RT Cunningham

Stop Automated Comment Spam on a Static Website

If you think WordPress and other CMS-driven websites get all the comment spam, think again. This website, a static website, was getting comment spam on the same day I added the contact and comment forms.

In August of last year (2016), I set this site up on my laptop and started using it to create static files for my online website. I started using a third-party comment system, Disqus, because I was too lazy to create custom comment routines. As soon as I started using my custom comment routines, the comment spam returned.

Trying to Ignore the Automated Comment Spam

My website doesn’t use a database. Not the online version anyway. My custom comment routines start by e-mailing the comments to my e-mail account. I can easily discard any comments that look like spam. I’ve only had native comments enabled for a few days and the spam was increasing every day until an hour or so ago.

That’s when I added the JavaScript cookie method to stop it. I don’t want to eyeball every spam message that comes in. Even if I have all the time in the world, I have better ways to use it.

Stopping the Automated Comment Spam

To stop the automated comment spam, I’m using the same methods I used when I wrote about stopping automated comment spam with WordPress. A little different, of course, because I don’t use WordPress functions to hook the JavaScript code to the forms.

Locally, I have to leave off the “secure” at the end of the cookie code. I’m not using HTTPS locally. The script that generates the pages changes it.

I considered using one of Google’s recaptcha routines. I didn’t, obviously. I’m trying to move away from as many third-party services I can and this would be doing the exact opposite.

Is this the Best Way to Defeat Automated Comment Spam?

Maybe. Maybe not. Setting the JavaScript cookie doesn’t interfere with the page display. It only interferes with anyone trying to comment without JavaScript being enabled.

It’s rare for humans to disable JavaScript. Not rare at all for spam bots to do the same. Humans who disable JavaScript are extremely unlikely to leave comments anywhere.


September 20, 2017
Web Development

You May Also Like: