August 12th, 2007

no more captcha

Posted by complich8 in Site News

I’m tired of seeing \\\\\\\\’s all over the place, so I’ve decided it’s time to move away from captcha and its comment-mangling validation code. Now we’re using wp-hashcash for spambot checking.

What that means for you is: if you want to post a comment, you’ll need javascript enabled, instead of needing to enter a captcha. Meaning, if you’re using a browser that’s relatively current and relatively sane, you won’t have to do anything.

10 Responses to ' no more captcha '

Subscribe to comments with RSS

  1. Kuncoss said,
    on August 12th, 2007 at 10:50 am

    This seems to work so much better! (I had trouble reading almost every images that had the posting code)
    I’m guessing that this is the same sort as they use on Youtube maybe? 🙂
    Anyways, great to have easier comment function!

  2. GomuNingen said,
    on August 12th, 2007 at 1:59 pm

    I don’t know why almost no one uses this. It’s much easier than trying to decipher the message! 😛

  3. complich8 said,
    on August 12th, 2007 at 2:41 pm

    I found out why!

    Apparently there are some spambots that actually implement javascript… I’ve already had to spam-flag a comment or two.

    otoh, I don’t want to go back to captchas again, ’cause people hate them and they’re buggy.

    I originally went to captcha because akismet was giving false positives, so that’s not really a great answer to go back to either. And since I don’t want to babysit the place forever, a moderation queue is probably not so great either.


  4. Bread-sama said,
    on August 12th, 2007 at 5:46 pm

    looks the same for me

  5. Maye said,
    on August 12th, 2007 at 7:04 pm

    Yeah, This is much much better ^^

  6. complich8 said,
    on August 12th, 2007 at 8:13 pm

    Bread: that’s because you’re logged in, same as me.

    jerk >_<

  7. Bread-sama said,
    on August 12th, 2007 at 11:46 pm


  8. TGEN said,
    on August 13th, 2007 at 9:59 am

    Props on dropping your (dreadful, might I add) CAPTCHA implementation.

  9. mopsi said,
    on August 13th, 2007 at 1:21 pm


    the problem is that this method is no 100% proof (captchas aren’t as well but with those hard to read images it came near…) since it doesn’t prevent a robot to post but it just slows them down.

    It works by requiring the user’s machine to do some computation which takes 0.5 seconds per comment or so. This slight delay means nothing to someone posting one comment. But it slows down the spammer robot that wants to post thousand of comments.

    But if the spammer doesn’t care for the slow-down he still can do automated spamming.

    I still prefer this method because as long as there are enough unsecured blogs the spammers will go for those while the legit user gets rid of the need to enter the captcha.

  10. complich8 said,
    on August 14th, 2007 at 3:57 pm

    the real idea behind hashcash is both “make the computer perform some computation” and “make sure the poster has a fully-functional javascript” under the assumption that most bots don’t.

    Unfortunately, while most bots still don’t, some do, meaning some spam still gets through. Those that hook a javascript engine to post spam are going pretty far to do it, so having to compute a half a second or so worth of javascript isn’t a big hit to them. They’ve got a couple thousand bots in a botnet to do it anyway…

    Since making that change, 4 spam messages have made it past hashcash. Hashcash plus akismet has caught all of them, but mopsi’s message got flagged as spam as well, which is somewhat unacceptable too. However, I’ll still keep this combination, because it results in an acceptable level of spam hitting akismet, to the point that I can actually do some vetting from time to time without having to dig through hundreds of spams per month to do it. Akismet alone was churning through in the neighborhood of 50 to 100 spams per day when I switched to the captcha, and with hashcash and akismet, it’s down to like 4 per day. So that’s pretty tolerable …

Sorry, the comment form is closed at this time.