Surpass Hosting

CAPTCHA vs. Questions

Published on Tuesday, April 24, 2007

Flashback to December of 2006: the Surpass forums started getting a lot of fake registrations from spam bots. They’d target one or two forums and post a few messages upon sign up. Needless to say, this was getting annoying. Nothing is worse than clicking New Posts and seeing a lot of garbage.

There are a few ways to stop the automated spam. You can have admins manually approve registrations around the clock, but that’s working harder and not smarter. Our solution came to fruition in this thread. We have a vBulletin plug-in called NoSpam! - an alternative to CAPTCHA which was found in the vBulletin.org forums. It allows you to add a simple question to the sign-up form, in the place of (or in addition to) the CAPTCHA image. Our secret question asks “What city is Surpass located in?” and the user has to type in Orlando. May will mark our sixth spam free month. This plug-in has worked 100%. I still see those slimy bots hitting the boards they used to have their way with and getting an error on the sign up page. Too bad they can’t get in. So far it seems that NoSpam! is the only permanent and no-fail method available. Not to mention easy.

Ok, it’s easy for us, but mildly inconvenient for new users. Even so we are still getting a regular rate of sign ups per day. Would it be better for our new users not to answer this question? Sure it would. The less questions during a sign up, the better. When I see that the bots haven’t been around for a few months I will remove the question, but so far they seem to be hard coded for life.

After seeing the great success of this plug in, it makes me wonder why any site uses CAPTCHA still. Obviously it was not a “firewall” for the bots we’re dealing with. It seems many sites have been using the “question” method for quite some time now. Another example of the method is called QAACK (Questions and Answers Answerable with Common Knowledge) described here; this was posted a month before the NoSpam! vB plug-in was made. 

Comments

1. BrandonPosted on Wednesday, April 25, 2007
I am seeing more and more blogs use this feature... Sometimes they don't ask a question and just say... Type, "I hate spam too" without quotations in the little box.

2. Mike HauglandPosted on Thursday, April 26, 2007
I'm against the use of either. In either case, it's an extra step for your user, regardless of how "easy" it might be. I know for a fact both bother me so I'll often not do something that requires either unless it's important. Should I bring in the factor of accessibility? Questions may not have that immediately pegged against them, but CAPTCHA is just terrible. I'm in favour of services like Akismet or even the trick of getting the bot to fill in a field that the user can't. I realize that Akismet wouldn't work well for blocking registrations, but I don't see why it or another service wouldn't be if they started collecting that data.

3. Markus G KlötzerPosted on Thursday, April 26, 2007
I wish something like that was available for my blog. In fact the amount of spam I received has more or less put me off blogging as I don't have the time to moderate any comments - I just in the end turned off commenting after deleting thousands of viagra and casino messages

4. JordanPosted on Sunday, April 29, 2007
H, although I would oblige to agree wholeheartedly with you, there are times when you just can't rely solely on a backend system to apprehend spam at the doors. I've been having problems as of late with spam getting PAST akismet and making its way on my blog. For now I've applied another backend measure in hopes that the two coupled together will prove its job, but if that fails, I wouldn't mind using a simple no-spam prevent. With wordpress my favorite is the "math spam" plugin. You do the simple addition math before your comment, and voila. Otherwise I detest captcha especially when it's curvey, bent, on a horrible background, backwards, upside down, reversed... ack!

Post Your Comment



Older Entries
Newer Entries

W3C valid XHTML 1.0 Trasitional. Document validates as CSS3.

© Copyright 2002-2008 Surpass Hosting, LLC. All rights reserved.