Comments on: no more captcha http://www.gotwoot.net/2007/08/12/no-more-captcha/ Just another WordPress weblog Sat, 31 Jul 2010 11:55:14 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: complich8 http://www.gotwoot.net/2007/08/12/no-more-captcha/comment-page-1/#comment-4269 complich8 Tue, 14 Aug 2007 21:57:01 +0000 http://www.gotwoot.net/?p=143#comment-4269 the real idea behind hashcash is both "make the computer perform some computation" and "make sure the poster has a fully-functional javascript" under the assumption that most bots don't.<br /><br /> Unfortunately, while most bots still don't, some do, meaning some spam still gets through. Those that hook a javascript engine to post spam are going pretty far to do it, so having to compute a half a second or so worth of javascript isn't a big hit to them. They've got a couple thousand bots in a botnet to do it anyway...<br /><br /> Since making that change, 4 spam messages have made it past hashcash. Hashcash plus akismet has caught all of them, but mopsi's message got flagged as spam as well, which is somewhat unacceptable too. However, I'll still keep this combination, because it results in an acceptable level of spam hitting akismet, to the point that I can actually do some vetting from time to time without having to dig through hundreds of spams per month to do it. Akismet alone was churning through in the neighborhood of 50 to 100 spams per day when I switched to the captcha, and with hashcash and akismet, it's down to like 4 per day. So that's pretty tolerable ... the real idea behind hashcash is both “make the computer perform some computation” and “make sure the poster has a fully-functional javascript” under the assumption that most bots don’t.

Unfortunately, while most bots still don’t, some do, meaning some spam still gets through. Those that hook a javascript engine to post spam are going pretty far to do it, so having to compute a half a second or so worth of javascript isn’t a big hit to them. They’ve got a couple thousand bots in a botnet to do it anyway…

Since making that change, 4 spam messages have made it past hashcash. Hashcash plus akismet has caught all of them, but mopsi’s message got flagged as spam as well, which is somewhat unacceptable too. However, I’ll still keep this combination, because it results in an acceptable level of spam hitting akismet, to the point that I can actually do some vetting from time to time without having to dig through hundreds of spams per month to do it. Akismet alone was churning through in the neighborhood of 50 to 100 spams per day when I switched to the captcha, and with hashcash and akismet, it’s down to like 4 per day. So that’s pretty tolerable …

]]> By: mopsi http://www.gotwoot.net/2007/08/12/no-more-captcha/comment-page-1/#comment-4263 mopsi Mon, 13 Aug 2007 19:21:51 +0000 http://www.gotwoot.net/?p=143#comment-4263 GomuNingen, the problem is that this method is no 100% proof (captchas aren't as well but with those hard to read images it came near...) since it doesn't prevent a robot to post but it just slows them down. It works by requiring the user's machine to do some computation which takes 0.5 seconds per comment or so. This slight delay means nothing to someone posting one comment. But it slows down the spammer robot that wants to post thousand of comments. But if the spammer doesn't care for the slow-down he still can do automated spamming. I still prefer this method because as long as there are enough unsecured blogs the spammers will go for those while the legit user gets rid of the need to enter the captcha. GomuNingen,

the problem is that this method is no 100% proof (captchas aren’t as well but with those hard to read images it came near…) since it doesn’t prevent a robot to post but it just slows them down.

It works by requiring the user’s machine to do some computation which takes 0.5 seconds per comment or so. This slight delay means nothing to someone posting one comment. But it slows down the spammer robot that wants to post thousand of comments.

But if the spammer doesn’t care for the slow-down he still can do automated spamming.

I still prefer this method because as long as there are enough unsecured blogs the spammers will go for those while the legit user gets rid of the need to enter the captcha.

]]> By: TGEN http://www.gotwoot.net/2007/08/12/no-more-captcha/comment-page-1/#comment-4262 TGEN Mon, 13 Aug 2007 15:59:30 +0000 http://www.gotwoot.net/?p=143#comment-4262 Props on dropping your (dreadful, might I add) CAPTCHA implementation. Props on dropping your (dreadful, might I add) CAPTCHA implementation.

]]> By: Bread-sama http://www.gotwoot.net/2007/08/12/no-more-captcha/comment-page-1/#comment-4255 Bread-sama Mon, 13 Aug 2007 05:46:04 +0000 http://www.gotwoot.net/?p=143#comment-4255 rofl rofl

]]> By: complich8 http://www.gotwoot.net/2007/08/12/no-more-captcha/comment-page-1/#comment-4251 complich8 Mon, 13 Aug 2007 02:13:09 +0000 http://www.gotwoot.net/?p=143#comment-4251 Bread: that's because you're logged in, same as me. jerk >_< Bread: that’s because you’re logged in, same as me.

jerk >_<

]]> By: Maye http://www.gotwoot.net/2007/08/12/no-more-captcha/comment-page-1/#comment-4250 Maye Mon, 13 Aug 2007 01:04:19 +0000 http://www.gotwoot.net/?p=143#comment-4250 Yeah, This is much much better ^^ Yeah, This is much much better ^^

]]> By: Bread-sama http://www.gotwoot.net/2007/08/12/no-more-captcha/comment-page-1/#comment-4247 Bread-sama Sun, 12 Aug 2007 23:46:08 +0000 http://www.gotwoot.net/?p=143#comment-4247 looks the same for me looks the same for me

]]> By: complich8 http://www.gotwoot.net/2007/08/12/no-more-captcha/comment-page-1/#comment-4244 complich8 Sun, 12 Aug 2007 20:41:46 +0000 http://www.gotwoot.net/?p=143#comment-4244 I found out why!<br /><br /> Apparently there are some spambots that actually implement javascript... I've already had to spam-flag a comment or two.<br /><br /> otoh, I don't want to go back to captchas again, 'cause people hate them and they're buggy.<br /><br /> I originally went to captcha because akismet was giving false positives, so that's not really a great answer to go back to either. And since I don't want to babysit the place forever, a moderation queue is probably not so great either.<br /><br /> hmm....<br /> I found out why!

Apparently there are some spambots that actually implement javascript… I’ve already had to spam-flag a comment or two.

otoh, I don’t want to go back to captchas again, ’cause people hate them and they’re buggy.

I originally went to captcha because akismet was giving false positives, so that’s not really a great answer to go back to either. And since I don’t want to babysit the place forever, a moderation queue is probably not so great either.

hmm….

]]> By: GomuNingen http://www.gotwoot.net/2007/08/12/no-more-captcha/comment-page-1/#comment-4243 GomuNingen Sun, 12 Aug 2007 19:59:42 +0000 http://www.gotwoot.net/?p=143#comment-4243 I don't know why almost no one uses this. It's much easier than trying to decipher the message! :razz: I don’t know why almost no one uses this. It’s much easier than trying to decipher the message! :razz:

]]> By: Kuncoss http://www.gotwoot.net/2007/08/12/no-more-captcha/comment-page-1/#comment-4238 Kuncoss Sun, 12 Aug 2007 16:50:54 +0000 http://www.gotwoot.net/?p=143#comment-4238 This seems to work so much better! (I had trouble reading almost every images that had the posting code) I'm guessing that this is the same sort as they use on Youtube maybe? :smile: Anyways, great to have easier comment function! This seems to work so much better! (I had trouble reading almost every images that had the posting code)
I’m guessing that this is the same sort as they use on Youtube maybe? :smile:
Anyways, great to have easier comment function!

]]>