On SPAM and the Akismet service
This blog has been spammed alot recently, mostly mindless crudely-crafted mass solicitations, and I was hard-pressed to find a good solution. Even my CAPTCHA was not working that well. However, after setting up my blog system to use the Akismet service, all spam has been completely stopped.
Akismet is a service developed by Automattic, the creators of WordPress, originally as a plug-in for their blog and content management system. Basically, it is a small web-based API that takes various details about a comment, such as its origin and content, and then returns a recommendation as to whether the comment is spam or not. Lucky for us non-Wordpress users, Automattic have decided to make the API open for anyone to use. All you need is a WordPress.com account, and a method to interface with the Akismet system.
There are many implementations of the API, for various platforms, including PHP, but since we like to write our own code here I developed a small, lightweight PHP class that uses cURL to communicate with the Akismet server without having to deal directly with the low-level POST request that it involves.
The source of the class itself can be found in The Lab at akismet.phps. It is very simple to use, you only have to read the Akismet API Documentation to find out the various different bits of information you can tell it about the comment you want to check. Then, you simple initialize an instance such:
$akismet = new Akismet("http://www.yoursite.com/", $your-api-key);
Your API key is the same as your WordPress.com API key (it took me a while to figure that one out). If the API key is incorrect, an Exception is thrown.
Then, you add the various fields that you want to pass on using the add_field() method (the mandatory fields are automatically added):
$akismet->add_field("comment_author", $_POST['author']);
$akismet->add_field("comment_author_email", $_POST['email']);
$akismet->add_field("comment_author_url", $_POST['website']);
$akismet->add_field("comment_content", $_POST['comment']);
//etc
If you want to add multiple fields that are in associative array form, for example the $_SERVER superglobal as they suggest you do, you can use the add_fields() method.
$akismet->add_fields($_SERVER);
When you have added all available information, you can then check whether it is spam or not using the is_spam() method, which returns true (spam) or false (not spam).
if ($akismet->is_spam()) submit_for_review(); else submit_normally();
It is recommended that you still store caught spam, instead of directly deleting it, as on rare occasions Akismet will generate false positives. However, you can flag it for review or similar.
If Akismet does report a comment as spam incorrectly, or vice versa, the API provides a mechanism to tell it so, in order to help improve the service. In our class this is implemented in the submit_spam() and submit_ham() methods, which take the added fields and send them off to the API.
In my experience, however, the Akismet service has never incorrectly identified a comment, and I would highly recommend it. Along with the class we have developed, may your blog be less spammed in the future. Happy posting!