Fighting back the spam
It is with great regret I’ve decided to install a CAPTCHA tool on this site. For those of you who don’t know what it is, have a look at the comment area field below, displaying a word. From now on, you have to type that word in the text box to post your comment.
But if it’s just about typing a few extra characters, then why the fuss? Well, two things. First, I don’t like to take this kind of measure due to idiot spammers. Second, CAPTCHA is very bad from an accessibility perspective.
As many of you know, Usenet news surrendered to the armies of spam long ago, and later our email boxes were flooded with nonsense. Next in line are the blogs, or rather the blog comments to be correct. The reason behind this strategy is to increase search engine rankings for certain sites by cross-posting the addresses to a lots of places, as number of incoming links from other site is one of the major rank factors. Movable Type have a nifty feature called nofollow, simply telling search engines not to follow links in comments, but even though it hurts the spammers page rankings it will certainly not make them give up.
This has become such a big problem nowadays that hosts are beginning to shut down comments in Movable Type, since MT-comment.cgi is heavily targeted by spammers. Simply renaming the file will only postpone the unavoidable. The option to close comments for old entries is a very last resort in my eyes, as are TypeKey approval since this will prevent a lot of would-be commenters from posting.
After carefully considering the options (including Blacklists), I had a last look at the spam statistics (the sheer amount of daily spams make my MT database cry) and went down the CAPTCHA path.
CAPTCHA is short for “completely automated public Turing test to tell computers and humans apart” and you may have noticed it when registering somewhere. The idea is very simple: The human brain is exceptionally skilled at finding information in patterns, where a computer is having a hard time. Character recognition algorithms are getting better by the hour, but this is still a fairly good way to sort human users from computer bots.
Unfortunately, installing a CAPTCHA plugin in Movable Type is certainly not for the weak of heart. It involves installing Perl modules, plugins and graphics libraries. But it seems to be working now, so I will remove the hard hat for a while.
If you’re having any problems or suggestions, please let me know.
Update: Now using the accessible CAPTCHA plugin by Jay Allen instead of SCode.