In the last two month three comment spam has gotten past Akismet on this blog.
Over at Coding Horror there is a good article about CAPTCHA’s and how Yahoo, Hotmail, and Goolge CAPTCHA have broken. I am not really suppressed I never really thought they would work. But I am thinking of adding CAPTCHA to this blog because I think most of the people who are spamming blogs are not the same as ones who are spamming emails. Why? While I am not sure, but most of the comment spam that has gotten though Akismet has not been formated using BBCode and not HTML; obviously it is a Forum spam bot which isn’t really intelligent and I would highly doubt that it would be able to fool a CAPTCHA.
Even if CAPTCHA one day become obsolete he has some other ideas:
Beyond diversification, the deeper question remains: how do we tell automated bots from people– without alienating our users in the process? How can we build a next generation CAPTCHA that’s less vulnerable to attack?
Here’s some food for thought:
- Distinguish pictures of dogs from cats
- Choose a word that relates to all the images
- ASCII art
- Solve failed OCR inputs
- Trivia questions
- Math and word problems
At some point, unfortunately, CAPTCHA devolves from a simple human reading test into an intelligence test or an acuity test. Depending on how invasive you want to be, you’ll eventually be forced to move to two-factor authentication, like sending a text message to someone’s cell phone with a temporary key.
You are not lost. You are one link away from your destination.