Piers Cawley wrote: >> The only other thing we can do is raise the bar some more, >> e.g. require OpenID authentication for all comments. But things >> like that, a spammer can always work around. Unfortunately, I >> really, really, really hate CAPTCHA setups, but that's starting to >> look like the only way to stop it. > > You can get round CAPTCHAs too by re-serving the captcha images as > legitimate captchas on, say, your porn sites and feeding the punter's > response back to the spammed site. Even if you miss the timeout 9 > times out of 10, there's always another punter.
I'm not sure I follow you, but how does this allow a spammer to decode my CAPTCHA in order to successfully post a comment? Ultimately it would surely come down to text recognition, and if the CAPTCHA is good enough (or if it's not even text, or does something really unique) then that would make it much harder for a bot to get a comment through. Though of course, if they submit enough, then it comes down to statistics, and eventually something will get through. But perhaps by then, their IP has been auto-blacklisted. I still don't like CAPTCHAs though... at least not image-based ones. Perhaps I can follow the math problem route, or do something really unique. I remember one blog where it only asked you to enter a very large number. :-) TX _______________________________________________ Typo-list mailing list Typo-list@rubyforge.org http://rubyforge.org/mailman/listinfo/typo-list
