The Perils of Overzealous Spam Combat

spam combat gladiators!In case you never noticed, there’s a ‘Recent Comments’ column in the sidebar, and the more astute among you will realise that my comment has been sitting at the top of the pile for quite a while now. At first I thought it was just my readers being polite and staying silent while I ranted and raved about hot army women, haunted dream homes, and the unsexiness of the modern caveperson. But, pretty-much every reader of this blog is a blogger themselves, and we’re a chatty lot. It was unusual to have no comments for weeks.

I decided to test the system out, and lo and behold, ran across a host of problems, all of which had to do with a malfunctioning captcha system (a ‘captcha’ is a test to find out if you’re a human and not a malicious spam program, by asking you to answer a question only a human could) . Hmm, malfunctioning is not entirely right, because it seems to have been behaving a little too well.


In order to combat comment spam, I have been using a drupal plugin that generates a random type of captcha test (maths, odd word out, etc.) and this part of the plugin seemed to be causing some problems. It would not accept answers even if they were right, and even after repeated attempts the submitted comments were automatically being marked as suspected spam.

The conundrum here is that if I turn it off entirely, the blog will — within hours — be inundated with comment spam. This is one of the main reasons I’ve reluctantly had to turn off trackbacks entirely, as several thousand were coming in daily, being marked as spam, and then just sitting there (unpublished, but still, quite annoying). I could have turned on moderation of all comments, but I don’t log into the site several times a day, and that would interrupt the flow of proceedings. Part of the fun of having a blog is seeing conversations develop while you aren’t around.

I have therefore reduced the captcha test to one type, and this seems to have solved the problem. It does mean that the site might a bit more prone to comment spambots that learn or just brute-force their way through, but I’d rather have to clean up a few unwanted comments a day rather than have my puny human meat-things be impeded in expressing their views.

Of course, there are always niggles, so do leave a comment and test the system out (remember to solve the captcha before pressing ‘post comment’!) and let me know if there are any problems (via email, at allvishal [at] gmail [dot] com).

Take that, evil machine overlords.


Captcha-ing the Spammers

I get a fair amount of spam on this site; less than most, but significant enough to be a problem. Most of it is trackback spam which, by design, isn’t an easy thing to combat, but Drupal does a decent job of things.

Comment spam, on the other hand, has been giving me a headache or two, and not in the way that you think. You see, Drupal does catch most if not all of it, but it also overzealously picks up real people’s comments (and as you can no doubt see, I have far too few of those as it is!), just like my last CMS, Pivot.

Like in Pivot, I’ve decided to implement Captchas, which basically means that you’ll have to answer a silly question at the end of the page before submitting your comment, in order to prove that you’re a human (and then hopefully the spam filter won’t eat up your message until I find it in the approval queue a day later).

Thanks to the Captcha Pack module these questions are quite varied. I haven’t used the most common image captchas (like you’d find on a blogspot page, for instance) because I don’t particularly care for them, and prefer the text questions instead.

I sometimes worry that some of the math questions might be a little too much for some people… But, then I ask myself, “Do I want those kinds of people commenting anyway?”

Captchas: defeating spambots and idiots since 2000.