Block Spam Using Math

In a normal day, I usually get over 1000 spam comments on my blog. Although I don’t have to delete the spam, it still takes up resource on the database. By the way, Akismet deletes all spam comments after two weeks. This gives the blog owner time to recover if a valid comment was mistakenly classified as spam.

If you really want to cut down on spam comments, you can implement Captcha. But, lots of people hate Captcha including myself, especially the ones that are unreadable. What is more frustrating than trying to guess a mangled captcha only to be thwarted again and again because it’s unreadable. Enter a solution using simple math.

So, I decided to install a WordPress plugin called Block-Spam-By-Math. The plugin adds a custom field to the comments form by posting a simple math problem. Anyone who passed at least first grade should be able to answer the addition problem. After all, 8 + 2 = is not that difficult to solve.

Automated bots that send spam will have problems submitting past the math problem. Unless, the bots become sophisticated enough to read text and solve the math problems themselves. It sounds like a whole lot of trouble, just to add that feature to send spam.

At least temporarily, spam has been cut down to almost zero. Now, I just have to deal with humans who send them. And that’s infrequent compared to bots.

6 thoughts on “Block Spam Using Math

  1. Since you hate Captcha I guess you would also hate ReCaptcha (http://drupal.org/project/recaptcha) too. I would guess that it would be equally unreadable at times.

    If someone is really concerned about security Mollom (http://drupal.org/project/mollom) handles incoming posts intelligently by monitoring content activity on all sites in the Mollom network. But then again that still uses Captcha at times for verification.

    I suppose the arithmetic test is 9 times out of 10 just as effective.

  2. I actually don’t mind typing captchas and recaptchas in forms, as long as they are readable. Lots of important sites implement them. Yahoo Mail uses it if you mistype your password at least twice. Captchas shouldn’t discourage humans from posting valid comments. By the way, Mollom looks like a great plugin for Drupal.

  3. Okay, I’ve been looking for someone who likes math captchas for a long time, now. I just don’t understand the fundamental disconnect in reasoning between supporters of math captchas and everyone I tend to hang out with.

    My question is this: why would you think that automated computer programs would find simple arithmetic challenging? I can understand the “prove you’re human by transcribing this audio snippet” captchas and the “prove you’re human by discerning the textual pattern in this field of noise” captchas. They’re not perfect, but they at least rely on the sorts of things that humans are good at but computers still struggle to accomplish.

    But surely computers are BETTER at arithmetic than humans, no?

  4. I wouldn’t say computers are better in arithmetic than humans. Quite the contrary. Computers are just considerably faster when told to do a task. After all, humans were the ones who created the program. In the case of captchas, most spam bots don’t know how to interpret text.

    I suppose you can create one, a sophisticated bot with the ability to read text, and solve a simple math problem. But, that would be a waste of time if there are millions of blogs out there with no spam protection and no captchas. What’s the point of making one.

    By the way, I had zero spam from the time I turned on the math captcha.

  5. The reason captchas do weird things to text is that the spambots were doing rudimentary OCR on the captcha images that were there. That was the situation nearly ten years ago, mind!

    The current generation of captchas are the tail end of an arms race, and you’re going back to stone knives and bearskins here.

    Your form says “What is 9 + 14 ?” and boy, if that isn’t trivial for a spambot to just parse out, I don’t know what is. Parsing regular patterns in text is another thing that software is astonishingly good at. After all, that’s how the bots figured out how to post comments on your blog in the first place!

    Finally, I’d note that it’s a computer that verifies the correctness of this math captcha in the first place. If computers aren’t very good at arithmetic, why trust that?

    I don’t understand why you think a program can’t solve a math problem posed in a string of text that I am actually right now solving by pasting the relevant portion into a python interpreter. The parsing of infix arithmetic expressions uses a standard algorithm that was invented in the 1960s!

    https://secure.wikimedia.org/wikipedia/en/wiki/Shunting-yard_algorithm

  6. Great points. I don’t doubt computers can be very good at parsing text. But aren’t captchas more of prevention than a cure. It the same reason why doors have locks. It prevents unauthorized people from entering. A professional thief can always pick it or break down a window or a door. People still use door locks and windows knowing full well it’s not a 100% secure. Major corporations like Yahoo and Microsoft still use captchas.

    I suppose, captchas can get more sophisticated by using pictures of famous people, pictures of landmarks and common household items. Humans generally know the it’s same person when looking at a picture of 5 year old or a 80 year old. How about video captchas with riddles. You could even make captchas impossible to answer by asking top secrets questions in Russian that only a KGB agent can decode. But, what’s the point of having a comment form that no one can use. It’s impractical.

    I’ve cut down my spam from 1000 to 0. I say that’s effective and it hasn’t prevented anyone from making any comments. You are proof.

Comments are closed.