More anti-spam ammo

| 6 Comments

A new anti-spam CAPTCHA plugin, called Comment Challenge is now installed on the blog server.

The battle between blog administrators and spammers is an ever-escalating arms race. Every time a new tool for blocking or filtering spam comments is released, the spammers develop new technologies and new tactics so that their marketing messages about “enhancements,” online gambling, and “morgage” loans continue to be posted all over the web.

This blog service already uses the SpamLookup and Akismet plug-ins, which rely on keyword filters and URL blacklists. However, an annoying new tactic is gaining popularity among spammers. They use their automated scripts or “spambots” to randomly post dozens and dozens of blog comments with random text and legitimate website links (like cnn.com, apple.com, cnet.com, etc). The spammers’ goals include poisoning the filters with false positives and sneaking their marketing links among the the dozens of comments with “legitimate” links.

So far the most reliable way to foil a spambot is with a CAPTCHA (an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart).

One type of CAPTHCA, the image CAPTCHA, generates wildly distorted letters and/or numerals and overlays them on psychedelic backgrounds. The intention is to foil optical character recognition (OCR) software; however, image CAPTCHAs can be a barrier to the visually impaired, and deciphering them can be difficult even for those with perfect vision.

The Comment Challenge plug-in instead creates a “challenge and response” CAPTCHA. With this plug-in, a blog administrator creates a simple question that only a human should be able to answer. If a comment is not submitted along with the proper response, it goes into the comment junk folder.

To use this plug-in on your blog, you will need to activate it, choose a question and response, add a template tag to two of your templates, and rebuild your site. Full instructions are below.

  1. Before enabling the plugin, you must place the <$MTCommentChallenge$> tag into all comment forms on your site. With the default installation of Movable Type, that means you need to edit the “Individual Entry Archive” template (under “Archives” ) and the “Comment Preview Template” (under “System”). You may want to add some kind of label, such as “Challenge and Response Question:” or “CAPTCHA.”
  2. Click the Rebuild Site link in the admn sidebar and rebuild your site.
  3. Click the Settings link in the left sidebar of your blog’s admin interface. Then click on the “Plugins” tab. Look for the Comment Challenge plugin. Then click on “Show Settings” for that plugin. You will want to activate the checkbox “Check for MTCommentChallenge beacon in comment submissions” then choose a challenge and response question. Try to choose a question with an answer that is not ambiguous, does not require specialized knowledge, and does not depend on familiarity with cultural norms.
  4. Once you click on “Save Changes.” You can then go back into the settings, and select whether to score the comment as “Junk” or inform the commenter of the problem. The first option is highly recommended.
  5. See how the how the question and response looks on one of your Individual Entry pages. You may need to tweak your Stylesheet template to customize its appearance.

There is an example of the Comment Challenge question and response in the Comments form of this entry (below).

6 Comments

Hi there,

I wonder what is more efficient? A captcha plugin with image verification or other forms of verification, i.e. question verification?

I think both have pros and cons but one would have to make trial test with both to see which one is better.

Best wishes
Jack

I would have to say that question verification is more efficient. You don't have to rely on server-side image generation. Also, you don't have to worry about usability or accessibility issues. Not many image CAPTCHA scripts accommodate the blind. Google's Blogger sign-up is the only one I have seen.

The greatest advantage of the interactive server-side image generation concept (AISMIG) is that no additional software is necessary.

I can live with the captcha text blocks if it means reducing spam. Good work ya'll and keep it up.

Dawn

I love the new captcha challenge and response feature, especially if it will limit spam. I appreciate all the hard work ya'll are doing to combat this problem! Thank you once again!

Dawn

Well - how much different is it from the Image challenges ?

it sure looks better than Akismet - the most commonly used spam filter.

p.s - aren't the questions supposed to be random ?

Recent Entries

Expired guest accounts
[09 Aug 2011] A few dozen non-Princeton users are using the Guest Account Provisioning Service to access the blog admin interface.…
Syntax highlighting disabled
[16 Jun 2011] By default, Movable Type template editing screens load a JavaScript that dynamically adds line numbers and color-coding to the code…
RSS feeds and Roxen CMS
[21 Apr 2011] Some University organizations with sites in both Roxen CMS and blogs.princeton.edu have tried to use Roxen’s RSS component…
Brief outage 3/28, Mon. morning
[25 Mar 2011] There will be a brief emergency outage of the blogs.princeton.edu server on Monday, March 28. It will be…