July 27, 2009

Spam-weasels rip my flesh

Damn… Maybe it shouldn’t surprise me, but apparently spammers can defeat Movable Type’s built-in CAPTCHA system. Because I’d set comments to auto-publish after they passed that checkpoint, a few spams (now deleted) snuck past the goalie. Sorry about that.
I’m now experimenting with “trusted commenters” in MT, and I just flagged the last 2000 or so commenters (going back as far as March) as trusted. Hopefully if you’re a regular reader/commenter, your remarks can appear right away. We shall see.
Note that you can subscribe to a comments feed via RSS. As for threaded comments, I’ll tackle the needed mods soon, bambinos permitting.

Posted by John Nack at 10:34 PM on July 27, 2009


  • Mike Sims — 12:09 AM on July 28, 2009

    John, there are math questions (like 2 + 4) that are another option. They seem to fool them… for now.

  • Mike D. — 12:47 AM on July 28, 2009

    I highly recommend going with a homebaked javascript-based timer. If someone doesn’t spend at least 5 seconds on their comment, it goes into a bitbucket. I have 20,045 comments on my blog (reasonably high traffic) and this kills 99.99% of spam before it even gets into the system. No captchas or approved commenters necessary. Cheers.

  • John C. Welch — 4:38 AM on July 28, 2009

    OCR made CAPTCHA a doomed method a while ago.

  • David — 6:55 AM on July 28, 2009

    You can “trust me” john :)
    Seriously though I think is is a measure of your character and to some extent Adobes practices that you ask for feedback. Cheers

  • Nat Brown — 7:36 AM on July 28, 2009

    2000 commenters?
    Do you work for a living or just blog and take care of newborns?
    Thanks for all the work to make this a great place to visit.
    My “day-job” (in contrast to my evenings spent hunched over Photoshop), is in collaborative workplace processes. I am now regularly pointing people to your blog as an example of companies developing conversations with their customers/user.
    Thanks for all the work.

  • John C. Welch — 12:21 PM on July 28, 2009

    the problem with a javascript solution is that you’re still wasting resources to run the timer. If you get enough hits running the script, your entire site slows down.
    That’s similar to what happened after my site got ‘fireballed’. I had no spam getting through at all, but running the comment CGI was still dragging the box down.
    I punted and implemented disqus. Multiple authentication mechanisms, and I got threaded comments for free.

Copyright © 2020 Adobe Systems Incorporated. All rights reserved.
Terms of Use | Privacy Policy and Cookies (Updated)