In August of last year (2016), I set this site up on my laptop and started using it to create static files for my online website. I started using a third-party comment system, Disqus, because I was too lazy to create custom comment routines. As soon as I started using my custom comment routines, the comment spam returned.
My website doesn’t use a database. Not the online version anyway. My custom comment routines start by e-mailing the comments to my e-mail account. I can easily discard any comments that look like spam. I’ve only had native comments enabled for a few days and the spam was increasing every day until an hour or so ago.
Locally, I have to leave off the “secure” at the end of the cookie code. I’m not using HTTPS locally. The script that generates the pages changes it.
I considered using one of Google’s recaptcha routines. I didn’t, obviously. I’m trying to move away from as many third-party services I can and this would be doing the exact opposite.