I once had a spam-bot problem on a site I ran, and as an interim measure, I added a static "captcha" that simply said "Foo" in plain, easy-to-read letters.

It worked for quite a while.

Jonadab • February 14, 2012 7:47 AM

> I once had a spam-bot problem on a
> site I ran, and as an interim measure,
> I added a static "captcha" that simply
> said "Foo" in plain, easy-to-read letters.

That (or even using the text of the page to tell the user what to type) is good enough to defeat a lot of the simple generic bots that crawl the web posting spam on a lot of different sites, because they're designed to pick off the low-hanging fruit, and there are a lot of sites out there with, for whatever reason, no CAPTCHA at all. Even attempting to post the message on moderated blogs, like on Blogger, gets a decent ROI for these bots, because it's dead easy and usually gets *one* person (the blog owner) to see the message.

However, if you run a site that's going to get targeted specifically (like any really popular forum or wiki or webmail service) then you're going to have to deal with bots that can do at least basic OCR and maybe more.

Post a comment

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

Subscribe via Kindle

Blog Menu

Search

Powered by DuckDuckGo

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M J
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D