Version 0.1 released! | Peter's Random Anti-Spam for WordPress | Forum

Sure, post your idea here. I don't really consider them to be negative comments. It is true that CAPTCHA does not always work. However, it foils most spambots and can be part of a comprehensive anti-spam solution. The filter solutions can never be perfect either — they will also produce false positives (thus filtering out legitimate comments) and let some spam comments through. I recommend using both an easy-to-read CAPTCHA and a filter.

That's a great idea :D

In my opinion, the challenge is to structure the plugin so that the answer cannot be guessed by any of the information available in the HTML code, without using cookies or JavaScript.

In other words, there has to be no mapping possible, except by someone reading the image.

For example, with my Custom Anti-Spam plugin, there's a set number of words, so if you were to, say, define only two anti-spam words ("bottle" and "cookie"), antispamgenerator.php?id=1 (visible in the code) would always generate "bottle" and antispamgenerator.php?id=2 would always generate "cookie".

With the Random Anti-Spam plugin, there isn't a set number of words, making it a lot harder to map, but still very possible. Something like antispamgenerator.php?id=325skfjasdf3 (again, visible in the code) will always produce an image that says "2ccffd".

In both cases, of course, you can periodically change the mapping, by either switching the words or switching the encoding key. A much stronger defense would automatically shuffle the words or encoding key with a cron job.

Any ideas on how to overcome this sort of mapping for a math problem, or is it something we'll just have to live with? We still have to feed the image generator some sort of information (visible in the code unless we used $_SESSION, which requires cookies) that would let it know what numbers to output...

Thanks for the link!

I'm resigned to the fact that there will be spambots who will read my CAPTCHA images. As was discussed in the podcast, if the spambots can't be bothered to read the images, some feed them to porn registration pages as "pretend" anti-spam images. They gather the user input on the porn registration page (which doesn't actually check what was entered) and forward what was typed back to the form they're trying to spam. This process (duplicate image; collect user input on another site; forward that user input to the original site) can happen almost instantly.

However, I am willing to put up with a spam message every once in a while instead of making it too hard for human visitors to read the anti-spam word or excluding certain visitors from being able to comment (that being said, it's on my list to add an audio option for anti-spam words as a built-in feature for visually impaired users!).

I think I've finally solved the mapping problem though :D

I'm testing out the next release of the custom anti-spam plugin (it will be 2.9.0) on theblog.ca. Basically, the new version generates a new anti-spam word mapping for each visit and stores it in a database table. Once a comment for that mapping goes through or 24 hours has passed, that specific mapping in the database table is deleted. If all goes well, I'll also implement this framework for the random anti-spam and possible math anti-spam versions!

The "Math Required" plugin came with the forum and I haven't had any spam yet. However, the forum posting system uses JavaScript, which is a barrier for spambots (but also for a fraction of human visitors as well).

The Custom Anti-Spam Image, Math Version is mostly ready... I'll be testing it out on my blog next week, hopefully for release in early September.