CAPTCHA: Ask a smart question

KarmaDude Jan 17, 2007 5 Comments
Web Design

A few days back, after reading Jon Jensen’s attempt at thwarting comment spam by randomly changing the URL of the comment form, I decided to add some level of barrier against comment spam on counterjumper, via an image CAPTCHA.

According to WikipediA, a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of challenge-response test to detect if a user is a computer or not. While trying to add one of those fancy image CAPTCHA’s to this blog, I thought, “Wouldn’t it be smarter to ask a smart question instead?�

As a first step, instead of the image CAPTCHA, I have added a smart question to the comment and suggest-a-link forms. Some of the advantages of this approach are:

  • Simple to implement, better accessibility
  • Better usability (don’t you hate trying to figure out those stupid image CAPTCHA’s?)
  • It can be made to be fun for the user
  • It’s more challenging for the machine to solve
  • It could be educational!

As of now, the “Ask a Smart Question” CAPTCHA is in a test phase to see how much comment spam it will block, and how long it will take spammers to catch on. If the results are promising, I am thinking of extending the approach by adding a pool of smart questions, and a random approach to selecting the questions on the form in order to throw spammers off, especially the ones that find ways to work around this kind of a CAPTCHA.

Update: Counterjumper has been comment spam free since the smart question CAPTCHA was added to the forms. So far so good.
Update: Challenge plugin for WordPress provides the ask a question CAPTCHA capabilities for your WordPress blog. The questions can either be user-defined, a generated math question or any PHP expression. The plugin also has an admin panel to customize everything. However, the spam comment gets into your database before the plugin deletes it.

5 Comments

Add your own
  • Quix0r
    Jan 18, 2007 | 5:55 am

    My question was what cost was for 25 apples when one costs $10. Hehe, that should be very hard to beat for spambots! They may be able to beat things like…

    1+5=

    … because of usage of regular expressions. But they are currently not so smart to implement such analyzing routines.

    But wait, on my blog I have changed wp-comments-post.php to something different. Within the next hour I got spammed again. :( When I have “grep-ped” for that spammer’s IP number I found out that his spambot pre-fetches my posting and then send his POST request to that new script URL. :(

    So renaming wp-comments-post.php to something unique makes no sence and JavaScript-based solutions (no advert here!) like my CPR plug-in will stop users with disabled JavaScript. :(

    Well, for my commenters I can say that my legitimate commenters have JavaScript enabled and so were always able to comment my posts.

  • KarmaDude
    Jan 18, 2007 | 11:09 am

    Quixor, I had to update wp-comments-post.php to handle the CAPTCHA. So far no spam has made it through.

  • Rose
    Apr 11, 2007 | 6:55 am

    Hi! I’m searching all over the net for a script like yours. Is there any chance you have published it somewhere??? I would love to be able to have it and adjust it with my own questions!
    Thank you in advance! :D

  • KarmaDude
    Apr 11, 2007 | 8:23 am

    @Rose, if you are looking for a WordPress plugin, then try Challenge

  • JT
    Apr 5, 2009 | 11:45 am

    I am thinking of extending the approach by adding a pool of smart questions, and a random approach to selecting the questions on the form in order to throw spammers off, especially the ones that find ways to work around this kind of a CAPTCHA. Please post you solution so we can use it to.

Leave a Comment

Trackback this post  |  Subscribe to the comments via RSS Feed

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>