By Shamus Posted Wednesday Nov 21, 2007

Filed under: Notices 15 comments

Peter Keung, author of Peter’s Custom Anti-Spam left a comment here, letting me know that there is a new version out that will recite the captcha as an audio file, so that vision-impaired users can still use the plugin. Nice.

And this is a good time to point out how great the plugin is. Once in a while a new reader will leave a comment along the lines of “Hey! Your anti-spam thing is broken and always shows the same letters!”

But it isn’t broken. It’s working as intended. My original post on the plugin explains why the phrase is always the same. My traffic has grown quite a bit since June (although it did take a hit when DMotR ended, it’s still up from June) and I still don’t have to deal with spam. How many attempted spams do I get a day, I wonder? Hang on a second…

…Okay done. I turned off PCAS for a few minutes just to see what would happen. I expected a crushing deluge of crap, but it wasn’t nearly as extreme as I expected. They came in at about one a minute. Now, this was very unscientific – spams often come in waves – but it’s probably a safe guess that I’m getting somewhere in the low thousands each day.


From The Archives:

15 thoughts on “PCAS

  1. Another thing to consider: add a ‘rel=”nofollow”‘ attribute to all your outbound links from the comments. That’s a good way to play safe in the doubtful event that your system is subverted.

  2. ShadoStahker says:

    Leonardo – it’s already doing that. In fact, WordPress does that by default.

  3. ChattyDm says:

    I loved the idea so much that when I moved to WP, one of my readers sent me the plugin and I copied your scheme… (I just added all the standard D&D dice since I have a D&D blog).

    It was actually my main motivation to move out of blogger as I was also being spammed and the captcha of blogger is hard on Dyslexics.

    Thanks man!

  4. Roxysteve says:

    Dyslexics can sisk my sas. Kidding! Owowow!

    [Shamus] I found it amazing that people who should have been supportive of your need to shave time out of the day for such (worthwhile) fripperies as DMotR were actually shouting the secret of the capcha all over the place.

    What’s the best that could have happened? You changoing the damn thing and inconveniencing them more than they were already?

    I cannot understand the mentality that does not figure that equation out for themselves and keep their traps shut.

    I have passed on your elegant and head-slappingly effective method to others agonizing over how to achieve bloggus nonspamito and had them reply with some “simpler” method that has always been oodles more complex and required more effort on the part of the commentator. I don’t understand that either. Maybe it’s a geek thing. Too proud to go for the easy gold. I dunno.

    I remain slightly awed by how easy and elegant your method is and was, and should I ever be in a position to need a capcha that I can author myself, I will absolutely try your method first because I am lazy and truly believe in not reinventing the wheel.


  5. M says:

    It’s probably because I’ve never had a website, but “low thousands” daily sounds like a pretty big number to me.

  6. Eltanin says:

    This brings up an interesting point for me Shamus. I was just thinking last night, “I wonder what the traffic on TwentySided has been like since the end of DMoTR?” Yes, I was thinking about the gritty details of your website while trying to fall asleep. No, I’m not sure what’s wrong with me.

    But anyway, I’m looking forward to the next traffic tracking post with cool graphs and charts ‘n stuff.

    As for spam, it’s amazing isn’t it? It makes me shake my head in wonderment. I guess it’s a kind of evolution. There’s this background radiation of spam to provide just enough adversity for websites to adapt or be buried under V1AAAAAHGRA messages.

  7. Mark says:

    My blog is considerably less popular, and a couple of weekends ago I got hit with somewhere on the order of 3000 spam comments in just a couple of days. Most of these were moderated by MT, so they didn’t see the light of day, but it was quite annoying. Before that and after that, I get a slow trickle of about 50-100 spams a week. So yeah, they come in waves:P I am considering using a little javascript plugin that’s supposed to cut down on spam, but I’m too lazy to install it.

  8. Thomas says:

    I actually wrote my own captcha system for my gallery rather than retrofit another one. It made sense at the time, as the gallery was entirely custom code. Mine actually works differently to most – rather than typing a word in, you get told to choose one of three shapes (displayed with alt text). I went for that after having run into too many traditional captchas where the word displayed is ambigous or unreadable (e.g. digit 0/letter O, el l/eye I). It’s actually inspired by a friend’s system, and the only spam that came through once I tweaked it appears to have been human-generated (I had some early problems where spambots always chose the first image, and so had a 1/3 chance of success).

  9. Rustybadger says:

    I have been using PCAS for some time now (I think I was one of the original suggesters of this to Shamus back when), and it still rocks the comment casbah. Shamus’ method is very elegant; I always tend to throw more options in my installs of the plugin, since I like to amuse my regular commenters with witty automated banter…*wry grin*

  10. Alden says:

    I’d be getting roughly 100 per day if the fake forms on my site weren’t messing with the bot scripts they use. The SpamLookup plugin I have installed barely gets a work out.

    The perfect anti-spam plugin, of course, would be one which emailed the location and description of the spammer to a crack team of hitmen (false positives would be a bummer though).

  11. ChattyDm says:

    But maybe an entirely reasonable and acceptable side effect…. (Just kidding! Of course!)

  12. Alden says:

    Also, regarding the first comment, nofollow is useless from an anti-spam point of view. Even if you have it turned on and the spam that gets posted isn’t counted by Google/Yahoo/whoever, you still have unsightly spam comments on your blog.

    So then you need a plugin which blocks spam from being posted (like PCAS). Occasionally a spam gets through and you delete it manually. That leaves you with nofollow on a bunch of legitimate comments, in which case why bother using nofollow at all?

    Of course, as observed by comment 2, WordPress does that by default, so you have to go to the trouble of installing a plugin to disable it. :)

  13. Kanthalion says:


    The perfect anti-spam plugin, of course, would be one which emailed the location and description of the spammer to a crack team of hitmen (false positives would be a bummer though).

    But you can’t make an omlette without breaking a couple eggs.

  14. Thomas says:

    Kanthalion: what you want is the Trollfilter 9000 PCIMA card, with it’s patended Goonvidia chipset (TM) (Megatokyo #220). The Whack-a-Troll looks fun as well.

  15. Rob says:

    Have you ever heard of ReCaptcha? It’s a great program where Captcha’s serve more than on purpose. In addition to proving sentience, the also help in the mass conversion of historical texts where OCR fails.
    I don’t know if there is one but I think everyone, including your commenters would find it interesting/useful.

Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun. Your email address will not be published. Required fields are marked*

You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>

You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?

You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.

You can make links like this:
I'm reading about <a href="http://en.wikipedia.org/wiki/Darth_Vader">Darth Vader</a> on Wikipedia!

You can quote someone like this:
Darth Vader said <blockquote>Luke, I am your father.</blockquote>

Leave a Reply

Your email address will not be published.