I have officially declared war on guestbook spammers. It seems that every schmuck on the internet wants to use the guestbook on my band's website for free advertising. Fortunately, I coded the guestbook myself, so it is completely within my power to do something about them. A few months ago, I set up a simple but effective system for blocking spam.

The system is simple: There's a box on the sign guestbook page where you need to enter the name of the band (which doesn't appear on the page anywhere, even in the code). If you don't enter it correctly, it won't allow you to sign the guestbook. As of November 16, 2006 (when I started logging the attempts to sign the guestbook), there have been 1315 spam attempts, and not a single one has gotten through. Also, not one legit post has been blocked.

On the admin page I set up for the website (it allows other band members to post news and show dates, etc, without knowing any html), I can view the log of all attempts to sign the guestbook sorted by ip address. I noticed that some ip addresses appear over and over again.

A view of the log:

http://www.blake-foster.com/gblog.jpg

My latest weapon against the spammers has been to set up IP address blocking. Now when I look through the log and find an IP address that's been using up our bandwidth by attempting to spam our guestbook, I can block the IP address, and the spammers are blocked from even bringing up the sign guestbook form.

I just thought I would share my victory against spam, since we all hate spammers around here.

Congratulations, Blake.

Funny you brought this up, because this is exactly what I have been spending my time on these days.

Though the battle has been going on for months now, I have only recently stepped up the defences.

I use a different method than what you do simply because I have SO many rogue bots fetching pages all over the place as well. My guess is that they are scrapers, gathering snippets of information (content) for their useless web pages on which they can then place contextual ads.

Really, it's sad...

A sample report http://www.gidnetwork.com/images/user/1-6-bot-wars.gif

Clicking on the numbers shows me the details of what they fetched.

Clicking on the IP Address adds the address to a BLOCK list.

Clicking on the "blocks today" link just shows me who was blocked today, and if I need to, I can then unblock the IP.

That's a good system the way you list each IP address, and then the number of blocks. My list is getting so long I may implement that myself.

I bet you could block a considerable amount of spam on the forums by requiring a minimum number of posts before a user can post a URL.

EDIT: In fact, once a user has the required number of posts, they could apply for permission to post URL's. A moderator would then review the users posts before permission would be granted. Ultimately, I think this would be less work for the moderators, because they wouldn't be deleting spam constantly.

Do you think we have a spam problem? Relatively speaking, I believe we have very little spam.

The few (real) spammers that we get, are quickly banned. The automated kind, well, they haven't been a problem since a few months now. They still register, but that's as far as they get.

Links posted by new members (Level I) are already disabled. Everything is automated, so we (the Team) don't manage who gets to do what. As long as the member gains REP points, he gets to the next Level and enjoys more privileges.

About the IP blocking thingy...

Like I said, I decided a long time ago to put something in place to prevent abuse by rogue bots. This includes (fortunately) all the scripts they have these day that are completely automated for abuse. From registering to forums and posting spam messages, to ones that target Guestbooks. Even something as useful as a "Contact Us" form is not spared!

Since I have more than one web site, I wrote this script to:

1. Identify and track suspected bot activity by IP address.
2. Once I review the report, I place them in a "block" list.

That's all it does... not too complicated.

How did I write the script to identify rogue bots? Well, I'd rather not discuss that in a public forum, but if you're interested, I can share the algorithm with you via email.

Well, you would know better than I whether we have a spam problem. I just assumed that the mods were doing a good job of deleting it.

I would love to see that script if you don't mind. I'll PM you with my email address.

PM is disabled for me

You can send me a note to admin at desilva dot biz.

Ok, I sent you an email.

do you know any articles or case studies where they say how to fight against spammers in gustbooks? I guess that this is a real problem and one should have already write some complete tutorial

There's not much you can do unless you write your own guestbook, like I did.