Continuing my struggle against comment-spam… I just installed a “captcha” plug-in, called AuthImage.
Try to add a comment, you’ll see the captcha in action. Personally, I’m finding some of these captchas rather difficult to read myself, they are often rather off-centre in the image and chopped off at the bottom. But if they keep that online-poker shit-head out of my moderation queue (by himself, he accounts for 90% of my comment-moderation workload), then it’s worth it.
Captchas are not an effective solution for “trackback” spam, but I have not enabled that at all. I don’t really know what RSS, trackbacks and pingbacks are all about. Can’t be bothered with any of it. I think I’ll allow pings on this post, just to see what happens. They will, of course, go into moderation as usual.
6 responses to “Captcha!”
Well, I keep getting spammed, ever after the captcha was installed. The online poker guy, as usual. God, I hate him so much. Useless waste of oxygen.
I examined the site logs. Sure enough, he was getting in through the trackback script. All my newer posts have defaulted to disallow pings. But some older posts still had pings enabled, and those are the ones he was hitting.
It’s a shame the captcha can’t be used on trackbacks. But unfortunately, they are done by machine, not human.
I just used a quick SQL statement in phpMyAdmin to change all the old posts to closed pings. That should be the end of that.
Hey, great info there. I was wondering if you would share your quick SQL statement with us… exactly what you did to close pings on all trackback posts. I’m trying to secure my girlfriend’s site (listed above) from comment spam by installing this captcha stuff. (I don’t have a blog myself–I’m just her geek love slave) I don’t want to screw up her database like I’ve accidentally done before, so I thought I’d seek advice from someone who’s actually succeeded with this sort of thing.
Thanks,
Justin
I don’t have it anymore, but I think it would have looked like this:
UPDATE wp_posts SET ping_status = ‘closed’
By adding a “WHERE” clause, you could limit the set of posts affected. Add “WHERE ID=1”, for example, to try changing only the first post.
This possibly has to be followed by a “COMMIT” statement.
How does this let blind people post comments to your blog?
Sadly, it does not. Captchas suck, I know. But I didn’t ruin the Internet. I just have to fight off the sleazy bastards the best way I can. As of today, captchas are the only way I know.
All that said, I took a look at your site, and there may be some good suggestions there. I can’t comment on the “invalid HTML” criticism, I just use a WordPress plug-in. I’m not sure if I can offer an alternative mechanism for pre-approving users. It’s a fine idea, but I’m not a web-developer, I don’t know how to modify the sofware to do it. Perhaps WordPress already has this ability. I’ll definately look into it.
Adding “alt” tags seems like a fine idea at first, but my worry is that if the alt-tag includes my email address in any machine-readable form (and it would have to, to be useful for this purpose), then it will just expose me to that much more spam. You’ve probably noticed that every place my email address appears on this site is as an image file. It sucks, but that’s what I have to do to keep the screen-scapers from picking up my address.
I certainly have no wish to exclude visually-impaired people, and I will take a look at the suggestions to see if I can use any of them. But if the alternatives do not give me the anti-spam results I require, then I’ll have to just leave it as it is. No matter what happens, I’m not going to spend my evenings deleting spam. If that’s the price I have to pay to keep this site online, then you can be sure this blog will simply cease to exist. And that would benefit nobody.
To fix “invalid HTML”, put something (anything) meaningful in the alt attribute. To allow blind people, either find a way of preapproving accounts out-of-band (e.g. through e-mail or telephone) or add an alternate challenge-and-response (e.g. through audio). The W3C’s report on CAPTCHA has additional suggestions. Or block the spammers using a different technique, such as the “Bad Behavior” plug-in.
“if the alt-[attribute] includes my email address in any machine-readable form (and it would have to, to be useful for this purpose), then it will just expose me to that much more spam.” Not if you obfuscate the at and dot characters such that a human user behind a screen reader can decode them, using words that rhyme: (at), -att-, {cat}, =bat=, etc.
Being lazy might get you sued. There’s an article running on Slashdot about the legal issues surrounding inaccessibility of web sites.