A Wanted Feature List (38 posts)

  1. Anonymous
    Posted 12 years ago #

    Thanks very much for this lead, podz, on how to deal with IP blocking and the power of WordPress to deal with comment spam.
    David Mattison

  2. Matt Mullenweg
    Posted 12 years ago #

    IPs are very easy to spoof so it's not very effective to use them to block spammers, but for something like this it can be good to target someone. You can use full or partial IP addresses in the moderation keys.

  3. stevecooley
    Posted 12 years ago #

    Oh, yes, captcha's ... goody, why don't we just put a permanent ban on handicapped people accessing the web. >:-(

    Ok, that's fair enough. I've just now implemented a captcha system for my comments. And I admit, I can see the big flaw there. I got hit with the same bunch of crap for c14l1s, pain drugs, and whatever else that 61.* address was posting. I created an IP address blocking mechanism, which actually freed my blog from spam comments for almost 3 weeks, and then the IP addresses kept changing every day now. I had to do something.
    To be fair, don't captchas only put a hardship on sight impared web surfers? Let's figure out how to utilize the mp3-combining code out there to assemble an audio clip in realtime for sight impared visitors.
    What we should do is have an audio equivalent. Read and write back this graphic, or click on this captcha-style assembled set of audio clips of letters and numbers being read or synthesized. Either way, the goal is to get to $human = 1;
    I'm afraid I'm not a very good coder, and I'm certainly not up on the way wordpress is "done" these days, so mine are a series of horrible hacks that appear to be working ok... so far, so good.
    I picked up the only captcha class on PHPclasses.org, and stripped out the code to generate it's own form and just incorporated the variables into the comments form. On the processing side, I check the captcha junk and set the $human=1; on a successful confirmation of human-ness. I only input a comment to the table if $human=1; The only way to get to that point is through the captcha.
    I'll work on an audio equivalent. That's an interesting idea. Gotta be a way to do that if I generate the individual letters and numbers and store them like a font. a sound font, hahaha.. right.
    anyway, my horrible hacks can be observed with disdain at:

  4. carthik
    Posted 12 years ago #

    Asking a human answerable question, like
    "what is 1+1" might be good idea. I saw that in action somewhere.
    Just a random thought, is all.

  5. stevecooley
    Posted 12 years ago #

    I've been struggling with the simplicity of that. It's a brilliant stopgap measure.
    As long as we don't all go out and do that exact question, it would work for a while. It'd be pretty easy to scan a comments form for simple math. Brute force by throwing more bots at your processor might eventually win for them..
    You could do relationship questions, series questions, simple IQ tests... Red, Green, ____ ? 246_1012?
    Sooner or later, they're going to start collecting these questions and answers. That's kind of how the wordpress comment spam thing seems to have started: someone figured out the API to post directly to the processor without needing to go through the form.
    Captchas are a challenge too great to overcome by OCR, currently... and I think they'll remain king for a while. Now, on to that audio version... hmm.

  6. stevecooley
    Posted 12 years ago #

    I just checked out the captcha website. Haha, looks like carnegie mellon is thinking of the audio captcha too. Well, then I guess it's a race.

  7. TechGnome
    Posted 12 years ago #

    Some where in these forums here is a link to an article where some one used pure CSS to create letters & numbers. I thought I had it bookmarked but can't find (I'll go searching for after I post). I was thinking to my self that it would be a better solution to the Captcha. It delivers, clear, clean looking text to the browser, but can't be read by a bot.

  8. stevecooley
    Posted 12 years ago #

    I think these are all great solutions, and I think the overarching idea is biodiversity in our code. The more ways we all do our own thing to defeat bots, the more likely we are to win the war on spam. It's when the userbase at large all have the same vulnerabilities.. that's when we all contract comment spam.

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.