Update: The annoying captcha has been replaced.
Today I took the long-avoided step of adding a captcha to the comment submission form. It seems my blog has been discovered by the spambots, and (even with Spam Karma 2 installed) the flood of meaningless spam has gotten too large to ignore. Most of you probably don't see the postings, as I get notified via email whenever they appear, and I do my best to delete them immediately. However, as the number of meaningless comments increased, this process was becoming too time consuming.
So I was left with two options. First, I could allow only registered users to post comments. I don't like that solution, since this is an informal, hopefully fun place to just drop by. If someone feels like leaving a comment, I'd like them to be able to do so without the hassle of registering for an account. So that left the second option--adding the captcha to the comment screen. This is far from ideal, as I know sometimes the stupid things are nearly unreadable, and they present issues to those who have problems with their vision. I wish I had a better solution (a future update to Spam Karma may solve the problems, I hope), but right now, I don't.
So for now, we have a captcha. It's not like there are a ton of comments here anyway, but hopefully this won't cut down on the dialog as much as would happen if I were to add a registration requirement. Please let me know if you have any issues with the captcha; I'm using SecureImage, which is fairly widely used, so hopefully the problems will be minimal. This plug-in does have one nice feature--if you are logged in, you won't see it (so there you have it, one minor reason why you might wish to register). And spammers, please find a better target for your vileness. There's no way I'm going to let any of your drek stay on these pages for any length of time!
And yes, there is more content coming here in the future--I've just been a touch busy with Macworld and macosxhints.com stuff lately!
As far as CAPTCHAs go, I think the ones that require you to type the text from an image are pretty poor, especially since sometimes it's a bit ambiguous.
There are better CAPTCHAs that simply ask questions like, "What is the name of this weblog?" or "What was the color of Gen. Ulysses Grant's white horse?" Since none of these CAPTCHAs on different weblogs will ever be the same, the only way spammers would get around them would be to manually go to your website and code in the correct response in their spambot programs, which they are probably not going to do. (You could even randomize the questions, if needed.)
Even better is to find something that's unique and adds something to your weblog rather than making it seem more like a task. Take a look at the ridiculously geeky CAPTCHA on Ridiculous Fish ( http://ridiculousfish.com/blog/?p=23 ): that one makes me LIKE entering numbers for the thing.
But the image-to-text one is kinda lame. I dunno, not to say that it single-handedly makes your weblog boring to read, but I'd say that personalization even of a CAPTCHA would go a long way to capturing readers to a weblog.
-- Simone
I've disabled it for now; the figures were indeed way too hard to read. As much as I'd love to code my own solution, I completely lack any talent to do so :), so I'm going to have to rely on others.
I may try Akismet, a free WordPress service, even though I dislike relying on hosted solutions. I'll also see if I can't find another plug-in out there somewhere with slightly less complex figures.
Thanks for the feedback;
-rob.
Andrew Wooster has an entry ( http://www.nextthing.org/archives/2005/07/16/a-few-upgrades ), which was linked to from the Ridiculous Fish entry I previously mentioned, that shows the code to add a simple extra text field in WordPress. It just does a string compare from the text the user enters into the CAPTCHA field and the correct answer.
Maybe that would help? (I personally don't use WordPress.)
-- Simone
I came up with a simple JavaScript one - the simplest form relies on the fact Spammers don't use JavaScript, and will set the value of the form action using JavaScript after the page loads.
Pretty simple, yet devastatingly effective.
Doesn't work with Trackback Spam, and that's all I get now.
I've completely missed this side of spammers' operations. Can someone (Rob?) explain what the spammers are trying to do? Have they written robots to automatically submit comments to feedback forms like this to peddle their trash? Are these feedback pages really that standardised, or are they just 'pressing' any submit button?
The theory is that they're robots, not real humans. The nature of the posts is something like this:
"I loved your post! I came across your blog and it really caught my attention, I'll be sure to come back for more! Keep up the good work!"
Seemingly innocuous (though quite inane), but then the Name field is filled in with a hyperlined URL to a spammy site ("Cheap Denver Apartments").
I've gotten about 200 of them in the last week or so. A real PitA.
-rob.
Pingback: The Robservatory » New comment spam blocker installed
Congrats, I like this new solution... I'm curious, how many questions did u write?
Regards from Barcelona, Spain.
Juk:
As noted in the follow-up story, I presently have five questions. Now that the basic logic is done, I could easily increase this. But I think five is more than enough. What I'll do instead is change the questions on a somewhat regular basis.
-rob.
A very good trick. Thanks for sharing.
Someone else below asked this already about antispam scripts.
I am getting nailed with Spam on my website mails and in our blog website - now its offline too
much spam. Is there anyway to stop this? If not, there really isn't any point in leaving it up
and active. Any help will be greatly appreciated.
Thanks for help, Keep up the good work. Greetings from Poland
I guess your solution is much better than this cryptic pictures. Sometimes I need 3 or more trials to type the right code, sometimes I am not able to pass the check. And I
m sure I am not the only one. And the problem is, that the author will never know about this problem in his blog, because he normaly will not be informed about denied comments, but on the other side he will also not check it, because he dont have to pass the test normaly.. so one reason to be very carefull by selection of the captcha-System!Andreas thanks for answer to the post "so one reason to be very carefull by selection of the captcha-System! "
Keep up the good work. Greetings
Spam is all about resources and picking the low-hanging fruit. Circumventing CAPTCHAs ain’t easy. Why bother when there are ripe apples to be picked?!
Comments are closed.