Yesterday, I installed an addition to the first line of defence against comment and trackback spam that Akismet is so successful at.
That addition is reCAPTCHA, a plugin for WordPress (with versions for other platforms), that adds a step to commenting – one that’s increasingly common on other platforms, too – which requires you to type two words from distorted text, just like the example shown in the image here, before you can submit a comment.
Note that it doesn’t prevent trackback spam, only comment spam that requires someone to type something on your blog.
Detailed info about captchas and how they work is in this Wikipedia entry. But, simply put, a captcha is a tool that can tell whether the typer of text is a person or a computer. As it’s a challenge-response system, and pretty random, computers generally can’t pass the test.
Akismet is very good indeed at trapping spam, both comments and trackbacks. But I thought I’d try this as well to be more preventative, ie, stop the stuff even getting here.
So this plugin should prevent the volumes of computer-generated comment spam so prevalent these days from actually getting to this blog in the first place.
Not sure if it actually works, though.
Take this spam comment, for instance:
This was one of about 50 trapped by Akismet overnight last night, after I installed reCAPTCHA.
I didn’t expect to see stuff like this.
Either the spammer manually typed everything and also passed the challenge-response test, or it was done by a spambot and so got through the defence (but still trapped by Akismet).
I actually don’t know. Maybe spammers do employ armies of humans out there somewhere who really do manually type in this type of crap.
Is any kind of captcha worthwhile, I wonder? One reason I like reCAPTCHA is that it doesn’t require anything else installed on my server, unlike many others which need at least special fonts installed.
Plus I do like the model – when you type in the required words, that helps digitize books in the public domain. Learn more from the reCAPTCHA site.
So what do you think? Is this worth running on my blog? Does it make leaving comments more difficult for you?
Leave a comment :) Thanks.
[Update 21/9/07] I’ve de-activated this plugin and reverted back to Akismet. Far too much crap getting through to the comment moderation queue that I’m certain Akismet would have stopped in its tracks and marked as spam. I just don’t see a benefit from reCAPTCHA.
8 responses to “Adding to the first line of blog spam defence”
Hi there,
I’m an engineer on reCAPTCHA.
Due to the way wordpress works, it actually makes the spam reCAPTCHA catches look like akismet caught it. Our FAQ describes this issue:
Moderation emails: reCAPTCHA marks comments as spam, so if you get moderation emails when spam comments are sent, you will get moderation emails for all spam comments with reCAPTCHA. We highly recommend turning off moderation emails with reCAPTCHA.
reCAPTCHA works best with Akismet off (that way, you don’t get false positives). In order to evaluate if reCAPTCHA is working, log out of word press and look at the comments on your blog posts.
If you have any trouble, we’d love to hear from you at support@recaptcha.net. We read this email. And respond. Fast. I promise :-)
Hi Neville,
I appreciate that you’re putting our human problem solving to work to bring up the quality of scanned digital texts. Please try and work out the bugs.
Ben, thanks for visiting and your comment.
I did read that info on the website and chose to ignore it. I really didn’t want to turn off Akismet.
Obviously not the way to do this.
So I’ll try it again overnight: turn off Akismet and see what happens.
Daniel, it might work if I actually follow the instructions :)
Seedier porn sites have been known to co-opt the user’s brain by presenting them with the image from a recently acquired captcha from a blog, forum, or account creation page and requiring them to fill it out for access to the site.
You need Spam Karma 2. Ain’t nothing finer for stopping spam.
I’ve tried Spam Karma before, Charles. It is good, I agree. Yet in my experience nothing beats Akismet.
I think that I’m in the same situation as you, trying out reCAPTCHA. I was on the Google Group, and got the advice to turn off Akismet, which I’ve just done.
Since it’s been a few weeks since you posted this entry, do you have additional intelligence that you could add to this thread? Thanks.