Damn Spam Bots! Too Smart!
Over the weekend I had 4 spam comments posted to the site. Granted 3 of them were from the same bot, but still, this irks me. Last week I implemented a new de-spamming protocol and it seems that it is not tough enough. I am going to leave it in place for a bit longer to see how it goes. I apologize for any spam emails that people get (via comment posts). If this continues, I will update the ColdFusion / HTML code.
Once I had problem with breaking my captcha by spammers, but it was solved with asking to enter result of math operation instead of dummy copying of image characters.
Are you SURE it was a bot? Only thing to bear in mind is that some spammers pay people to submit comments as well. Just a thought. Wouldn't want you going crazy trying to create a CAPTCHA that would fool human spammers!
Are you using CFAkismet? If not you should, we've been using it at my work blog and it's been awesome. (blog.d-p.com)... let me know if you need more info on it, but you should be able to find it at riaforge, or via a google search ;)
what Peter said.. I get a few spam comments each week that are entered by humans.
I use a system that looks in the comment for URLs and compares it with a blacklist that I've built. If a human tries to submit a comment that contains a blacklisted URL (or word actually..) then the comment is rejected. That cuts down some on the human entered spam.
Oh man! I didn't know that some spamming out there was human. How freakin' underhanded is that?!? I guess this begs the question: Who irritates me more, telemarketers that call at dinner time, or human spammers? Hmmmm, yeah, I ask the tough questions.
That CFAkismet service looks very cool. I am surprised that I have not seen more about it. I see that it is not quite a 1.0 release but it is a really awesome idea. I will look more into it.
So far I have not gotten any more spam than the few this weekend. If it pops up again though, I might have to start checking the content of the comment. This is something I'm not crazy about as it's never 100% accurate and I don't want to err on the bad side (and I don't want to build in a manual approval system).
We shall see.