Eureka! Quesca!
Wed Feb 23, 2005 21:21 (UTC -5)I finally finished tinkering with the blog after upgrading to the new version of WordPress, version 1.5.
Before (and, for what it’s worth, after) the upgrade I had been receiving some comment spam. I thought about downloading a plugin for WordPress that would generate a CAPTCHA test (you know, one of those images with a number or code that you have to retype so they know you’re a human and not a computer) that a user would have to pass for their comment to appear. And I was going to, too, were it not for:
- WordPress 1.5′s seemingly okay controls over comment spam, and
- A fabulous idea I hit upon while editing these files to make the blog layout smooth again.
I was editing the comments form so that the name and comment fields would be required, but not the e-mail or URL fields. I assumed that one of the magnets in a blog that draws comment spam (besides bloglike keywords) is the presence of a form with input boxes called “name,” “email,” etc. Would spamming scripts know what to do with a field that, in the internal workings of the page, is referred to as “heyMyNameIsDave”?
So, I thought, a CAPTCHA script tells a human and a computer apart by generating a random number (or word, or mish-mash of letters and numbers) and encode it in an image so that a program theoretically can’t read it. But would a program designed to spam be able to answer a simple question? For example, “What is two plus two?” Well, yes, they could be programmed to recognize such simple questions, but why would they?
So, the easiest and most obvious way of keeping comment spam from reaching me is to pose a question that anyone can answer. (I’ll probably use “What is two plus two?”) Make it a required field, just like the name and the comment, so when the form is submitted, the script will check to make sure the value of heyMyNameIsDave is 4. If not, then the script dies and outputs a simple message to go back and answer the question.
This has the advantages of a CAPTCHA (not likely to be read by computers; easily answered by humans) without the disadvantages (large, slow scripts; incompatibility with blind or visually impaired users who use a screen reader).
Even though I’m sure someone has thought of this before, I shall christen it myself. I’ll call it… quesca (question spam programs can’t answer). Well, we’ll see about that as soon as I put a quesca in the comment form.
[Edit -- Mar 21, 2005 21:43 EST: I thought it would be a good idea to include here the code I used to make this highly effective method possible. So, copied directly from a later post, here it is.
First, add this to your /wordpress/wp-content/themes/[name of theme]/comments.php file after the comments textarea:
<p>2 + 2 = <input type="text" name="heyMyNameIsDave" size="1" maxlength="1" />
<span style="font-size: 8.5pt">(Enter the correct answer. This is a simple <a href="/archives/2005/02/23/eureka-quesca/">quesca</a> test to make sure you're a human being and not a spamming robot.)</span></p>
Now go to /wordpress/wp-comments-post.php. Right under these lines:
$comment_author = $_POST['author'];
$comment_author_email = $_POST['email'];
$comment_author_url = $_POST['url'];
$comment_content = $_POST['comment'];
add this line:
$heyMyNameIsDave = $_POST['heyMyNameIsDave'];
And after these lines:
if ( get_settings('require_name_email') && ('' == $comment_author_email || '' == $comment_author) )
die( __('Error: please fill the required fields (name, email).') );
add these:
if ('4' != $heyMyNameIsDave)
die( __('Error: please enter answer the question after the comment field correctly.') );
If you know how the code works, it should be pretty easy to configure it to your liking. All it does is create another field and doesn’t post the comment if the field doesn’t have the correct value.]
Make your own tiny pixel font online! I haven’t really tried it yet, but it looks cool.
6 comments
#1 by Bitch | Lab: Sat Oct 29, 2005 13:42 (UTC -5)
And thanks for point readers at this, too. I haven’t gotten any comment spam — yet– but no doubt it’ll happen soon enough.
#2 by Bitch | Lab: Sat Oct 29, 2005 14:17 (UTC -5)
I told my partner about this and said, “Keep spamdexers off your site. You have to answer 2+2 = ?. So, I guess it’ll keep dummies away, too. :)
I think I’ll modify this so, first, you have to answer an impossibly hard question.
#3 by Jordon: Sat Oct 29, 2005 14:19 (UTC -5)
For the record, a quesca will defeat automated comment spam, but I can’t think of anything that would block automated TrackBack spam. If you don’t get a lot of TrackBacks (or if you get none, like me) I would recommend disabling them. I don’t know why I myself haven’t done that yet.
#4 by Luke: Tue Mar 07, 2006 19:16 (UTC -5)
Thanks. It works nicely for the Pompano Pulse now. I’m considering changing the question, but how can I write a PHP code that checks the question “What’s your favorite color?”
#5 by Peter: Fri Sep 15, 2006 16:26 (UTC -5)
I used this on my blog to handle my comment spam I have been getting. I hope you don’t mind.
#6 by Jordon: Fri Sep 15, 2006 16:33 (UTC -5)
No problem; I encourage it, actually. I think I’ve had to tweak the code once or twice to get it to work in newer versions of WordPress, but you shouldn’t have any problem adapting it yourself.