• Date: 2005-01-07 04.18.00 CET
• Name: rdean
• Posted from: c-66-177-153-39.se.client2.attbi.com

Would it be possible to do one of those "type the word that appears in the image" type of controls as an additional measure to prevent automated posts?

• Date: 2005-01-07 04.45.40 CET
• Name: bignose
• Posted from: nat20.cyber.com.au

You're referring to a Completely Automated Public Turing-test to tell Computers and Humans Apart -- a CAPCHA. Unfortunately, they're inherently broken.

They are unusable by those who don't receive the test the way you intended. Most commonly, they're implemented as an image of text; this is awful from an accessibility standpoint. Any other means of munging the text is subject to the same problem; some of your valid users can't see it.

Even if you dismiss the accessibility problem, they're still broken. Regardless of what technology they use, they have a fatal flaw: a spambot can simply ask someone else to solve it for them, then post the answer to your test. This is done by using your CAPCHA as an access mechanism to some free porn; there is *no* shortage of willing humans, 24 hours a day, to do this. Having done so, they've unwittingly told the spambot the answer to your CAPCHA.

More discussion on CAPCHAs and their downfalls is at the Wikipedia CAPCHA article: http://en.wikipedia.org/wiki/Captcha

• Date: 2005-01-07 07.02.24 CET
• Name: Peter Karlsson
• Posted from: 062016211058.customer.alfanett.no

No, I have no plans to implement such a thing. I don't want regular people to suffer because of what these scum are doing.

• Datum: 2005-01-07 18.07.12 CET
• Namn: Jesper Holmberg
• Vävplats: http://blogs.msdn.com/jesperh
• Sänt från: tide83.microsoft.com

Heh - I had the same one in my comment queue this morning.

I just had one of them though. Normally I get one comment per commentable post - either this guy is lazy, or he's trying to not stand out as much.

• Datum: 2005-01-07 19.04.11 CET
• Namn: Peter Karlsson
• Sänt från: 062016211058.customer.alfanett.no

I've also only seen one so far. Strangely enough, it started when I added the word "trackback" to the page, my guess it's someone using search engines to find suitable pages. Because of this, I have removed the word "trackback" from the comment form.

On a similar note, the head light on my bike was stolen today. I noticed this as I was about to go home today. And it wasn't just mine, none of the bikes had any head lights. :-(

• Date: 2005-01-08 15.05.10 CET
• Name: Arve
• Website: http://www.virtuelvis.com/
• Posted from: ti132110a080-2509.bb.online.no

There are a couple of things you should note about the spam you were hit with:

1. If you review your server logs, you will notice that you will also have been (mass) referrer spammed by most of the same URLs. All of these referer log spams have been made with a tool named Reffy.

2. Every single comment or trackback spam attempt I have seen on my blogs, are made through open proxies. There is some discussion (and two plugins for other weblog systems) on this over at http://bradchoate.com/weblog/2004/11/05/mt-dsbl.

Combine these two, and you're very unlikely to be hit hard by spammers.

• Datum: 2005-01-08 15.43.20 CET
• Namn: Peter Karlsson
• Sänt från: 062016211058.customer.alfanett.no

I noticed some interesting referrer, but not much. I don't publish the logs, nor do I examine them very closely, so referrer spam is not something I'm very worried about. They were coming through an open proxy (I thought I had mentioned that in the post, but apparently I forgot), and I did immediately ban that using access controls.

Problem with plug-ins here is of course the fact that I'm not using any of the common blogging tools. In fact, I've written everything myself, except for the comment function which is based on a freely available guestbook CGI program... But it looks interesting, I'll have a closer look at it and see if it can be adapted for my setup.

Thanks for the tip!