Everyone knows CAPTCHA. Those annoying nonsense images that drive us all batshit crazy as we try to decipher what they say so we can post our comments, sign up for a service or… whatever else it is we are doing.
Now dont get me wrong, there are some good things to come from CAPTCHA. Take for instance the ReCAPTCHA project. We have all seen these. There are two words in the CAPTCHA box. One is a word the computer program knows and uses that to verify your entry. The other one, it doesn’t know. Its a scan from a book or a magazine and its using you to identify what that word is as its digitizing this media. It then takes your entry and compiles it with everyone else’s entries as it puts the book back together as a digital document. (You can use your imagination for the shenanigans that can happen from this.)
However, CAPTCHA cant save your website from spammers!
Now, I know what you’re thinking. Im F’n nuts at this point. CAPTCHA is used for the very purpose of blocking spam on websites. But hear me out.
Spammers have gotten really smart. They are now using the one thing that is more popular on the internet than videos of cute kittens to break the CAPTCHA code. And that thing is: PORN. *GASP!* You already knew that.
Its really simple. When a spammer gets a CAPTCHA image, it simply takes the image and passes it to a partner porn site. That partner site then tells the person waiting for their goodies to show up that they need to ”solve this CAPTCHA to prove you’re a real person and we will show you the video” or whatever. Of course, the person, who is clueless about what is really going on, goes “yeah sure, show me the money!!” and types in whatever it is they see. This answer is then passed back to the original spammer site, which then enters it into your CAPTCHA field and PRESTO! you’ve been spammed!
So, the real question becomes: What can we do to block spammers?
And the real answer is: Not very much. Here are a few suggestions:
- Use a comment moderation plugin such as Disqus which comes with some spam protection.
- Install Akismet to also help battle spam on your site’s comments.
- Moderate the amount of links in a comment by changing the amount of links in a post.
- Set up a spam Words filter in WordPress and add common spam words to it.
To moderate the amount of links in your comments:
Go to Setting >> Discussion and in the section which says “Hold a comment in the queue if it contains ___ Links.” Default is 2, you can change it to 1. Do not set this to zero or leave the field blank. It will send every comment to moderation. This is bad!
To Add Spam Word Filters:
Go to Settings >>Discussion >> Comment Moderation and copy and paste in the words that you see on the WordPress Spam Word List. Keep in mind that when you add words, they need to be on a single line with a single line break after them, and no spaces in between the words. When a comment contains any of the spam list words, (either in the comment content, user name, URI (the address link), user e-mail, or IP address) WordPress will hold it in the moderation queue. Do not include a blank line. Every single comment will be moderated if you do. Again, this is bad.
You could do things like blocking a set of internet IP addresses, but you run the risk of blocking out legitimate website viewers. And thats bad, you got good stuff to share.
Besides, some of the computers posting spam to your website, may not even realize they are doing this. Viruses, Trojans and other nasty programs can turn an unsuspecting computer into whats known as a botnet. Basically, your computer becomes part of a whole network of computers that do things like send spam emails, post spam or whatever else the operator wants your computer to do. (And yes, I realize there are “good” botnets, like folding@home which uses people’s computers to help do medical research.)
So where does this leave us? My best suggestion is the best offense is a good defense. Theres a lot of easy things that you can do to keep your site relatively spam free. Keep your anti spam plugins up to date, keep an eye out for those Viagra comments, and don’t just count on CAPTCHA from saving your site. See? That wasn’t so hard, now was it?
Questions? Suggestions? Overseas Viagra buying websites? Leave em in the comments.
