Bizarre spam
I just got home from Charleston, SC to find a ton of spam comments in my blog, however they’re quite bizarre in that they consist of random strings of characters (not even vaguely looking like words) and are pointing to machines that don’t exist. What was the purpose of this? So I’ve turned on pre-moderation again, until I can fix it to allow certain “regulars” to post without delay.
I’ve changed my mind. I’ve decided to use a WordPress plugin, SecureImage, which implements the whole CAPTCHA idea. It’s not perfect, but it’s likely to be close enough. If anyone has issues, please let me know.
This entry was posted at 10:17 pm on 21 April 2005 and is filed under Meta. You can follow any responses to this entry through the post-specific RSS 2.0 feed.
I have considered this as well. The problem comes from people who might come from multiple IPs. Do you trust them? I think the best idea is to find tuples of people (name, mail, IP) who have passed the CAPTCHA once, and then not present it to them again. Unfortunately, that’ll require writing PHP code, which I hate, but more importantly, don’t have time for right now.
The problem with that is, all I have to do is manually enter a comment once, and then I can have my script spam you senseless after that, since it won’t have to deal with the CAPTCHA.
Not the most efficient way to spam, but certainly the most likely outcome.
PS: You should make a note that the CAPTCHA is case-sensitive.
Both comments and pings are currently closed.
A whitelist of known folks (with name, mail and probably IP) could be used to show the CAPTCHA only to unknowns, be they newbies or spammers.
Also there are some tricks you can play with your templates to turn spammers away – HTML has more than one way of showing the exact same form, even more using CSS. Make it a little less deterministic and they will leave your blog alone, hopefully.