Lovely spam
I remember the years when this blog, because I wrote the software myself, received zero comment spam. Now it's about 1500 spam comments a day, and some have recently made it through. So I've stepped up the measures again. Every submitted comment now gets assigned a score based on 1) whether the POST request matches up with a previous GET request of the form page by the same client, 2) whether the client has fetched an image embedded in the form, 3) whether the client supports JavaScript, 4) whether the client supports cookies, 5) whether it took more than 5 seconds and less than 24 hours to fill in the form, 6) whether all form fields (including hidden ones) are submitted, 7) whether several randomly inserted form fields that are turned invisible with CSS have been left blank, 8) whether the submitted text doesn't contain spammy words, and 9) whether the same IP has not recently sent me something with a high spam score. If the score is high, you get a warning; if it is very high, you get blacklisted for 10 minutes and sent into a (mild) tarpit. I hope this combination will trap all the spam while not blocking any legitimate users who have merely turned off, say, images and JavaScript. I've tried it with Lynx and it worked fine. Let me know if you run into any problems.