powered by STREAMPAD
Click to launch FredWilson.FM music player

« Some Neil Young Hatin' On This Blog | Main | Nuggets »

CAPTCHAs Don't Work

I begged, yelled, screamed, pleaded for CAPTCHAs so I could stop the comment spam.

TypePad delivered for me and everyone else who was asking for them and I am very thankful.

But the damned comment spam just keeps flowing past the CAPTCHAs and onto my pages.

Uggh.

The Internet Axis of Evil wins another round.

Comments (14) | | TrackBack (2)

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451b2c969e200e550222ece8833

Listed below are links to weblogs that reference CAPTCHAs Don't Work:

» CAPTCHAs GOTCHA from Polarman
Fred says that CAPTCHAs don't work in preventing comment spam on his blog. There are three possibilities: 1) Humans are directly adding the spam, 2) The TypePad CAPTCHA algorithm has been broken by some fancy character recognition engine 3) The [Read More]

Tracked on Apr 20, 2006 7:57:02 AM

» Threat Mitigation to Prevent Ballot from ianmcallister
Threat Mitigation to Prevent Ballot Stuffing or Comment Spam [Read More]

Tracked on Apr 20, 2006 12:32:00 PM

Posted April 20, 2006 in Venture Capital and Technology

Comments

Really very good..Believe that you certainly go of.

Posted by: mtv200 | Apr 20, 2006 9:49:20 AM

I love the first comment. Posted within a few hours? Oy ...

Posted by: Stewart Butterfield | Apr 20, 2006 10:59:17 AM

CAPTCHA's alone are not sufficient to prevent automated comment spam. They need to be paired with other measures that detect retry attacks. True comment spam prevention is going to require a layered approach. We had lots of fun figuring this out for Rock Star: INXS voting, which was unauthenticated, and were ultimately successful because we didn't depend on a HIP challenge alone.

Posted by: Ian McAllister | Apr 20, 2006 11:15:11 AM

egalitarian euphoria aside, its always been and perhaps always will be a fine line between "user generated content" and "abuser generated content"

Posted by: steve | Apr 20, 2006 11:28:06 AM

Ingenious! CAPTCHA and other technologies like it are basically there to keep "honest people honest" - those that want to step around the rope barrier will always find a way.

Posted by: Arnie McKinnis | Apr 20, 2006 2:26:35 PM

There's always been a simple way to bypass CAPTCHA, and has often been used by spammers: set up a free porn site, which requires only to resolve a CAPTCHA to be allowed to view the porn. As there is an immense number of free porn seekers, it's easy to serve a captcha to each one -- when it's resolved, your program can easily add spam to the captcha's originating page.

Posted by: Berislav Lopac | Apr 20, 2006 2:32:36 PM

Adding random session based form elements is another method to detect automated posting. It isn't a full solution, but so far we've been successful using this approach. I suspect if too many people start doing this, the spammers will handle it (it is easy to code for), but it works for now.

I thought about not posting this for that very reason, but it isn't like I'm the first person to have this idea.

Posted by: fishbane | Apr 20, 2006 3:15:02 PM

Perhaps Kozoru could have searched your comments and then notified you which ones were spam, but alas, it is vaporware and JSF is more interested in polyphasic sleep experiments and making commercials. :( :( :(

Posted by: kingofktown | Apr 20, 2006 5:47:18 PM

Fred, I'm posting comments without any CAPTCHA requirements on this post. This is a possible reason that you are still being flooded by spam.

Posted by: Rogel | Apr 20, 2006 8:02:27 PM

Just posting to try out the captcha ;). I'd like to see a mashup of captcha code and the flickr letter tags - something like this but at least composed into a single bitmap with the character sizes scaled somewhat randomly and some other efforts to make it harder to find the character boundaries. At any rate it would be more fun than regular captchas!

Posted by: Roddy MacFarquhar | Apr 21, 2006 11:40:56 AM

Face it Fred - your a blogshere superstar, no gettin' around that. Solution: Put out a bad LP.

Posted by: jackson | Apr 21, 2006 12:19:29 PM

I've found keyword filtering to be one of the most effective comment spam prevention techniques. I auto-trash comments including terms that have no chance of being used in a legitimate post, and moderate terms on the edge. Not a perfect solution either, but it certainly helps.

Posted by: Technology Evangelist | Apr 21, 2006 3:55:01 PM

Well at fastblogit installing captcha eliminated 99% of the spam. I suspect that you left some alternate posting mechinism behind. You got to find and close all the holes in the dyke

Posted by: Seth Russell | Apr 22, 2006 10:45:08 AM

Fred--

Have you tried out Akismet yet?

Batelle has a good post on Akismet and MT at http://battellemedia.com/archives/002490.php

And, while I'm at it, I might as well put a (admittedly biased and self interested) plug that you try using WordPress itself!

Posted by: VCMike | Apr 23, 2006 8:17:14 PM

Post a comment

This weblog only allows comments from registered users. To comment, please Sign In.