CAPTCHAs Don't Work
I begged, yelled, screamed, pleaded for CAPTCHAs so I could stop the comment spam.
TypePad delivered for me and everyone else who was asking for them and I am very thankful.
But the damned comment spam just keeps flowing past the CAPTCHAs and onto my pages.
Uggh.
The Internet Axis of Evil wins another round.
Really very good..Believe that you certainly go of.
Posted by: mtv200 | April 20, 2006 at 09:49 AM
I love the first comment. Posted within a few hours? Oy ...
Posted by: Stewart Butterfield | April 20, 2006 at 10:59 AM
CAPTCHA's alone are not sufficient to prevent automated comment spam. They need to be paired with other measures that detect retry attacks. True comment spam prevention is going to require a layered approach. We had lots of fun figuring this out for Rock Star: INXS voting, which was unauthenticated, and were ultimately successful because we didn't depend on a HIP challenge alone.
Posted by: Ian McAllister | April 20, 2006 at 11:15 AM
egalitarian euphoria aside, its always been and perhaps always will be a fine line between "user generated content" and "abuser generated content"
Posted by: steve | April 20, 2006 at 11:28 AM
Ingenious! CAPTCHA and other technologies like it are basically there to keep "honest people honest" - those that want to step around the rope barrier will always find a way.
Posted by: Arnie McKinnis | April 20, 2006 at 02:26 PM
There's always been a simple way to bypass CAPTCHA, and has often been used by spammers: set up a free porn site, which requires only to resolve a CAPTCHA to be allowed to view the porn. As there is an immense number of free porn seekers, it's easy to serve a captcha to each one -- when it's resolved, your program can easily add spam to the captcha's originating page.
Posted by: Berislav Lopac | April 20, 2006 at 02:32 PM
Adding random session based form elements is another method to detect automated posting. It isn't a full solution, but so far we've been successful using this approach. I suspect if too many people start doing this, the spammers will handle it (it is easy to code for), but it works for now.
I thought about not posting this for that very reason, but it isn't like I'm the first person to have this idea.
Posted by: fishbane | April 20, 2006 at 03:15 PM
Perhaps Kozoru could have searched your comments and then notified you which ones were spam, but alas, it is vaporware and JSF is more interested in polyphasic sleep experiments and making commercials. :( :( :(
Posted by: kingofktown | April 20, 2006 at 05:47 PM
Fred, I'm posting comments without any CAPTCHA requirements on this post. This is a possible reason that you are still being flooded by spam.
Posted by: Rogel | April 20, 2006 at 08:02 PM
Just posting to try out the captcha ;). I'd like to see a mashup of captcha code and the flickr letter tags - something like this but at least composed into a single bitmap with the character sizes scaled somewhat randomly and some other efforts to make it harder to find the character boundaries. At any rate it would be more fun than regular captchas!
Posted by: Roddy MacFarquhar | April 21, 2006 at 11:40 AM
Face it Fred - your a blogshere superstar, no gettin' around that. Solution: Put out a bad LP.
Posted by: jackson | April 21, 2006 at 12:19 PM
I've found keyword filtering to be one of the most effective comment spam prevention techniques. I auto-trash comments including terms that have no chance of being used in a legitimate post, and moderate terms on the edge. Not a perfect solution either, but it certainly helps.
Posted by: Technology Evangelist | April 21, 2006 at 03:55 PM
Well at fastblogit installing captcha eliminated 99% of the spam. I suspect that you left some alternate posting mechinism behind. You got to find and close all the holes in the dyke
Posted by: Seth Russell | April 22, 2006 at 10:45 AM
Fred--
Have you tried out Akismet yet?
Batelle has a good post on Akismet and MT at http://battellemedia.com/archives/002490.php
And, while I'm at it, I might as well put a (admittedly biased and self interested) plug that you try using WordPress itself!
Posted by: VCMike | April 23, 2006 at 08:17 PM