On Wednesday, 3 December 2014 at 08:51:13 UTC, Gary Willoughby
wrote:
On Wednesday, 3 December 2014 at 08:28:25 UTC, Vladimir
Panteleev wrote:
Got it. But we're not going back to reCAPTCHA either. I'm
tired of deleting spam by hand.
Please suggest some ideas (or better, send pull requests).
I got fed up of having spam on an old blog so i implemented a
simple question, click on Darth Vader. Then i had lots of
little images of film icons and would not post anything until
Darth Vader was correctly selected. This sounds simple but the
order of the images was randomised to stop bots and humans
didn't seem to get it. Also if the wrong icon was selected, i
presented a countdown on the page of 2 minutes letting them
know this is a anti-spam measure and they can't post until the
timer reached zero. Anyone managing to post spam to the blog
was IP logged and always redirected to the countdown (once
redirected and once the countdown reached zero it always reset
forever to make it extremely frustrating for them). Yes you
have to put in the effort to log IP's but i found there were
very few persistent spammers. It honestly stopped all spam on
my old blog.
I'm seeing a very large variation of IPs here. The humans seem to
be connecting through a botnet, or a large open proxy directory.
125 IPs banned so far on the forum, for all the good that did. I
suppose I could now clear the banlist, so that any future
visitors happening to have those IPs are not turned away.
For my personal blog, the "Anti-spam" plugin (with no additional
configuration) seems to work fine for now, but it relies on its
relative obscurity. No canned solution would be suitable for an
active forum, it's too high-profile of a target.