http://depth-first.com/articles/tag/commentspam en-us 40 Walking the Web of Chemical Informatics <p><a href="http://flickr.com/photos/63056612@N00/155554663/"><img src="http://depth-first.com/demo/20070901/spam.jpg" align="right" border="0"></img></a>If you run a blog or website that allows public input, you've almost certainly been subjected to a spam attack. This is a problem because even one successful attack can eat up hours of time. After a recent spam attack on this blog, comments were disabled altogether. They've now been restored with the help of a more robust kind of protection, which is the subject of this article.</p> <p>One of the best forms of spam protection is the <a href="http://en.wikipedia.org/wiki/Captcha">Completely Automated Public Turing Test to Tell Computers and Humans Apart</a> (CAPTCHA). CAPTCHA comes in many guises but usually consists of a noisy image of some text that a user must enter, like this one from <a href="http://digg.com">Digg</a>:</p> <p><center><img src="http://depth-first.com/demo/20070901/diggcap.png"></img></center></p> <p>There are many CAPTCHA systems. The disadvantage most of them share is that they must be deployed on a server. Depending on your hosting situation and your platform, this may or may not be feasible. D-F is run by the <a href="http://rubyonrails.org">Ruby on Rails</a> blogging software <a href="http://typosphere.org">Typo</a>. Most CAPTCHA systems for Ruby require the installation of the C extension <a href="http://rmagick.rubyforge.org/">RMagick</a> and its dependencies, which is either difficult or impossible on many hosts.</p> <p>I recently found two solutions to this problem, and have implemented one of them:</p> <ul> <li><strong><a href="http://captchas.net">captchas.net</a></strong> This free service generates CAPTCHAs on a remote server, which your own server uses. By writing a small Ruby library and some glue code, I was able to integrate this solution, which is currently running on D-F. Here's an example in action:</li> </ul> <p><center><img src="http://depth-first.com/demo/20070901/dfcap.png"></img></center></p> <ul> <li><strong><a href="http://recaptcha.net">reCAPTCHA</a></strong> Not only does this service generate CAPTCHAs for you, but your users actually help solve OCR problems in the process. Talk about a win-win situation. If this sounds impossible, check out the description <a href="http://recaptcha.net/learnmore.html">here</a>. As an added bonus, <a href="http://recaptcha.net/resources.html">reCAPTHCA APIs</a> are available in a number of languages, <a href="http://www.loonsoft.com/recaptcha/">including Ruby</a>. reCAPTCHA is currently used on popular sites such as <a href="http://twitter.com">Twitter</a> and looks like this:</li> </ul> <p><center><img src="http://depth-first.com/demo/20070901/recap.png"></img></center></p> <p>The struggle against spam is an arms race. Currently, the best weapon for legitimate content producers is CAPTCHA, but even it can be foiled by a determined spammer. If past history is any guide, even more sophisticated forms of spam attacks and countermeasures are just around the corner.</p> <p><em>image credit: <a href="http://flickr.com/photos/63056612@N00/">freezelight</a></em></p> Sat, 01 Sep 2007 11:07:00 +0000 urn:uuid:9a6827e5-e000-4065-b4d2-7f9543f9c244 Rich Apodaca http://depth-first.com/articles/2007/09/01/fighting-comment-spam-on-the-cheap-with-captcha Tools commentspam captcha recaptcha ruby typo