What's the most elegant way to prevent comment spam?

Question

I'm getting a fair bot of comment spam. What's the most elegant way to prevent that from happening? (I'd prefer not to use CAPTCHA unless I have to, because personally I hate filling those in and I feel they're poor UX.)

Answer 1

If you have spam comment this may be because you allow unhautenticated anonymous users to post comments.

If so:

1/ Disallow comment for unhautenticated anonymous users. But you probably don't want to do that.

2/ If this is not the case and if the bots are not black bots that pretend themselves to be Mozilla or whatever, an elegant way would be to only tweak the .htaccess file http://en.linuxreviews.org/HOWTO_stop_automated_spam-bots_using_.htaccess

3/ There are other advanced methods, but you'd have to dig into the code, some suggestions there

http://stackoverflow.com/questions/1577918/blocking-comment-spam-without-using-captcha

http://webmasters.stackexchange.com/questions/22624/prevent-spam-using-honey-pots

...

Edit:

Just thought about a more elegant approach of the "honey pot" principle which would be - if  your server environment allows it - to have a Web Application Firewall, namelly Mod Security, to handle the false submission (honey pot), instead of putting the load on Q2A for this.

This way you would have very minimal core code hack to do.

More on this here (not tested by myself, but no reason it shouldn't work nicelly)

https://grepular.com/Blocking_Comment_Spam_Using_ModSecurity_and_Hidden_Fields

Comments

Great ideas. Last time I tried mod_security, it slowed down my apache server massively, but I'm willing to give it another shot. Have you had any experience with the Akismet plugin for Q2A? http://qcybb.com/question2answer-akismet-plugin/

---

Thanks.
No I am not using Akismet.
In any case, my personnal preference is to lock posting to anonymous user and use recaptcha for resgistration process.