Until today I was using Methylblue’s Simple Captcha. It had worked very well for a long time, but over the past couple of weeks I have began to receive comment spam again. The spam was somehow getting past both the captcha, and despite being obvious spam, it was also getting past Akismet.
Thankfully, I have a third level of defense in that comments go into moderation. I never disabled that option despite having both a captcha and Akismet running on this blog.
Here are some ideas about how the spam was getting through..
- Spam bots are exploiting a weakness in Wordpress v2.2.2 (I’ll finally upgrade after this post)
- Someone has discovered a way around certain kinds of captchas
- They could have simply found a way around this one specific captcha due to its popularity
In any case, I have switched to an image captcha.
Please note that the Flock browser has a minor issue with this new image captcha, and I do not know if this problem is also present in Firefox. When you click on the box to enter the data from the captcha, the text box immediately above it instantly gains focus. This prevents you from typing into the captcha box.
An easy work around for this issue is to use the Tab key on your keyboard to cycle through the text fields instead of manually clicking to move from name, to URL, and so forth.
Hopefully this will fix the spam issue.. if not, then I suppose that there are other steps that I can take.
~Steph
Comments
I’ve found about 1 in 1500 spam comments seems to get through my Captcha plugin currently. Which is far more than I ever thought would!
Though I also noticed that most of the ones that got through didn’t generate an email notification either. Which suggests a wider WordPress exploit…
Hello Max,
I was actually leaning more toward a problem with Wordpress than with the plugin. It had been awhile since I updated so I was hoping that an update would patch whichever hole they were using to get through.
Anyhow, I think the biggest failing here is Akismet. I don’t see how it could possibly not catch bolded text strings that say “gay horse sex” and various other trash. 
Indeed, the fact that the spam got passed askimet too makes me think some people have figured out a way to post to wordpress blogs that bypasses the usual checking procedures..
Although you’d think we’d be getting a lot more spam though, so I guess it’s probably not the case.
Well for what it’s worth, the new captcha isn’t doing any better. In fact, just like you Max, I had a spam comment go straight to moderation and an email was not generated for it. I only noticed it when I saw my control panel this morning.
I have to agree with you ‘ol chap, to me this seems like they’re exploiting something in Wordpress. I do wonder why it’s not more common as yet.
-
About Moi
Steph is a college student at Pittsburg State University, majoring in psychology. Read my about page for more information.
Recent Photos
