Giuseppe Taibi’s Techlog

Impressions and bookmarks about my technology journeys

Giuseppe Taibi’s Techlog header image 2

Beyond Captcha

April 15th, 2007 · No Comments

This blog is based on WordPress and just like every blog it is attacked by spammers. So I went and shopped for anti-spam WordPress plugins and found that the most popular was Askimet.

I was almost sure that Askimet was based on captcha, a technology that prompts a commenter to type a random sequence of alphanumeric characters displayed on a fuzzy image randomly generated at runtime. A comment will be accepted only if the keystroke matches the string displayed on the fuzzy image. Instead, Askimet is more similar to a traditional email spam filter. It has a large database of known spammers and tries to match the “signature” of every new comment with one or more of the records in its database. While I have never been a big fan of filters based on a database of known spam (not because I like spam, but because I think that they are not the best solution to spam), I decided to enable Askimet as it was pre-installed on my Dreamhost account AND I needed to stop being spammed immediately. Using Askimet has helped fighting spammer BUT, it created another problem: too many comments marked as spam, so many that I cannot possibly review them and my only option is Delete All. Now you know why I am not a big fan of database-based spam filters. Today, I was ready to squand.. I mean invest a couple of hours installing one or more of the captcha plugins for WordPress, a task that I would have gladly avoided if I could. I started my search from the WordPress plugins page and landed into the Spam Tools page that listed 8 plugins under Captcha. I decided to start with the one called Captcha! BUT…when I clicked on its link I landed on a website sporting a vintage Sinclair ZX Spectrum ( <3 ) as top banner and this text in prominent display:

Warning! CAPTCHA! is DISABLED on this site. Even though this plugin is still maitained, I’m using another one. Read why.

WHY the creator of Captcha! for WordPress uninstalled his own creature? What can be possibly better than Captcha to keep out spammers? Well, it turns out that spammers are getting more sophisticated and are figuring out how to decode the strings embedded in the fuzzy images. Besides, CAPTCHAs are really inconvenient for readers that want to add comments to posts. Instead, he recommends to install HashCash, a sophisticated Javascript generator that confuses automatic spammers and it is absolutely transparent to human posters. Sounds very intriguing. I am going to give it a try.

UPDATE: I installed HashCash. It was really easy. I invested much more time writing this post :)

Tags: My Posts

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment