Stopping Comment Spam: AuthImage
by Zef Hemel- Published:February 2nd, 2005
- Comments:18 Comments
- Category:General
I’ve had enough of comment spam. Therefore I started looking for a good solution and found the “AuthImage”:http://www.gudlyf.com/index.php?p=376 plugin for “WordPress”:http://www.wordpress.org. I installed it here and on a couple of other weblogs and it seems to work.
What the plugin does is add a field to the comment posting form. It asks the user to retype the code that is shown in the image in an input field. This is not much work for the user, however makes it a whole lot harder for bots to successfully post their spam. If the code doesn’t match, the comment is denied.
Now all we have to solve in trackback spam. Luckily I don’t get that much of that (yet).
18 Commenti
Although it’s not much work I find it annoying actually, having to type this code. However, it’s better then comment spam. Stupid spam! >:(
It’s also a lot harder for blind people, or people who are dyslexic. It’s also very easy for spammers to circumvent, and they’re already doing it (they show it on pornsites, and let other humans recognize it for them). Please remove them, you’re giving a bad example…
See also:
http://www.w3.org/TR/turingtest/
For an accesible alternative:
http://www.meyerweb.com/eric/tools/wordpress/wp-gatekeeper.html
Though just adding an extra hidden fields seems to keep most out as well.
Looks good. I Installed it a few weeks back on my blog and it stopped the spam. I had to tweak it because I don’t have the GD libs installed.
“It’s also a lot harder for blind people, or people who are dyslexic.”
Sorry, but why would those people read blogs? If they can read the blogs, why won’t they be able to read the AuthImage?
I have a wordpress blog too, though it’s not popular enough yet to be spammed. I was thinking when the spams arrive one day, I’ll start changing the names of the form items or rearrange them around. Will that work?
Your blog doesn’t need to be popular to get spammed. Mine isn’t popular but it does get spammed.
I don’t really like the auth image solution, but it is better than nothing.
Might have to have a look into some spam protection as well.
The amount of spam has little to do with blog popularity. I’m resposible for three other blogs that get very little traffic, yet receive as much spam as I do (not that mine is that popular).
Rearanging form fields doesn’t really help I’m affraid. I added an additional form field of which the value was checked. Didn’t help
Hmm… how bout renaming the field names (author, email, url, comment)? Will need more effort to do though.
Ok, how about adding a random string onto the end of each field name? For example ‘email’ would become ‘email_3157′.
Now, this could be a problem if the user enters something incorrectly and the page reloads, as the field names would change. There is an easy solution to this, just use the title of the article to generate the random sting.
The best way to do this (that I can think of) would be to modify the code from my hashing function (My host is down at the moment) to generate a ten character long numeric hash based on the entries title, the field name and a website specific key that the blog owner can set.
Doing this the email would become something more like ‘9421564276′. And the user wouldn’t have to worry about their browser deleting their content because the field names changes.
Do you like it?
““Its also a lot harder for blind people, or people who are dyslexic.”
Sorry, but why would those people read blogs? If they can read the blogs, why won’t they be able to read the AuthImage?”
Because they use screenreaders, and screenreader can’t read images? Because the have braillerules, and braillerules don’t show images?
Also, thanks to this clueless ’security’ you have to post it right the first time, because else you have to press back, the image doesn’t update on your screen, but it does on the server, so now you need to guess the code… nice…
Anyone have any thoughts on my idea?
Your idea may work, depending on how smart the bot is. If the bot firsts downloads the post page and then tries to detect which is which field is which, and is successful in doing so, it doesn’t solve anything. But then again, it might just do the trick.
Its worth a shot, will you try it?
http://www.cs.rug.nl/~jos/weblog/index.php?p=4#comments
It doesn’t work either…
Yes it does, that’s a trackback, not a comment.
This image is totally inaccessible (one need to have good eyesight and graphic enabled browser) and thus just plain wrong
Please, please, please do remove this crap….
This is a test
six upper-aych upper-eee eight upper-que three
[...] to do. I will try and see if I can find a solution asap. Might be something a bit like Zef has on his blog, or maybe something a bit more accessible. [...]
[...] to do. I will try and see if I can find a solution asap. Might be something a bit like Zef has on his blog, or maybe something a bit more accessible. [...]