We help IT Professionals succeed at work.

What's the latest defense against comment spam submitted by BOTS into a comment form?

What's the latest easy and simple defense against comment spam? mybigdata.co.uk has a contact form and BOTS submit spam as a message. The solution will be something else than captcha as other businesses also don't use it.
Watch Question

btanExec Consultant
Distinguished Expert 2019
Can take a look at CleanTalk that is a free anti spam plugin which work with the premium Cloud AntiSpam service cleantalk.org.

A visitor writes a comment or registers
Anti-Spam by CleanTalk plugin sends action parameters into the CleanTalk cloud
Service analyzes the parameters
If this is a visitor, the comment will be published. If it’s a spam bot, then CleanTalk blocks this comment or registration.
Parameters are written to the spam log which can be viewed in the Control Panel service.
easier would be to have a plugin that connect to such check services and you have capability to configure the defence.
David FavorFractional CTO
Distinguished Expert 2019

Check out Anti Spam Bee also. This plugin uses non-intrusive Bot scanning + then flags the Bot IPs for Fail2Ban to block using iptables.

If you have a huge amount of spamming IPs, Anti Spam Bee solves the problem with near zero server load, since IPs are blocked at Kernel, rather than running through the entire LAMP Stack + WordPress to do blocking.
Dr. KlahnPrincipal Software Engineer
If the host is running Apache, look into mod_spamhaus, mod_sorbs and mod_honeypot.
Jack McKenzieChief Executive Officer http://mybigdata.co.uk


It's Java (Tomcat)
Exec Consultant
Distinguished Expert 2019
I am thinking even cloud security service or Web app Firewall
Existing solutions offer little to no protection against Spamdexing attacks since they rely mainly on IP reputation-based detection, which can lead to more false positives......WAF offers a better solution in that it collects URLs which repeat in high volumes in various web applications, and correlates them with the IP reputation ratings of clients to accurately detect a spamdexing attack.

That said, there is no panacea too but can scale up to be cope with the changes in  spambot
We won't catch all spammers or attackers, unfortunately, but the good news is that the system gets smarter the more the community flags specific behavior.
and back to basic to block source if that can be identified https://support.cloudflare.com/hc/en-us/articles/200170066-Will-activating-Cloudflare-stop-all-spammers-or-attackers-