I thought I’d tell you about a plugin I installed a week or so ago that has completely removed all automated comment spam from this blog.
It’s called Clickcha and what it does is present a small random clickable image with instructions on where to click such as “click the smallest number” or “click the biggest square”.
The beauty of this is only a human would know where to click. So all those spammers using tools that automatically leave spam comments on blogs are out of luck.
Interestingly, it seems that ALL comment spam has stopped. In fact, even those comments I used to get that were what I would call borderline spam have stopped too. I used to deal with those by looking at the URL, and if it was anything to do with herbal remedies or gambling etc, I’d mark it as spam and let Akismet deal with it for other blog owners.
So just stopping to think about that one for a moment, it seems to be true that there’s a lot more automated blog comment spam must be going on than you’d think.
In fact Akismet hasn’t had to deal with one item of spam since I installed Clickcha.
That’s pretty cool and is definitely a plugin worth getting.
Update: I’ve had a couple of problems getting Clickcha to work properly on another site and I had to edit the comments.php in order for it to work. I’ve also had a subscriber (hi Larry) tell me that he clicked the smallest number and it deleted his comment from this blog. I’ve also just found a load of comment spam in Akismet, so Clickcha doesn’t quite seem to be doing what it’s supposed to at the moment and I’ve now deactivated it. The concept is good though, so lets keep our eye on that one.
-Frank Haywood
Hey Frank,
That is a very interesting find. Like you say, there is still the odd one that slips through the net with Akismet, BUT, with this there is no way for robots to get past it 🙂
I just hope I am intelligent enough to work out which circle to click on…lol
Talk soon,
Paul
Hi Frank,
I am the developer of Clickcha. Thanks for reviewing it on your blog. Please let me know the problems you faced on your other blog and I’ll try to fix them.
Let me clarify the other two issues.
1) Clickcha does not touch existing comments. So it cannot delete comments. It merely blocks or allows the comments at the time of submission.
2) The other spam you are seeing in akismet could be pingbacks and trackbacks. As they are supposed to be automated, Clickcha ignores them. If you don’t want pingbacks/trackbacks you can disable them in the WordPress discussion settings.
If the spam you are seeing in akismet is not pingbacks or trackbacks please let me know and I’ll investigate.
Hi Saurabh,
I LOVE the idea you’ve come up with here, so I’m glad to help if I can.
The spam I was seeing here on this blog wasn’t from trackbacks or pingback, but was the usual comment spam (meds related) I’m used to seeing which I’ve always assumed was created by bots.
I’ve always thought it safe to assume it was from bots as a real person wouldn’t continue to post spam when it was clearly going into moderation. Although having said that, it’s entirely possible it was all from different people.
Over the last couple of years I’ve read that for instance various big-name captcha systems have been broken, and even semi-automated work rounds developed where the bot software presents a pop-up to the user for them to manually enter the code.
Maybe something like that is going in the case of Clickcha? Spammers do seem to work really quickly nowadays and also seem to have money or the skills to develop workarounds at speed.
Here’s a couple of thoughts for an alternative.
Maybe supply a graphic of some sort, and some radio buttons? Click the correct radio button before clicking submit.
I also had a suggestion for using Figlet to create a non-graphical captcha that would work on servers that didn’t have GD support.
I hope this helps.
-Frank
[…] belated “thank you” goes out to Frank Haywood for posting about Clickcha. Frank runs a great blog, makes some great products that are actually useful, etc. Take a moment to […]
Yes, big name captchas were broken. BUT – what i see as a benefit for click-based solutions, at least you make life easier for normal visitors, while level of sophistication it provides for both pure bots or hybrid systems is still comparable with text captchas.