Using honeypots to fight comment spam
The guys at rustylime describe how they are using a honey pot form fields to detect spam bots.
This method is interesting, since the false positive rate will be close to zero – any decent browser will not show the ‘honey pot’ fields and a human won’t be able to enter information there accidentally. The false negative will be low, since most spam bots will enter information on those fields. The problem, of course, is that the spam bots can be adjusted specifically for rustylime (now that they outlined their spam comment fighting technique), either by looking for these specific field names or by calibrating their spam bots to render the page and filter out invisible parts (this would be a serious technical challenge for the spammers).
Of course, a post on SecuriTeam blogs, a web site that is probably frequently read by spammers, is not going to help them keep a low profile against spammers – so my apologies to the rustylime people. Lets hope their comment spam queue remains clean, and maybe someone can pick this up and find a more generic way to fight comment spam using browser-invisible fields.