More comment spam prevention

These spammers are a relentless bunch. The more spam-prevention measures you add, the smarter their bots get. For instance, Movable Type’s spam prevention for email addresses was merely changing the “@” to its HTML entity code of “%40” and has long been circumvented by spambots. Even installing MT-Blacklist only reduces your burden; it doesn’t eliminate it. (Though checking my MT Activity log tells me that it catches a LOT of comment spam.) The fuckwits have now started comment spamming with legitimate urls like “” to get you to accidentally blacklist non-spamming sites.
The only feasible solution is to put in what’s popularly called a “captcha” – a security code verification that needs a real human to manually enter a random number into a box before posting a comment. So that’s what you will now see on this site. To make it easy, I have used only a 4 digit code. This will change each time you load the page.
The captcha system is easy enough to install if you’re a techie though it involves some mucking around in the MT code itself. It’s only ineffective against manual comment spam but most spammers don’t bother with that. Also, it doesn’t work well with MT-Blacklist and you’ll have to disable MT-Blacklist if you want the captcha to work. (Yes, I found this out the hard way after about 30 minutes of cursing.) Lastly, this means that blind readers won’t be able to comment on your site, but I’m not particularly worried about that since this is a personal site.
Update (15 November): To all the people who’ve mailed me asking me to install it on their web sites, please go RTFM and do it yourself. I have neither the time nor the inclination.
Personal note: The Hindu has done a full-page story on three people who have made a career shift to the food business and yours truly is one of them. (The full-length version of that photo is here.) Of course, they mangled some of my words. For instance, the lady asked me if I cook in the kitchen and I told her that like most executive chefs, I am not into hands-on cooking regular food every day. This got twisted to make it sound as if I’m not involved in the kitchen. Also, I’ve been cooking for 15 years and I didn’t learn it from just one dude. Oh well, you take what you get…
I’ve also written a two-part article for on how to start a restaurant. (Part 1 and Part 2). Actually, I wrote the article way back in August. Then the person handling the new career section left Rediff and the section resurfaced only 3 months later. Unfortunately, the editor saw it fit to inject some of her own editorial “style” into my article, which pissed me off royally, especially since I edit myself ruthlessly. Rediff also does the “follow Jakob Nielsen blindly” dance and chops all paragraphs, regardless of continuity, into no more than two sentences each to “improve readability”. Whackos!

14 thoughts to “More comment spam prevention”

  1. Great to read the rediff and hindu articles. And nice recipes and tips at your chef’s corner too!
    BTW, did Hindu quote your right when they said:
    “I was pained by the fact that a company could sack one-third of its employees overnight.”
    That statement jeopardizes your position as a cartel member :)

  2. Niket,
    Actually, it’s both a mixed-up quote as well as some misinterpretation on your part. ;)
    The reporter asked me about my previous life as a techie and how I quit etc. I told her about my last full time job as a department head of user experience at a certain web solutions company. This company laid off a third of my department one night without asking or telling me about it, after many assurances that nobody would ever be laid off. When they did that, I was damn pissed off and walked out of that company the next day on principle.
    I’m not questioning, however, the right of a company to hire and fire whoever it wants.

  3. CAPTCHA the spam bots

    AnarCapLib has installed a new feature that will give it a leg up in the war on spam bots, the bane of comment-enabled webloggers everywhere. As good as MT-Blacklist is, the approach taken by AnarCapLib looks like a good addition. The site uses a very …

  4. Thanks for the plug, Yazad, and you’ll be happy to know that just as that comment was posted, a new recipe went on my other site.
    (Just for that, I have jazzed up your comment spam prevention system.)
    Jitendra bhai, mera naam “Madhu” hai, “Madhoo” nahin. ;)

  5. Why not just remove the post button and let every comment go through preview ? That way you won’t need to put such complex spam prevention systems.
    And I need to type the number twice if I have to go through preview. You might as well remove the preview button if you think no one uses it.

  6. Sid,
    Why not just remove the post button and let every comment go through preview ?
    a) Because some bots have already worked their way around this.
    b) Most people don’t bother with a preview, so it’s just a forced extra step.
    You might as well remove the preview button if you think no one uses it.

    You will notice that the preview button order has been changed. It’s the second button, not the first. It’s there so that if people type in some HTML, they can see how it will look.

  7. Defeating CAPTCHAs

    If you have commented on Yazad’s or Madman’s weblogs, you must have noticed the small images with numbers in them. Called CAPTCHAs, they literally expand to Completely Automated Public Turing test to tell Computers and Humans Apart. As you may have gue…

Comments are closed.