Hacker News new | comments | show | ask | jobs | submit login

We tried a ton of those techniques (hidden fields, fields filled out by Javascript, anti-replay tokens) and none of them worked - the spammers appeared to be using botted IE installs.

What worked in the end was a points system for spammy behavior: First post has URL in it? +1 point. User fills out linkedin field on profile? +1 point (seriously, none of our legit users did this...). User posts a word on the blocklist? (viagra, cialis, cvv2, etc) +1 point. User Agent is IE? +1 point (we're a Mac site). After a certain number of points, the user was banned and all their generated content deleted. After a certain number of posts without triggering the ban, they're greenlighted. Spammers quickly noticed their posts disappeared instantly and left the site.

If only my blogspammers were that quick on the uptake. I've got moderation turned on, so none of their posts ever see the light of day, and I still get tens of them every day.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact