Rather than solely fighting off spam with CAPTCHAs and spam comment checkers - is it a good idea to check each request against a DNSBL and block the user if they are using a bad IP?
$blacklists = array('web.sorbs.net', 'opm.tornevall.org');
$parts = explode('.', $_SERVER['REMOTE_ADDR']);
$ip = implode('.', array_reverse($parts)) . '.';
foreach($blacklists as $bl)
{
$check = $ip . $bl;
if ($check != gethostbyname($check))
{
error_log('PHP Security: [DNSBL] - ' . $_SERVER['REMOTE_ADDR'] . ' - ' . $bl);
die('Put a detailed error here so the client knows why they have been blocked');
}
}
It seems like the only problems would be over-zealous IP blocking of good users by the DNSBL or the large cost of making a DNS lookup each request.
This might help, but you will have to take two things into consideration: False Positives and False Negatives.
DNSBLs tend to have quite a few of both. False Positives that hit innocent users, and False Negatives that will miss good chunks of botnets. The best solution I have found for dealing with spam online is to use CAPTCHAs.