This past week has seen a big increase in the amount of comment spam that has been submitted to this site. So far, all of it, bar one, has been caught by Akismet, however, normally a lot is caught by Bad Behaviour before it’s even submitted to Akismet. Alas, most of the spam has been getting through as it appears to be normal web traffic – the correct cookies are submitted, with realistic user agents and the correct HTTP headers. Michael Hampton, Bad Behaviour’s developer, admits that Bad Behaviour can’t filter out comment spam submitted from hijacked web browsers – presumably through a rogue toolbar or trojan – although version 3.0 of Bad Behaviour should be able to detect this and he is soliciting donations for its development.
But in the meantime I’m getting 40-50 junk comments that I have to review and process every day. So this calls for more drastic measures, in the form of the CAPTCHA plugin.
Unlike image-based CAPTCHAs, these CAPTCHAs are text-based puzzles – you may be asked what three times seven is, and would enter 21 in a box, for example. So far, this has stopped all the spam submitted.
I’m keeping Bad Behaviour enabled because it doesn’t just block comment spam, but badly behaved bots in general, thus hopefully saving bandwidth. And hopefully the next version will render the CAPTCHA plugin unnecessary, as and when it’s ready.