Got Spams?


Do you get spams over the internet? and please I don’t mean the canned meat.

We get lots of spams in emails, and if you own a website or a blog, you will most likely be flooded with spams posted as comments or contact forms. It is quite a big task to filter out those spams and be able to look at the real messages.  Software engineers come up with many ways to detect and block the spams, for emails, I find google email does a pretty good job in blocking spams and also detecting suspicious emails.

But for my blog, I find that I’m getting flooded with lots of spams in the comments area. I’ve tried a number of spam protection plugin on this blog, and have found none of them are effective. In most case the problem is false positive, meaning that it can’t quite identify what is a legitimate message, so just put everything into the spam bucket.

I tried to look for alternative, maybe implementing something like CAPTCHA that will require additional user interface to block out those automated bots.

CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Human Apart”, invented around late 1990s.  Personally, I do not like website that uses CAPTCHA as most of them are very frustrated to use and the distorted words are impossible to read, even for a real human being.

After researching a bit more, I found Google’s reCAPTCHA technology interesting.  reCAPTCHA’s principal is “Easy for People. Hard for Bots”.  The basic interface is just asking the user to click a “I’m not a robot” button.

I believe that this interface show the difference in philosophy used by Google reCAPTCHA.  CAPTCHA try to ask a human to prove that he is a human.  While reCAPTCHA is looking at it the opposite way, only asking the human to prove that he is not a robot.

reCAPTCHA uses behavior analysis of the browser’s interactions to predict whether the user is a human or a bot.  additional captcha will be used as challenges only if it can not successfully determine that the user is a human.  It is called “No CAPTCHA reCAPTCHA”.  The introduction of image identification captcha is also a refreshing idea.

Here is an interesting video for a simple introduction to Google reCAPTCHA:

If you are interesting, below are the steps I used to activate reCAPTCHA on my blog.

You need to sign up for a free Google reCAPTCHA account

  • Just go to Google reCAPTCHA site to register for the service, it is free.
  • You will be provided with all the instruction needed to add reCAPTCHA to your website including a “Site key” and a “Secret key”, which you will need to configure your website.
  • There is client side integration and a server side integration, please refer to the reCAPTCHA documentation for the complete details.

Instead of coding the client and server side integration myself, there are many plugins available out there to do the integration for you with just a few clicks.  For WordPress, I decided to use the Google Captcha (reCAPTCHA) plugin by BestWebSoft, I find this plugin works very nicely, and it is very simple to setup.  You have the option to enable the reCAPTCHA check on various form like login, registration, reset password, and the comment form, which I would recommend you to enable all of them.  Another interesting feature is that you can hide reCAPTCHA in comments form for registered users with different roles, this is handy as you don’t need your administrator to be challenged when they reply to comments.

I’ve been running this plugin for about 2 weeks now, and noticed zero spams so far, fingers crossed 🙂