« Comment Spam finds a way through | Main | Monday Night Wedding Fayre »

Tuesday 6 September 2005

Response to comments on Spam & CAPTCHA

I wrote this as a response to the comments in yesterday's post but I figures it had a general relevance to this site. It'll make more sense if you read that post and the comment first.

Unfortunately Blacklist just wasn't working for me. Firstly a new word / URL would get through every 2 or 3 days forcing me to clean up the 100 or so comments that would generally be left by the time I found out. Secondly, Blacklist was registering 7 to 8,000 comment attempts blocked per month and that was putting processing strain on the server and using up massive amounts of bandwidth (at least in comparison to what this site normally used).

I don't like CAPTCHAs any more than most people. Even on this site I keep forgetting to enter them and having my comment rejected. Also I suffer from a strange kind of number blindness that causes me to read digits in the wrong order sometimes. Additionally, in the UK CAPTCHAs are actually illegal as they make comments unusable by the visually impaired in contravention of the Disability Discrimination Act 1995 (so I'm told anyway).

However, the results spoke for themselves. Until this week at least. Since implementing the CAPTCHA I've had to remove about 10 comment spams. In 6 months. I was removing that many a day before.

Also with the CAPTCHA in place, any attempted comment spam was caught earlier in the process so the server strain and bandwidth usage were reduced.

The CAPTCHA has been the single most effective tool I've used in combating Comment Spam even taking into account the recent intrusions.

I dislike the thought of using TypeKey or similar authentication systems because of my own experience with Blogger. On a large number of occasions I have been dissuaded from leaving comments on Blogger powered blogs simply because I really couldn't be arsed to log in with my Blogger account. Yes, I really am that lazy. And if I can't be bothered then I should imagine that there's a large number of people who react in the same way, not to mention those who don't already have a TypeKey account (like me).

September 6, 2005 3:44 PM | Site


How about you rig up a Trust/White List. When a new person makes a comment they have to enter a CAPTCHA but if they have commented before they dont.

WordPress works a bit like this, when someone new makes a comment it sits in moderation untill I approve them, after that they are free to comment.

Or, and I know I hated to do this, but you could also close up your old comments. The captcha and the closed comments effectively brought my spam down to nil. Although, now, I've got some mother trying to use my login form as a spam attack and A. trying to login, or B. leaving an entire email message in the form. I catch it in my activity log. I'm still working on that one. I've banned the IP(s) and he keeps coming back.

Tom - Unfortunately that's a little beyond my abilities. I'm proficient enough to install existing plug-ins but wouldn't begin to know how to edit or write one myself.

Huy - I get quite a few comments to old entries so would be reluctant to close old comments. I have however closed old track backs.

Fair enough, perhaps you could try some different plugins. What about asking us a question like What colour is an orange?

Oh and heres how they might be cracking your CAPTCHA.

Leave a comment

« Comment Spam finds a way through | Main | Monday Night Wedding Fayre »

Sponsored Links

theaardvark's 2DBarcode


domesticated bloggage


Evil Inc
Ctrl Alt Del
Real Life
Wapsi Square
Least I Could Do
Dueling Analogs