Implementing Captchas
Sunday, August 24th, 2008With the comment spam continuing to pour in I caved in a and implemented captchas for comments. While a solution using mathematical computation such as that offered by the match captcha plugin for wordpress, since the are only host defendant (rather than having to rely on some other 3rd-party service), this particular plugin was only certified to 2.3.1, and I could not get a working download. I capitulated to the web 2.0 way and installed WP-recaptcha, which provides a nice wrapper around the recaptcha.net service.
Installation was simple, with registration required in order to obtain two APi keys for use with the service. What interesting about this solution is that rather than just mutating words, a two phrase system is sued. One of the phrases is a known word, and th eother is a word that is taken form a ocr scan of the NYT or Internet Archive, ans has not been correctly identified by the ocr software. Thus there is a bit of community mindedness involved as well, as these words are interpreted. More on the gory details can be found here.
What does interest me tho is that this will not offer any protection from ‘pingback’ spam whihc is being submitted via the xmlrpc interface, but should still at another layer to the security onion.
