Posts for March 2008

Fighting comment spam

I've been hit by comment spam. Suddenly, one of the posts on this site had _a lot_ of comments, all with advertisements for some suspect sites. Needless to say, I've removed those comments.

So, what to do about that ? I decided to implement a CAPTCHA on the site. It is a pretty standard one, requiring you to repeat a word, that is shown as an image and garbled, so that image recognition software has a hard time interpreting it. I could have found a complete control for it in a few minutes just by searching Google; but I implemented it myself as an ASP .NET control, just for fun. Also, I believe that the security in a unique CAPTCHA algorithm is much better. If spammers develop software to defeat CAPTCHA's, naturally they are only going to target big sites to maximize their profits, and not bother trying to break a CAPTCHA, that is only used on my little site.

A nice example on this is the fact that Jeff Atwood's blog is using one of the simplest CAPTCHAs conceivable, a static image containing the same word each time, that the user must repeat in a textbox. Apparently, that is enough to stop most of the spam on his blog. Another example of a really simple CAPTCHA is to simply include a hidden field on the page. If the field gets filled out on postback, it is most likely a spam-bot posting it, since the average user would never notice, let alone filling out, the hidden field. I like that idea particularly, because it does not require the user to think or do anything. (So why did I go for the image approach in implementing my own CAPTCHA ? Probably because I wanted to try out implementing one ;-))

I am probably going to blog about the techniques going into developing a CAPTCHA in ASP .NET in the near future. In the meanwhile, dear reader, please try out the comments feature, and let me know if you find the CAPTCHA image easy enough, or too easy, to read.