Web 2.0

Yawasp Ultimate Anti-Spam Solution

Spam fighting is a difficult job. Many spammers are too smart for Akismet and I was spending too much time cleaning comment spam.

Captcha-based anti-spam methods are ok but they hurt too much the usability and user experience.

Then I finally found Yawasp WordPress plugin that implements an innovative anti-spam method. It makes the comment form field names to be dynamic and to always change so spambots will have a harder time to know what field is what.

Additionally, it creates a hidden field also with a random cryptic name that must be sent empty. Smarter spambots (but not smart enough) usually send it filled because they can’t see the difference between this honeypot field to a real one.

This methods ensure a full shield against spammers without hurting usability. I simply stopped receiving spam since Sunday when I installed it. And Yawasp is reporting this about the 48 hours it is running in my blog:

Yawasp has blocked 888 birdbrained Spambots since its last activation.
♦ 856 Spambots send the default author and/or comment field.
♦ 32 Spambots send the hidden field, but filled it out.

The only drawback of Yawasp is that my WordPress theme PHP code had to be changed to activate Yawasp dynamic filed names hook. But I can deal with that. And Yawasp may also try to change your theme automatically so you don’t have to worry about that.

I recommend Yawasp to any WordPress blog owner.

3 comments to Yawasp Ultimate Anti-Spam Solution

  • I recommend WP-Spamfree, a WordPress plugin to eliminate comment spam. You install it like all other plugins and it just works. No fuss, no muss. It’s been great for me.

    I use your mapping plugin. I’m looking to extend it to include a connection to a database. Do you have anything like that planned for its future?

    john

  • Avi

    Victor, yes.

    One step at a time. When spammers will get smarter so we’ll do.

    For now, I can say Yawasp eliminated 100% of everyday spam I was getting.

  • Victor Bogado

    I liked the idea, but I see a few shorcommings

    * The problem, at least with this “theme”, is that even though the name field is randomized so must be the id. The spammer can know what to fill by the id or even the label (label for=’….’).

    * The hidden field is easy to discover by a css analisys. This explains why only 32 spambots got in that trap.

    * Even if a harder CSS analisys were required (by hidding the field with a harder rules or instead of using display: none using a positioning scheme. The spammer could still send n attempts leaving each time a different field blank. Maybe using more then one “must be blank” fields could fix this, but it would increase the page weight.

    still it’s good that this method is still effective. :-)

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>