Apathy Sketchpad

The day after this website went live I noticed I was getting spam comments roughly once every two hours. This was, of course, terribly annoying, and so I’ve ditched all of WordPress’ in-built spam protection and replaced it with some I wrote myself (based on an idea I ripped wholesale from xkcd).

It requires that the user answer a simple question. Currently it requires them to play a short word-game: identidy some vowels or reverse a random string or something. The clever part is that both question and correct answer are generated by the form and then transmitted to the recieving file together. The correct answer is encoded in a hash, with a pinch of salt in case the spammers get any clever ideas about replacing the hashed answer with a hashed version of the answer they provide (the salt is generated from the other hidden form input so it isn’t explicitly transmitted and therefore can’t be intercepted), so there are no issues with the server forgetting what question it asked you if you have the page open too long, and the only way I can think of to spam my comments now is either to specifically code the bots to answer my question (which happened once, and thanks to my forward-thinking modular design it took me less than two minutes to replace the question), answer the question manually once and then reuse the same answer and answer-hash in the future (which will only unlock one page, which I can easily fix by altering the salt) or to pay people to spam it manually. It would be a simple enough hack, also, to store the answer-hash from each comment and block any future comments with the same hash.

It could, of course, stop really stupid people from posting comments. Personally, I don’t mind that at all.

If having to pass my little Turing Test every time you want to post a comment annoys you, then you should register an account here. Registered users are not required to do this, since they have to complete the same captcha to register in the first place.

If you’d like to implement my cunning system then contact me and I’ll help you out — I’d also appreciate anyone who wanted to help turn this into a proper WordPress plugin that anyone could easily install with the basic WordPress API. I’ve found it’s a good idea to add a line of code to comment.php to mark all trackbacks as unapproved (or even as spam) as there’s no way to apply a captcha to a trackback page.