Chad Perrin: SOB

1 February 2008

trying captcha

Filed under: Metalog — apotheon @ 01:07

I’ve turned on captcha validation. That means there’s a little picture with some characters in it, and you have to enter them to be validated as a “real human being”.

I’d like everyone who sees this to test it for me by trying to post a comment to this entry. In a few days, I’ll turn captcha off again, mention that it has been turned off in a new entry, and ask for comments from anyone that had problems with it.

Thanks.

14 Comments

  1. You might as well turn it off, that is in insanely easily to crack CAPTCHA (http://sam.zoy.org/pwntcha/). If you are interested in this, you might want to take a look at Assira (http://research.microsoft.com/asirra/), I stumbled across it yesterday. I know, I know, it’s from Microsoft, but it’s from the research folks, half of whom use GMail accounts (in other words, not the typical Microsoft folks). What I like about it is that 1) it’s a LOT easier for a human to use 2) it’s a LOT harder for a computer to crack and 3) it helps a good cause in the process.

    J.Ja

    Comment by Justin James — 1 February 2008 @ 08:06

  2. The PWNTCHA link was to show how much hard CAPTCHAs had been cracked, BTW, not that this particular one has been. Considering how easy this looks, I am certainly that it is already cracked, and the PWNTCHA site is an eye opener anyways.

    J.Ja

    Comment by Justin James — 1 February 2008 @ 08:08

  3. i don’t see any captcha…

    Comment by sosiouxme — 1 February 2008 @ 08:43

  4. How about using Akismet ? They have a pretty good set of tools in any language you can think of, that will filter your spam. Plus you are based on WordPress, so it should come bundled with it.

    Comment by Antoine — 1 February 2008 @ 10:44

  5. I’ve been captcha’d!

    Comment by Joseph a. Nagy, Jr. — 1 February 2008 @ 11:29

  6. J.Ja:

    I just want to reduce the amount of spam that gets through without using something that creates false positives. I’m not worried about it being perfectly effective — just effective against the majority of crap that comes through (which probably targets stuff that doesn’t use CAPTCHA at all). Also, getting this CAPTCHA to work didn’t take any effort at all — I just clicked a checkbox in the configuration for a WordPress plug-in that was already installed for other reasons.

    sosiouxme:

    That’s quite odd.

    Comment by apotheon — 1 February 2008 @ 12:07

  7. Not seeing the CAPTCHA

    Comment by SterlingCamden — 1 February 2008 @ 05:38

  8. Appears to be in working order.

    Comment by Meredith — 1 February 2008 @ 07:52

  9. I just stumbled on your blog from a link at one of your Perlmonks posts. Reading some of your posts here, I found my self nodding in agreement or thinking “nice writing.” Keep it up. BTW, I see the captcha…

    Comment by Ravenor — 1 February 2008 @ 08:02

  10. I wonder if people signed in and already added to the “approved” bin, with a long-term cookie to that effect on their computers, bypass the CAPTCHA.

    Comment by apotheon — 1 February 2008 @ 11:54

  11. I’m seeing it fine.

    Comment by Mina — 2 February 2008 @ 12:32

  12. Whoops — didn’t notice I had some stuff in moderation until just now. I’ll respond to a couple of those now.

    Antoine:

    I find the Akismet plugin’s propensity for false positives, coupled with its atrocious moderation interface, absolutely unacceptable. I’ve discussed this before — likely before you stumbled across SOB. I appreciate the suggestion, though. Welcome to my weblog.

    Ravenor:

    Thanks for the compliments and the report on the CAPTCHA. Welcome to SOB.

    Comment by apotheon — 3 February 2008 @ 02:04

  13. Hi Chad,

    I hadn’t seen your post about Akismet indeed. I think you pinpointed it well. I think there are other Akismet-like solutions out there. What you could do is cross-validate a comment with more than one solution ? It should be more accurate. That still means some work to create and maintain a UI on the moderation side, etc.

    My personal experience with spam is that people did not hesitate to register, receiving an email and confirming their registration just to be able to leave spam messages on our forum. When we publicly started to filter the spam, and made announcements to that regard, we stopped being attacked. I guess this has to be taken into account in the equation :)

    Comment by Antoine — 4 February 2008 @ 01:05

  14. The comment spam I get is (almost?) all obviously automated. It tends to arrive in bunches, all within a couple seconds. As things stand, the fine-tuning I’ve done for my spam filtering techniques have reduced how much gets submitted. One of the biggies is trackback validation — there’s more abuse of trackbacks than anything else, by far. Another is the fact that everything goes into moderation that isn’t posted by someone who has already had a post approved.

    Basically none of the spam I get ever gets past moderation. The closest to spam I get that might get past moderation is legitimate trackbacks from illegitimate weblogs. I’m just looking for ways to further reduce the amount of spam that gets even as far as moderation without running a risk of getting some false positives.

    I’m really paranoid about false positives. Even with people reporting no problems with the CAPTCHA, I’m thinking I might turn it off permanently.

    Comment by apotheon — 4 February 2008 @ 02:32

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

All original content Copyright Chad Perrin: Distributed under the terms of the Open Works License