I hope nobody wrote a comment in the last few weeks. I had to mark all of them as spam, as it became too time-consuming to have a look at all of them.
There have been around 670 spam comments being posted in the last 4 weeks. I added an anti-spam plugin which checks the email-adress given with an SMTP-HELO command. I hope this helps, if it doesn’t, I’ll probably add a math-plugin or a captcha.
However, I don’t really like captchas. They are unaccessible (if you can’t see, you can’t post) and it comes from the usability hell if you know what I mean.
For those who don’t know what a captcha is: A captcha is an image which contains some numbers and letters. In order to post a comment, you have to read the captcha and fill the letters into a seperate box.
Update: This morning, the statistics say the following: “In the meantime WP-Mail-Validator ate 20 spam comments”. However, there were 2 spams with legal email adresses, so I had to mark them manually.
Do you think this captcha-thing really helps?
And can you add it to your blog?
What about Wordpress? Can’t they do anything about this spam-problem?
Yes a captcha is a kind of secure way to get rid of spam. There are only few algorithms which can automatically get the characters out of a captcha, and they aren’t used really much until now.
However, a captcha is probably not a permanent solution to the spam problem.
Yes I could easily add a captcha to my blog, there are multiple plugins which add captchas.
Captchas are insecure
http://sam.zoy.org/pwntcha/
I believe there are no absolute safe ways to get rid of automated spam – only better or less good ways. The mail-validator works quite well untill now.
What would you use?
Do the same as you do with e-mail servers, use a DNSBL or something similar. Or add some “confirmation” to the process of adding a comment / post:
1. The user needs to request the page with the form (robots often don’t do this)
2. The user needs to fill in the form, and only the form and it’s formular element names (robots often fill in additional fields)
3. After the post was filled in, the user needs to click an additional link, confirming that he is a user, maybe the link could be generated with ASCII Code HTML (i.e. ‹ etc..) so that a machine that cannot parse this won’t recognize it.
4. Use those DNSBL and so on