My site has only been up a month and already it has had several spam attacks. Restricting comments to registered users helps, coupled with approval of new applications for registration. I have also added the bad-behaviour plug-in.
I have, however, been trying to think of ways of preventing (or at least reducing) spam, without involving me in approvals. The attacks I have had so far involve a load of irrelevant text, followed by a link to a site selling some kind of dodgy product.
One solution I have come up with is to add to the bad word list in the language file. I have added:
'*<a*', 'href*', '.co*', '"<"', '">"', '*"<"*', '*">"*', '"<"', '*"<"*', '<', '*<*', '">"', '>', '*">"*', '*>*', 'http*', '*www.*',
to the list of banned words. This prevents links to websites using www. or http:\\ as well as the .com extension (it would be easy to add other troublesome extensions). It also prevents the non-alphanumeric characters "<" and ">", which means that HTML tags cannot be included.
Presumably if spam is coming from registered users, they are having to copy the spam text over manually. Hopefully they will see that what they get does not come out as a useable link, and maybe they will move on. Even if it does not stop them, there will be some satisfaction that their efforts to create links to their sites will have been in vain.
You will not want all of this, if you want your users to be able to insert links to other websites - choose however much of this you want.
Having only implemented this a few minutes ago, I have yet to see whether it really does deter manual spammers, but it seemed worth a try. I will report back in a while to indicate whether or not it seems to have been successful. I have seen other comments that there is no point trying to use the bad word list to predict words spammers may use, but I have not found another thread which suggests making use of this list to make the spam content worthless to the spammer: I will be interested to know if anyone else has tried this, and if so, whether it has decreased spam.
Incidentally, although if you are in England, the english.php file is used for email content, it seems that for the bad word list, the english_gb.php file (my default) is used. I have put the list in both, to be on the safe side!
Graham