent along with the other stuff. When a comment's submitted, it checks that this field has been sent, and that it has the correct value. The value is based on the current date, so changes every day. To get this far, then, bots would have to parse the HTML to locate the correct form (and not be thrown off by the dummy forms surrounding it), and extract the names and values of all the fields. But – and here's the evil part – the value of the hidden field in the html is wrong. It's replaced by the correct value after the page has loaded by javascript…
(Thanks, Simon!)
