New Comment Policy

I’ve implemented a new comment policy that comments won’t be allowed on posts older than 2 months.  I hate doing this, but last night i deleted 200 spam comments (since i have comment moderation turned on, you didn’t see them), only to get another 200 this morning waiting for me to delete 10 at a time.

So, out of the 400 comments, i found approx 4 that were legit.  not good times.

Comments (10)

  1. It is a shame it comes to this. It was only the other day that I put a CAPTCHA control into my CS build to avoid the spam. I’m guessing that you can’t do that in though.

  2. Roland says:

    I can feel your pain. I’ve run into the same problem with a lot of spam (more than 300 spam comments in 3 days…). Now I have installed spamkarma for my wordpress blog, and it is a lot better. So from my point of view it is totally legitimate to do some restrictions.

  3. saraford says:

    My only concern with a CAPTCHA is that this blog hosts all of my accessibility content, and i’ve heard that many CAPTCHAs are not very accessible.  The last thing i want is my accessibility blog not to be accessible.  Talk about embarrassing.

    If we ( do go down the road of a CAPTCHA, i’ll want to make sure i’m able to test it for accessibility purposes before it goes live (or have the option to turn it off if it isn’t accessible).



  4. Hi Sara, that’s a great point about accessibility.

    I don’t see how it could be used by blind or sight-impaired users unless some was some kind of annotation in the html so that screenreaders would tell them what to enter. I doubt spam engines would be able to find and intepret it if the CAPTCHA value was available for screenreaders.

    Do you have any ideas around how CAPTCHA could be implemented with accessibility?

  5. saraford says:

    The problem is if the screen reader could figure out the text, so could the spam bot.  At the end of the day, both tools are just reading from a HTML file.  If one can find it, so can the other without having some sort of security build around it (authentication?  passcode?).  One of the tenants of software security is never to leave secrets, because eventually someone will find them (same in this case).

    CAPTCHA are effective because there isn’t a spam bot yet (or in mass production) that can do what a human does by visually guessing what the charaters are.  So, in the case for someone who is visually-impared, the trick is to provide the data to them in such a means where they have to guess what the charaters are, where a spam bot couldn’t.  Obviously, a corresponding audio-file would be the way to go, unless (just like in the visual recognition case), there are spam bots out there that can interpret which charaters are being read.

    Bottom line is that if a CAPTCHA is used, audio (or some other workaround) must be provided.  Additionally, it would be great to have a feature for the owner of the blog to "always allow comments from this registered user".   That way if the CAPTCHA isn’t accessible or difficult to use, there’s just a one-time sign up (for both sighted and vision-impared).  So many times i’ve "guessed" wrong at the CAPTCHA.

    Just my two cents how this could work / not work.

  6. Over the last week, I have been reading and commenting about CAPTCHA’s in Sara Ford’s post about her

  7. heaths says:

    Sara and I have talked about this offline, but I did want to mention to others that I have seen a CAPTCHA control on one of Microsoft’s online properties (for the life of me, I can’t remember where I saw it) that has the option for using a sound byte. One would download it, listen to it, and then – IIRC – type in what it says.

    Personally, I’m considering going to the same policy that Sara has here for my blog. I, too, hate the idea but it sounds very effective.

  8. Lately I’ve been reading up on controlling comment spam, since a non-profit I do voluntary work at, has recently got itself a blog, and woe and behold, comment spam as well!

    CAPTCHAs for the visually impaired sounds like quite a technical challenge.  I’m afraid I didn’t follow your reasoning on "The problem is if the screen reader could figure out the text, so could the spam bot.  At the end of the day, both tools are just reading from a HTML file."  I was thinking perhaps something like an ogg file that gets routed to the sound subsystem – or several ogg files that get mixed and sent randomly.

    Mix that in with a screen reader, and you might have some success – for how long I don’t know.

    Just my 0.02c!  Spend it wisely.

  9. I agree with Sara. With my suggestion of adding an annotation in the html for screen readers, the problem is that as that specific CAPTCHA method becomes popular, then Sara’s commented scenario would definitely happen. SPAM bot creators would target that implementation in order to rip out the annotation and determine the CAPTCHA value that is intended for screen readers.

    I was emailing Dave Burke from Community Server the other day about his CAPTCHA control that I am using on my site. I suggested that the CAPTCHA control should only be displayed for anonymous users. This would minimise impact on disabled users. Screen readers could indicate on the CAPTCHA image that in order for users to not be forced to use the CAPTCHA image they should register themselves as a member of the site. This also means that registered users are not bothered by unnecessary CAPTCHAs.

  10. Effective immediately, I am changing comment options on this blog to only allow comments for posts made