Sciencetext Tips & Tricks

Blogging tips, browsing tricks and computing hacks

Captcha Takes No Prisoners

May 5th, 2008 · by David Bradley

RecaptchaNo one likes spam. I bet even spammers don’t like spam. If you run a blog with comments enabled it can be an almost full-time job keeping on top of it. If you’re on Wordpress, then the simplest way to keep on top of it is to use the Akismet plugin which quickly learns what is and what is not spam. Couple that with the Akismet Auntie Spam Greasemonkey script (from internnetducttape) and you’ve got a convenient way of abbreviating the Akismet listings should you wish to give them the once-over, checking for false positives.

Some bloggers also like to run a script or plugin that creates a captcha on their comment form. A little doodle of letters and numbers that are supposed to be machine unreadable. There are many different versions, including re-captcha which does a secondary academic job of classifying unidentified words from scanned documents when your commenters complet the captcha.

Please don’t use captchas.

Captchas may help trap spam, although they don’t prevent human-bots from entering spam, because they can complete the captcha, but they are a pain in the behind. There are two types of captcha that are particularly annoying. First, there are those captchas that open either in a popup window or separate tab after one has hit “submit”. This is just plain silly.

Many people are driveby commenters, they want to read, assess, comment and get out as fast they can. They do not want to see an additional page asking them to confirm their humanity. Indeed, many has been the time when I’ve commented on a site, switched to another tab I was browsing and failed to notice the newly opened captcha tab until minutes later. I’m sure there have been occasions when I didn’t bother completing the captcha because of that so my comment was lost. Use a captcha and you may lose comments.

Popup captcha

There is another problem with captchas for those of us running Firefox plugins such as NoScript. No Script prevents sites running dodgy scripts in your browser, but it is not an intelligent sort of application it does not distinguish between dodgy and legitimate, it simply blocks scripts unless you allow them. So, when I wanted to comment on an item about they key combo Control-Alt-Delete, I saw no captcha, clicked submit and then got a long-winded error message telling me I had not completed the unseen captcha and blocking my comment.

Now, my comment on Ctrl-Alt-Del (invented by another David Bradley) was not particularly important or impressive, but what if I’d been an entrepeneur or venture capitalist posting an exploratory comment on your blog. A failed captcha could mean all the difference between a life-changing offer and eternal obscurity for your blog.

7 responses so far ↓

  • ChemSpiderMan // May 5, 2008 at 5:44 pm

    AS you know we have allowed annotation of records on ChemSpider. We DON’T ask for a login. Look at the result. Scroll to the bottom of this record: http://www.chemspider.com/Chemical-Structure.7475.html

    See the “garbage”. Spammers….

    We are considering switching on a captcha. What would you recommend instead?

    ChemSpiderMans last blog post..Care in Nomenclature Handling and Why Visual Inspection Will Remain

  • David Bradley // May 6, 2008 at 8:44 am

    ChemSpiderMan, my suggestion not to use a captcha was not to suggest that any site let garbage through. A site owner must have full control of content that appears on their site (unless they’ve deliberately set things up to be 100% community led, but even then you still need some form of editorial control). Obviously, depending on the work load manual filtering of spam that slips through is the only way forward. Unless you can find a transparent captcha (there are some) that works 100%.

    db

  • ChemSpiderMan // May 6, 2008 at 12:13 pm

    I know you weren’t suggesting we let garbage through. I’m looking for an approach to block the spammers though. Can you suggest some “transparent captchas”? I can take a look at. Thanks David

    ChemSpiderMans last blog post..Jean-Claude Bradley Posts About New Trends in Science and Mentions ChemSpider

  • Robert Irizarry // May 12, 2008 at 12:46 pm

    David - I’m with you on captchas - don’t use them. They discourage commenting and there are better ways to deal with automated spam.

    ChemSpiderMan - I’m a big fan of Spam Karma as a means to control spamming. It contains configurable rules that check for a variety of conditions that indicate that a comment is spam. There’s even an Akismet plugin for it that will send a borderline comment through Akismet as a final check. There are other anti-spam plugins but I haven’t looked at any of the newer ones since settling on my current solution.

    If you’re willing to go even further, there are a number of things you can do in your htaccess file to reduce the amount of spam and other unwelcome activity. You can block ip blocks, site copying apps, comments submitted without a referrer, etc.

  • David Bradley // May 12, 2008 at 1:39 pm

    Thanks for the feedback Robert, yeah IP blocking in .htaccess is sensible for some of the more prolific spammers.

    db

  • emp // May 23, 2008 at 9:25 am

    Captchas either approach unreadability and thus, the frustration level of the users or they are crackable.

    View the PDF with instructions.

    emps last blog post..Captcha Breaking in detail

  • David Bradley // May 23, 2008 at 11:25 am

    That’s right emp, that’s why I suggested fellow bloggers not use them.

    db

Leave a Comment

Comments are checked for spam before appearing, no need to post it twice.

Related Posts




SQT: Resizing Popups Big Mouth Video