I have a wordpress blog and I had the Captcha plugin on it for the longest time because it worked. Lately though I am getting mass amounts of spam. I then tried to do a “Add These Random Numbers Together” that were generated via PHP but still no luck. I’m not quite sure what I need to do to block this spam but it is quite annoying.
I was reading about some kind of visual script that spammers use – that reads your webpage or something thats why Captcha has the messy images to block this sort of thing. I was thinking that maybe it would help if I put a animated GIF background behind my PHP Random Number Captcha so it would be easy for a use to read but hard for a bot.
Not sure anyway I need suggestions :S
As in many other areas of antisocial behavior, the comment spammers are constantly improving their game. Captcha was really effective, until the spammers actually improved the state of the art in OCR. Then there are the “are you a human?” types of tests — adding numbers, identifying pictures, etc — and those can be defeated by … humans, very inexpensive humans.
This means that, just like email spam, you need to up your game and start looking at where the comment/post is originating from. If you have a site targeting the US, the UK, or some other large, well-defined geographic area, it is possible to check the IP address and use that as part of your “spam or ham?” calculation. Additionally, you can look at the contents of the comment and see if it seems to be full of links, or is composed almost entirely of just one link.
Limiting posts to registered users helps, as does making sure that all first comments are handled by a moderator.
We use a scoring method that uses IP-block include and exclude lists, link count (checking both HTML and simple text patterns), and a minimum comment size. Comments that fall into a grey area are kicked to a moderator. This is a US-oriented Django site, so I can’t point to a PHP class or WP plugin, but this combination has substantially reduced the flood. At least for the moment it has.
How about using reCAPTCHA? It has plugins that are easy to use (PHP for example).
There are lots of public CAPTCHA-scripts that you can use, Google’s “reCAPTCHA” being one of them, others want the user to tell whats on a photo or other riddles …
The problem is: You can never block human spammers. Sometimes it’s not a bot that’s solving your CAPTCHA but a real person. There’s even a business for solving CAPTCHAs where people are paid to solve CAPTCHAs and provide bots with solutions.
One solution that I found is working pretty well: make it hard (if not impossible) for spammers to use the account they created. Spammers only have that much time so when they need too much of it to actually post to your blog, they’ll go away eventually.
Meaning: let only people post that you approved personally, let only people post links that have posted at least X (meaningful) posts before.
I don’t know about wordpress, but this worked for me in phpBB, I’m sure there are similar plugins for wordpress.