Sorry, but a CAPTCHA has been added

July 18th, 2013
submit to reddit Share

I’m sorry to have to impose an annoyance on commenter, but unfortunately there has been a rash of bot-generated spam, and the unobtrusive and transparent WordPress plugins I have been using to try to catch it have not been doing a very good job lately.   It seems that the spam bots now do a very good job of emulating the behavior of standard browsers and are managing to change their IP’s and wording fast enough to avoid many of the blacklists.

As a result, I have had to add a CAPTCHA to the site.   I know how annoying some of these can be, especially when it is extremely difficult for humans to tell what the characters are due to extreme amounts of distortion.   Because of this, I have chosen a font and style that should not be too difficult to deal with.   Hopefully it will still provide the necessary level of security to stop bots, as most of them do not even bother trying to decode CAPTCHA.

Again, sorry for this annoyance, but it has become necessary.


This entry was posted on Thursday, July 18th, 2013 at 12:12 pm and is filed under Announcements, Website. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
View blog reactions



24 Responses to “Sorry, but a CAPTCHA has been added”

  1. 1
    Anon Says:

    That one is pretty easy to read.

    Be nice not to see their crap in the comments feed.


    Quote Comment
  2. 2
    James Greenidge Says:

    Regrets and understand your move. It’d be nice to have a feature on ways these bots can be defeated and back-traced and their creators sacked and what severe warning penalties and spam-ad product censures might be considered. This is robbing the pleasure of the web bit by bit. Seems to be we’ve been LONG behind in the retaliatory sphere.

    James Greenidge
    Queens NY


    Quote Comment
  3. 3
    Brian-M Says:

            James Greenidge said:

    Regrets and understand your move. It’d be nice to have a feature on ways these bots can be defeated and back-traced and their creators sacked and what severe warning penalties and spam-ad product censures might be considered.

    By “sacked”, I assume you mean tied up inside a sack, suspended from a rope, and used as a piñata? :)


    Quote Comment
  4. 4
    DV82XL Says:

    Thank-you, I will not miss the morning rubbish dump.


    Quote Comment
  5. 5
    Shafe Says:

    I’d be much happier if I knew that every time I filled out a Captcha field a spammer got kicked in the balls.

    I know it’s been a long time, but whatever happened to comment previews? They allowed me to be much lazier about proof-reading my tags.


    Quote Comment
  6. 6
    Anon Says:

            Shafe said:

    I’d be much happier if I knew that every time I filled out a Captcha field a spammer got kicked in the balls.

    But that would be too nice to the spammers.

            Shafe said:

    I know it’s been a long time, but whatever happened to comment previews? They allowed me to be much lazier about proof-reading my tags.

    Same, the amount of times I’ve typoed some markup that I would’ve caught with a preview.


    Quote Comment
  7. 7
    Apollo Says:

    Not to name names, but, is this spam traffic from the one guy again? Or have ad companies just been carpet bombing the blog with homeopathic crap?

    Regardless, here’s hoping the capatcha helps


    Quote Comment
  8. 8
    Anon Says:

            Apollo said:

    Not to name names, but, is this spam traffic from the one guy again?

    Doesn’t look like it.

            Apollo said:

    Or have ad companies just been carpet bombing the blog with homeopathic crap?

    Those ads seem about as effective, at least for selling products or getting people who don’t have Ad blocking software to visit their site.


    Quote Comment
  9. 9
    drbuzz0 Says:

            Shafe said:

    I know it’s been a long time, but whatever happened to comment previews? They allowed me to be much lazier about proof-reading my tags.

    Thanks for reminding me. The author of the plugin stopped maintaining it and it doesn’t work with current versions of WordPress (not that mine is even current… yet another thing I should do)

    There are other similar ones that work. I will get on that… at some point


    Quote Comment
  10. 10
    Matt R Says:

    This is a nice captcha (if there is such a thing) that it is easy to use. If it does turn out to be ineffective at blocking spammer comments, have you considered alternative forms? The one that springs to my mind would be an animal captcha. There is a fairly strong indication that the more advanced spamming systems can automatically identify captcha codes better than people, but I find it hard to imagine a spammer’s system being able to reliably identify cats from dogs etc in the near future, yet we do so effortlessly.

    Okay, I guess I should have expected that my post in it’s original form would not have passed the spam filters as it contained the URL for a wordpress plugin. Just search the plugins for “Animal captcha” and you’ll find it.


    Quote Comment
  11. 11
    drbuzz0 Says:

    So obviously the CAPTCHA is not working 100% because there has been some spam.

    I’m not sure if the bots have some way of circumventing it through some kind of backdoor method or if they can use OCR on it (since it’s not all that well obscured) or if there even could be human beings who are posting some of the spam links.

    That said, it has cut down on spam. Not 100%, but maybe 80% or 90%

    So I will be looking to improve things further in the near future.


    Quote Comment
  12. 12
    DV82XL Says:

    Ya it looks like real human driven to me too, but as you say, it’s a vast improvement.


    Quote Comment
  13. 13
    Shafe Says:

            drbuzz0 said:

    So obviously the CAPTCHA is not working 100% because there has been some spam.

    I’m not sure if the bots have some way of circumventing it through some kind of backdoor method or if they can use OCR on it (since it’s not all that well obscured) or if there even could be human beings who are posting some of the spam links.

    That said, it has cut down on spam. Not 100%, but maybe 80% or 90%

    So I will be looking to improve things further in the near future.

    Shouldn’t you be on vacation?


    Quote Comment
  14. 14
    Q Says:

    Believe it or not, there are schemes out there to pay people for trolling blogs with spam. It’s a simple thing. Basically every link they get to a site gives them ten cents or something, so they go out and post to every blog they can find.

    Of course, this is just about impossible to stop.


    Quote Comment
  15. 15
    jmdesp Says:

    Hi, FYI I’ve been very happy with the “WP Hashcash” plugin to cut spam comments *without* using a captcha (it’s a free plug-in, I’ve nothing to gain from the publicity, just sharing my satisfaction).

    Part of the efficiency at the moment is probably that spammers don’t know about it, but the most satisfying thing is that even if they later code for it, they will not find a way around the fact that it requires the submitter of the comment to send a “proof of work”, so that it starts to cost something to spammers to send a comment.
    Given how low the value of each spam comment is, this means the game will no longer be worth it.
    Of course they can use a network of zombie computers so that they don’t pay the cost themselves, but just increasing a bit the cost of the job will make even the zombie computers not very efficient at posting to a lot of blogs, which means spam comments will anyway no longer be such a problem.

    There’s a negative point, it requires your poster to activate javascript, but many comment systems anyway require it already.


    Quote Comment
  16. 16
    Julia Says:

    Believe me, a Captcha won’t help you. It’s very easy to overcome and it won’t stop human spammers!
    But the worst threat is that you might lose up to 25% of your conversion because of Captchas!! I just had to input it 3 times to post this comment!!!
    And think about a whole category of the disabled people that could have been your users but for Captcha!
    I suggest you had a look at Keypic. Quite a lot of sites switch to it for protection now. It’s free and user friendly. No tests for users; robots and human spammers get blocked, good users – never.


    Quote Comment
  17. 17
    Julia Says:

    Believe me, a Captcha won’t help you. It’s very easy to overcome and it won’t stop human spammers!
    But the worst threat is that you might lose up to 25% of your conversion because of Captchas!! I just had to input it 4 times to post this comment!!!
    And think about a whole category of the disabled people that could have been your users but for Captcha!
    I suggest you had a look at Keypic. Quite a lot of sites switch to it for protection now. It’s free and user friendly. No tests for users; robots and human spammers get blocked, good users – never.


    Quote Comment
  18. 18
    Julia Says:

    Believe me, a Captcha won’t help you. It’s very easy to overcome and it won’t stop human spammers!
    But the worst threat is that you might lose up to 25% of your conversion because of Captchas!! I just had to input it 5 times to post this comment!!!
    And think about a whole category of the disabled people that could have been your users but for Captcha!
    I suggest you had a look at Keypic. Quite a lot of sites switch to it for protection now. It’s free and user friendly. No tests for users; robots and human spammers get blocked, good users – never.


    Quote Comment
  19. 19
    Julia Says:

            Julia said:

    Believe me, a Captcha won’t help you. ..

    sorry I didn;t mean to post multiple comments, it’s just that Captcha won’t let me make a post first, and then suddenly all the comments have appeared…


    Quote Comment
  20. 20
    Anon Says:

    Right, so apparently putting a picture on an external server that spammers can themselves access (from zombied windoze boxes spread all over the world) is meant to stop spam exactly how?

    It’ll stop spammers running the requestpolicy firefox extension, but I don’t think there are any spammers using requestpolicy, it may also stop people using shared proxies from posting.

    Besides, once it becomes popular people will find ways to get spam past it, probably completely automated ways which is better than what they can typically do with captchas.


    Quote Comment
  21. 21
    James Greenidge Says:

    Any real solution then, or we’ll just have to eat spammers?


    Quote Comment
  22. 22
    Julia Says:

    @Anon
    Actually it’s a bit more complex, it’s not only about a picture. Believe it or not, it works. 5+ thousand sites prove it. Try it before you judge


    Quote Comment
  23. 23
    Anon Says:

            James Greenidge said:

    Any real solution then, or we’ll just have to eat spammers?

    We’d need to find them first, I also doubt spammers are fit for human consumption (they are such a low form of life).

            Julia said:

    @Anon
    Actually it’s a bit more complex, it’s not only about a picture. Believe it or not, it works. 5+ thousand sites prove it. Try it before you judge

    Five thousand web sites isn’t all that many and I did realise that the image requested is unique (or at least a unique filename for each request).

    It’s what happens when everyone (or nearly everyone) is using keypic that is the question?

    Oh and if everyone were using it it’d make a rather nice surveillance asset for the NSA.


    Quote Comment
  24. 24
    jmdesp Says:

    @Greenidge : I will dare to insist just once, the wordpress Hashcash plugin is very efficient, and I’m still just as happy with it as I was two month ago. Meanwhile even if your captcha seem easy to read, for some reason I have difficulties with it. Maybe that’s because there’s only a short while available to fill the comment.


    Quote Comment

Leave a Reply

Current month ye@r day *

Please copy the string 6EC4Kw to the field below:

Protected by WP Anti Spam