November 2006 Archives

More anti-spam ammo

| 6 Comments

A new anti-spam CAPTCHA plugin, called Comment Challenge is now installed on the blog server.

The battle between blog administrators and spammers is an ever-escalating arms race. Every time a new tool for blocking or filtering spam comments is released, the spammers develop new technologies and new tactics so that their marketing messages about “enhancements,” online gambling, and “morgage” loans continue to be posted all over the web.

This blog service already uses the SpamLookup and Akismet plug-ins, which rely on keyword filters and URL blacklists. However, an annoying new tactic is gaining popularity among spammers. They use their automated scripts or “spambots” to randomly post dozens and dozens of blog comments with random text and legitimate website links (like cnn.com, apple.com, cnet.com, etc). The spammers’ goals include poisoning the filters with false positives and sneaking their marketing links among the the dozens of comments with “legitimate” links.

So far the most reliable way to foil a spambot is with a CAPTCHA (an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart).

One type of CAPTHCA, the image CAPTCHA, generates wildly distorted letters and/or numerals and overlays them on psychedelic backgrounds. The intention is to foil optical character recognition (OCR) software; however, image CAPTCHAs can be a barrier to the visually impaired, and deciphering them can be difficult even for those with perfect vision.

The Comment Challenge plug-in instead creates a “challenge and response” CAPTCHA. With this plug-in, a blog administrator creates a simple question that only a human should be able to answer. If a comment is not submitted along with the proper response, it goes into the comment junk folder.

To use this plug-in on your blog, you will need to activate it, choose a question and response, add a template tag to two of your templates, and rebuild your site. Full instructions are below.