Spam: 4 métodos para combatê-lo

Spam: 4 methods to combat it

If you own a website, you know this: spam is a real nightmare. Gone are the days when only large websites were targeted with spam related to their services or products in an attempt to attract their customers. Nowadays, spambots indiscriminately attack any website, regardless of its size, reach or content. There is (…)

Métodos para combater spam

If you own a website, you know this: spam is a real nightmare. Gone are the days when only large websites were targeted with spam related to their services or products in an attempt to attract their customers. Nowadays, spambots indiscriminately attack any website, regardless of its size, reach or content. There are abundant countermeasures and security techniques to stop spam, but they all present one question to website owners: “ How much of my user experience am I willing to sacrifice to combat spam?”
As anti-spam measures advance and evolve, so do spam methods, resulting in a never-ending race between the two. You can easily bulletproof your website by combining different methods, but this will destroy the user experience by making navigation and interaction on your website difficult, distracting or time-consuming. This affects your key metrics and conversion rate.
This means your anti-spam solutions must be carefully designed based on the ideal balance between UX and spam eradication. It's often best to have a team of experts set up and maintain your defenses. This list shows some of the spam management solutions we offer our customers.

CSFR Protection

One of the basic options, Cross-Site Request Forgery is a common security issue on any website that exposes you to threats other than spam. Protecting yourself against this allows you to stay safe and prevent a large percentage of automated spam. The main way to do this is to store a unique ID in the PHP session for a user. The ID is then placed as a hidden form field when that user receives a form submission. Then your server checks that the ID in the session copy matches the one in the form. This ensures that the form was actually loaded to retrieve the correct hidden field value.

The pot of honey

This interestingly named spam prevention technique involves luring a bot into a sort of “code trap” that will reveal it as a spambot. You do this by including a separate field in your HTML form that simulates a real field and hides it with CSS. This way, a human will not be able to see the field or fill it in, but most likely a script will fill it in, as it is programmed to fill in all possible fields, which will give it away.
There are some side aspects with this technique, however. Some advanced bots can detect lines like “display: none” and recognize the trap. Other complications involve real users filling in the hidden field, which can happen if someone has an outdated browser or one with CSS turned off; Although extremely rare, these users would likely fill in the field, leading you to the error of labeling them as bots.

Session Tokens

Through the use of cookies, you can set session tokens each time a customer visits your website. Since most bots don't set cookies, or just reach forms directly, the token would be a sort of “entry ticket” that only humans can retrieve and use to fill out your forms. There is, as always, a catch: users who directly enter the form link or add it to their favorites will not generate a token and will not be able to submit the form. This is yet another reason to monitor your audience and choose the method according to their behavior and the type of forms you present.

IP address filter

A very efficient way of mitigating spam that does not pose any risks to your users is to collect IP addresses to generate a filter. If you receive many submissions from the same IP address, you can dismiss them as spambot. The downside to this method is that it will only block spambots after they have been sent a few times, which makes it a great feature against strong spikes in activity, but not against casual or ongoing spam. Again, it all comes down to the type of activity you receive.

A spam-proof website

Anti-spam solutions and techniques come in many forms; These are just some of the ones our engineers recommend most. Each technique has its weaknesses and disadvantages, so having a specialized team studying your case and applying a combination of solutions is the ideal scenario. There is no magic solution against spam. We treat spam like any other cybersecurity issue and encourage you to do the same. This is the best way to be fully armed in the fight against spam.

Source: BairesDev

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.