There are two ways to fight comment spam. Most people try to filter comment spam when the spammer enters his spam at your site. Your ideas are part of that. The second way is what I use. I have made my blog almost invisible for comment spammers. It is a stealth blog, totally indexed in the search engines, yet almost invisible for comment spammers.

To convert your blog in a stealth blog, you first need to identify how people find your blog. Many blog spammers find blogs through the search engines. Commonly used packages like WordPress have their own footprint. Specific words and phrases are the same on 99% of all installations and blog spammers search on these phrases in the search engines. This can be words from the normal pages, but for example also the login page to edit the blog.

To put your blog in stealth mode, change those words in something different. Also put a robots "noindex,follow" header on all pages that you don't want to be indexed by the search engines, like login and registration pages, default help pages etc.

I was amazed by the results. On average I have one spammer per two weeks left. And ironically most of those spammers reach my blog when searching on "captcha control" and "comment spam" because I have two posts on my blog about these two issues.

It's important to word your comment pages carefully, even when you don't use standard blog software. Try to find alternatives to phrases such as "leave a comment", for instance. That should help you cut down on the spam.

Another thing I find useful is to have a non-standard captcha. Those awful image captchas are everywhere, and they are, for the most part, crackable.

Thanks for the responses. Unfortunately, stealth mode isn't an option for this site, as it is a blog hosting site, not my personal blog. As such, I have about 1500 users all promoting their blog, making it almost impossible to fly under the radar of the spammers!

I hadn't thought of doing a captcha code... will look into that.

For the short term, I think I'm just going to check comments content for blacklisted words and automatically add the IP address of the commenter to my ban list if a blacklisted word is found. There might be a little collateral damage, but that would be easily rectified.

I'm also going to disable any HTML code (including links) in comments.

Just as an update to this thread:

Two weeks after implementing the automatic IP-banning for using blacklisted words, I've caught over 1500 spammer's IP addresses in my little spam trap. I've also prevented users from putting links in comments, although haven't automatically blocked them for doing this.

So far I've had about 2 spam comments in two weeks get through the net, compared to 20 a day prior to implementing this system. And no mistakenly banned IPs at all!

So it seems as if my site is winning the fight against spammers!

That's a great result, Zulu Dude. However, expect to have to go back to this issue as your site increases in popularity. The more prominent your site becomes, the more spammers will target you deliberately.

did captcha work for you? I have adviced our members to shuffle and try moderation. Moderate for a week and then again allow comments.

For me it worked. Try setting a captcha, it will help.

Hi AjiNIMC... I never actually implemented the captcha code, as the blacklisting by spam words trick worked well enough to not need anything else. At this stage, almost 3000 IPs caught and still no false alarms (that I'm aware of!).

I'm actually starting to think that the most effective part of the changes I made was to remove links in comments. Once spammers realise that there is no point in spamming the blogs, they'll soon leave (and indeed they have!).