CAPTCHA this!

Volume 9, Issue 64; 30 Jun 2006; last modified 08 Oct 2010

More fodder in the ongoing war against comment spam. Y'all can do math, right?

He that will not apply new remedies must expect new evils; for time is the great innovator.

Sir Francis Bacon

I woke up to eighty some odd bits of comment spam this morning: free ringtones, drugs I don't need, and some miserable excuse to sell car insurance.

I'm glad comments are moderated, because the evil bastards never got an ounce of Google juice for their efforts.

But I still had to moderate all eighty of them. Waste of my time. So this morning I implemented a simple CAPTCHA system based on the ability to perform simple arithmetic operations on single digit numbers. Y'all can do that, right?

I'm optimistic that that will slow the bots down, at least for a while. There's nothing to prevent the bot's heuristics from growing new capabilities, of course, but they'll still be moderated even ifwhen they do.

Comments

Yep. It works on the production system too.

—Posted by Norman Walsh on 30 Jun 2006 @ 01:44 UTC #

Took me blody seven tries to post this comment! 8-)

—Posted by Jacek on 30 Jun 2006 @ 02:06 UTC #

I'd suggest adding a little space between some of the math words. I bet that humans will have an easier time joining the meaningful words than bots.

What is two min us one?

You could even do a thin space (or something) to screw stuff up :-)

—Posted by Keith on 30 Jun 2006 @ 02:40 UTC #

Uh. three times one isn't banana?

—Posted by Brian on 30 Jun 2006 @ 04:15 UTC #

Nice.

btw, Google gets you a lot of the way: "seven plus seven"

—Posted by Danny on 30 Jun 2006 @ 04:27 UTC #

No, Brian. What did they teach you in grade school? Everyone knows that nectarine divided by kiwi is banana. Sheesh!

—Posted by Norman Walsh on 30 Jun 2006 @ 07:05 UTC #

But would "seven" also work?

—Posted by Eliot Kimber on 03 Jul 2006 @ 12:51 UTC #

neat! It could be a bit clearer as to how to respond and you could also provide the option to write a word as the answer. If I am to input a digit or two digits, it needs to be clearer that that is what I am being directed to do because screen readers do not differentiate in sound between 7 and seven or 14 and fourteen the latter may actually work but not usually.

—Posted by david on 03 Jul 2006 @ 01:11 UTC #

Interesting to see one of the ads that appeared alongside this offering "grade 'A' term papers - for as little as $10/page". I guess that gives a clue about how the world really works...

I'd love to see some ongoing reporting of how well this works. I guess one of the problems is that the faster people make use of the protection technique the moreincentive there is for spammers to figure out the workaround :(

Still, better than the picture ones. I am pretty sure automated cracking of those has already got better than me.

—Posted by chaals on 03 Jul 2006 @ 04:06 UTC #

Possible answers:
40
forty
a multiplication fact


This question suffers from the ususal forms malaise. Guessing what the author assumes is the obvious information type and format for the answer is a greater cognitive challenge than the simple math fact that is intended as the shibboleth, the discriminant between bots and walk-on people. So a VoiceXML <form> is a better match to the task than an HTML <input>.

—Posted by Al Gilman on 03 Jul 2006 @ 09:21 UTC #

Fine, fine, fine! English language answers now work! Y'all can write seven and fourteen and forty if you're so inclined. Me, I'm going to stick with 7 and 14 and 40.

—Posted by Norman Walsh on 12 Jul 2006 @ 01:08 UTC #

This isn't nearly as fun as Hot or Not CAPTCHA.

—Posted by Martin on 25 Jul 2006 @ 08:02 UTC #

*Snort* I can't decide if that's more amusing than offensive or vice versa.

—Posted by Norman Walsh on 25 Jul 2006 @ 08:24 UTC #

Adding a comment won't work if I've clicked on a link to another part of the page, like from this

http://norman.walsh.name/2006/06/30/captcha

to this

http://norman.walsh.name/2006/06/30/captcha#p4

—Posted by Dancer on 08 Aug 2007 @ 06:40 UTC #

Oops. Fixed. Thanks for letting me know.

—Posted by Norman Walsh on 08 Aug 2007 @ 12:31 UTC #