I forgot to say that by doing so, I am not annoying users at all. They can post comment anytime they want, and don't have to go through deciphering the ridiculous word-skewing that is indeed very painful.
Are you sure that's a "u" and not a "v"?
Even so, this isn't really an exam :-)
It's enough that one person desn't get it, or a person who needs glasses can't really decipher it to know it's not good enough..
"I have solved comment spam in my blog by preparing a special URL when the user clicks post. This URL has one or more parameters whose values are checked on the server-side, and are used to block any automated comment being made. "
I must be missing something, I just don't see how that would prevent bots
"I must be missing something, I just don't see how that would prevent bots"
Let's take an example. When the bot arrives and grabs my comment page, they get the html of the whole comment area block with an url of the form http://.../?timestamp=12.
By the time the bot automates clicks, it usually takes days often weeks, the server-side expects a different timestamp. Thus any attempt to add a comment with timestamp=12 is stopped at the door.
For the spammers to work around this, they need to rewrite urls in such a way they know it advance what the server-side expects.
That's why it works. It blocks all comment spam.
To be accurate, if your timestamp is say the "day of the year" then it won't stop all the comment spam you could get the same day you are posting an article. While even that is solvable, I don't see it a problem in practice. I have figured out that most of the comment spam that was being automated on my site was the result of pages being crawled days later (often pages grabbed from aggregators like technorati, or simply search engine results).
It does not work for trackback spam, but I am working on that too. If you have any idea, let me know.
For Stephanie Rodriguez (and others with the technical knowledge),
I run a website for a barbershop quartet who's just recently managed to receive some ire from the spammers that be. I wish no ill will towards them, but I just recently stopped a guestbook hack that had all but paralyzed it. Now the spams left by 'comments' or e-mails haev gone from MAYBE 1 a month to over 50 a day. I'm at a loss of what to do, and your timestamp idea sounds ingenious :) Any ideas? If you're interested in seeing the guestbook or what I'm working with, feel free to check out the website above (equitybarbershop DOT net). Thanka and take care! Chris
I'm with you. I don't understand why it helps to make the script in a word verification puzzle sometimes nearly illegible. Why can't they just use a standard script each time?
Not "puzzle": picture, of course. Freudian slip?
Some sites use verification in which several letters and numbers get very confusing - like "i" "l" and "1"
Completely annoying
Can you give a solid example of your time stamp solution to comment spam? Like to which blog were you doing this with ? (word press) It does appear a very simple solution! Infact it appears to simple and too perfect. I didn't think spam bots posted on comments days after, I thought they posted as they crawled them. If this timestamp works - why hasn't anyone else seen this? It seems a perfect solution for comment spam, if the post timestamp is say more than a hour out, ignore it. Could it really be that simple?
Has anyone seen the word verifications at hotmail? lol. Those things cannot be read, and when I listened to it. I have to listen over and over to hear what the kid is saying, Then over and over again because it is so fast lol. Then if I made a mistake I have to try again....very annoying.
We are thinking of adding a feature like this to our web site, but does it have to be that hard to read?
The word verifications are hard to read so that OCR software cannot read the image & translate it into letters.