|
|
Stopping blog spam bots
with CAPTCHA
IT Humor Burleson Consulting |
Now that blogs have afforded millions of people the opportunity to become
published authors, the issue of protecting against blog spam has become a
serious issue. The CAPTCHA (Completely Automated Public Turing Test to
Tell Computers and Humans Apart) has been somewhat successful.
Spammers are getting more sophisticated and all bloggers must be able to
protect themselves against spammers who might use their blog to publish illegal
or pornographic information. In traditional
publishing, editors carefully vetted all magazine, newspaper or periodical
content since the publication is the sole
responsibility of the publisher.
The next generation of anti-spam verification
As warped letter recognition becomes useless, we will need to come-up with a
CAPTCHA image that requires non-procedural intelligence. For example, we could
require simple math problems as verification that the blog commenter is not a
spam bot:
As the anti-spam technology becomes more flexible, bloggers can put-in
whatever verifications that they desire, and they can use their anti-spam
mechanism to ask subtle questions, using CAPTCHA for testing general knowledge of current events:
You can also create anti-spam verifications in CAPTCHA that ensure that your blog
comments are in-line with your own personal opinions and values:
For technical blogs, you might use the anti-spam CAPTCHA mechanism to
ensure that everyone who posts comments has a general knowledge of the computer
industry:
For teenagers, you could test their knowledge of the popular cartoons and ask
trivia questions:
For the kiddies, animal questions are always popular:
The more adventurous bloggers could incorporate sick humor, double entendres
and off-color jokes into their blog comment verifications:
Note: Above is just an example of a sick joke, just a joke, no harm
intended. Please don't send me e-mails!
The current trend towards more sophisticated anti-spam verification also
presents some important commercial opportunities.
Paid advertisers anti-spam verification
In just a few years we may see corporate sponsorship of CAPTCHA anti-spammer
verification questions and this could become a huge industry as advertisers leap
upon the chance to make consumers type-in their company name:
Advertisers currently spend billions of dollars every year on logo
recognition and these corporations may spend big dollars to get their products
into blog user verification questions:
USA blogger anti-spam responsibilities
In the USA, The
Communications Decency Act (CDA) section 230 and the Digital Millennium
Copyright Act (DMCA)
exempts online publishers from responsibility for content published by
other people. However, this is only in
the USA. In some countries,
hosting defamation or pornography is highly illegal, even if you did
not publish it yourself and you have a duty to police your blog for
illegal and infringing content. |
|
These protection are great for the USA, but if your blog is read overseas,
beware. Remember, bloggers are publishers, and you have the same
responsibilities as any other publisher to ensure that your blog does not
contain anything illegal, stolen (copyright violation), libelous, or defamatory.
Let's take a closer look at how you can prevent automated spam robots (bots)
from littering your forum or blog with illegal content.
Anti-spam bot CAPTCHA verification
Spam bots have become very sophisticated and they are now capable to
registering user ID's and posting spam on many message boards and forums.
In order to thwart the spam bot programs, many blogs and forums have been forced
to incorporate "image-based" tools to thwart the spam bots:
But we must remember that the spammers
have a huge incentive to pollute your blog with links to the latest 401
scam, penile enlargers and photoshopped porn pictures of famous people. |
|
Even though spam is
illegal in many states, you are still not fully absolved of responsibility
if your blog or forum is read in jurisdiction with strict laws against invasion
of privacy, copyright infringement, defamation, and pornography. Even in
the USA, hosting a blog that has kiddie porn links and photos will guarantee a
Federal search warrant, even if you did not publish the offensive content
yourself.
The flaws in letter recognition technology
It's only a matter of time before the spammers use the technology that
recognizes cursive and distorted writing. For example, the genealogy web
site www.ancestry.com has developed
software to read and digitize scribbled handwriting.
Today, word verification procedures extract random jpg images from a database
table, display them, and match the response to the table's string value:
The internal structure of anti-spam mechanisms
As we have noted, it's just a matter of time before these letter recognition
schemes are racked by the spam bots and we will need to incorporate more
sophisticated images that are beyond the reach of traditional procedural
programming.
This is only the tip of the iceberg. At the end of the day, web bots
can become as sophisticated and a human being and CAPTCHA will have to evolve. As time passes, web
publishers will always be challenged to verify that their forum and blog
comments are not generated by automated spammers, and it will always be
problematic to positively prove that the person publishing on your blog is a
real, live human being.