blog spam, captchas and ways around
I really really hate blog spam. I get so much of it as well, despite all my little modifications to the forms such as adding a simple arithmetic 'CAPTCHA' (I didn't want to go down the image route because I find them intrusive) and testing against known spammy URLs. We even have an XML-RPC service checking the comments. Yet they still get through. How?
Interestingly, a lot of the comment spam I have been receiving lately contains spammy qualities, but the content (i.e. the the links that they are trying to embed) are useless. They are all made up of a random composition of URI-legal ASCII characters, with a '.com' suffix slapped on the end. I've been trying to think of a possible reason why this is happening. My first thought was that somebody was using my blog as a 'test bed' for some automated posting software, using my form to help the bot 'learn' how to overcome my CAPTCHA (solving the problem would be very easy once a human told the bot what to do). It seems viable, although I'm unsure why somebody would bother with my blog. It isn't really read heavily, has no 'subscribers' per se, and doesn't rank highly in google for many common search terms.
I'm not sure what to do now. Lawrie kindly pointed out that we'd had a bit of spam via SMS a couple of days ago, so I've tweaked it a little bit. Has anybody got any ideas of more unobtrusive ways to cut out this crap? Integrating Akismet into my blog looks like the only way…
Interestingly, a lot of the comment spam I have been receiving lately contains spammy qualities, but the content (i.e. the the links that they are trying to embed) are useless. They are all made up of a random composition of URI-legal ASCII characters, with a '.com' suffix slapped on the end. I've been trying to think of a possible reason why this is happening. My first thought was that somebody was using my blog as a 'test bed' for some automated posting software, using my form to help the bot 'learn' how to overcome my CAPTCHA (solving the problem would be very easy once a human told the bot what to do). It seems viable, although I'm unsure why somebody would bother with my blog. It isn't really read heavily, has no 'subscribers' per se, and doesn't rank highly in google for many common search terms.
I'm not sure what to do now. Lawrie kindly pointed out that we'd had a bit of spam via SMS a couple of days ago, so I've tweaked it a little bit. Has anybody got any ideas of more unobtrusive ways to cut out this crap? Integrating Akismet into my blog looks like the only way…
