I’ve added Captcha to the Comment Form

I'm sorry to have to announce this, but I've added a captcha to the comment form.

Due to an overwhelming and unending amount of spam, I find myself forced to add a captcha in the hopes it will filter out the bots. I don't like captcha and I'm sure you don't like it either, but I am getting so much spam each month that it's either add a captcha or disable the comments entirely (or switch to a comment platform like Disqus or Livefyre, but I would rather close the comment section than deal with those folks).

According to akismet, this blog got 559,815 spam comments in December 2013. That is 10 times the amount of spam I had to deal with in December 2012, and there is no sign that the onslaught will abate any time soon. January promises to be just as busy; I've already had to deal with 341 thousand spam comments.

So at this point I cannot put it off any longer. Sorry.

23 thoughts on “I’ve added Captcha to the Comment Form

  1. Seems easy to use. However, since I often use Disqus to comment, why did you say that “I would rather close the comment section than deal with those folks”?

    1. I don’t like LiveFyre (sp?) because they think it’s cool to spam my twitter account when I leave a comment when signed in with that account.

      And I don’t like Disqus because this service will let you login with a Google/Twitter/FB account and then requires you to log in a second time with a Disqus account. it’s frankly stupid.

      1. I’m glad you’re not using that one (is it called reCaptcha?). From my experience, it is tied to Google and does not work for me. I like your uninvasive solution. Should that cease to work at some point (when automated bots start to get smarter) you should switch to some sort of custom sematic captcha. I like the approach that’s seen in the NetBSD bug report form (look at their captcha at the bottom): http://netbsd.org/cgi-bin/sendpr.cgi?gndb=netbsd

  2. I recall a spam trap method that involves a checkbox that only a spambot can detect, and is tricked into either checking or unchecking it. I’ve thought about using something like that on my own blog, but I’m not (yet?) lucky enough to have enough traffic to worry about things like that.

      1. It’s called GASP (Growmap Anti Spam Plugin), and I used to use it on my sites. At some point, it stopped working. Too many bots were getting through. Check it out anyway, because when it worked, it stopped 99.9% of bots in their tracks. Maybe the developer has fixed it. BTW, I’m now using the same plugin you’re using.

    1. Please don’t advertise a captcha service that does not even work. At least, if http://www.sweetcaptcha.com/ was supposed to demonstrate your captchas, it did not work for me, since it did not even show a captcha. Please test your own service first with a browser that has JavaScript and cookies disabled and third party domains blocked (yes, this includes servers that you don’t control yourself and from which you load unchecked JS libraries) before you consider asking anybody else to try it out.

  3. That’s a fairly simple captcha to use; mine shows a simple addition problem. The worst are those contorted letters that look like they were drawn by Picasso on LSD. By the way, I also use Ghostery, but make an exception in it for Disqus to function when I want it to.

  4. Nate, it’s painless to use, but what in the world is the point of all that spam – is a small family
    of botnets heading nonsense your way or what?

    1. In a word, yes.

      I’m also on someone’s hitlist for hacking/DDOS. Remember in May/June 2013 when my blog went through about a week of being inaccessible? That was a small botnet trying to attack my blog.

      That bot net is still an issue, too. Every so often they change their IP addresses and attack again.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>