vowe dot net :: Site news: Comment entry changed once more

Site news: Comment entry changed once more

by Volker Weber

In an effort to avoid comment spam I have changed the comment entry system once more. As explained in the previous post, the old solution did not scale.

I have now designed a two step process. If you want to post a comment, you will first have to go to a preview screen that contains the security code and then post from there. This has two benefits:

You get to see your comment as it would be posted. Check for embarrassing typos.
The site has to generate the security code only for a few dozen comments a day and not for thousands of page views.

Update: I suggest you load this stylesheet once and refresh the browser window before proceeding.

What do you think? Give it a try.

2004-11-02 :: email :: bookmark :: digg

Comments

Works like a charm. But then, this was to be expected.
And it's still slow as hell. But then, this was to be expected, too ;-)

Stefan Rubner, 2004-11-02 22:58

Still the same old server. Possible better in two days.

Volker Weber, 2004-11-02 23:04

Simple and clever and a solution to two problems.
In Italy they say "catching two pigeons with one bait",...

Pieterjan Lansbergen, 2004-11-02 23:23

The English version is "kill two birds with one stone". And In German you would "zwei Fliegen mit einer Klappe schlagen" (for some reason Germans seem to prefer to kill/catch flies instead of birds)

Armin Grewe, 2004-11-02 23:40

Good solution. And the mandatory preview is generally a good idea too. I really do wonder, why similar systems haven't been implemented (as standard) with other blogging systems. It seems such an easy way to keep out spam bots ...

But - and I don't know, if this really is a problem right now - the pictures your tool is generating seem to contain not much noise. Wouldn't it be easy for a spammer to include a little character recognition into its bot?

Markus Breuer, 2004-11-03 05:59

Nothing is impossible for the man who doesn't have to do it himself.
— A.H. Weiler

Volker Weber, 2004-11-03 09:51

Teaching a class in Management of Information Security we tell our students, there is no 100% security, at least not to an affordable or reasonable price. You always have to figure out how high you need to raise the bar to be comfortable. That is usually referred to as "risk management". I guess in this case the bar is high enough with the produced images as they are.
After all, you don't have to run faster than your predator, you only have to run faster than the slowest prey...

Ragnar Schierholz, 2004-11-03 10:07

If this appears this seems to work nice ;-)
I just wonder if forcing the preview wouldn't be enough. Or would it be just a too easy step for spammers to include a "second click" into their scripts?

Oliver Regelmann, 2004-11-03 10:37

Spammers don't click. They call the script that posts the comment. That script is now locked with the captcha controller and the preview page gives you the key to the lock.

Volker Weber, 2004-11-03 10:43

Nice solution, works well. Definitely makes sense to load up the graphic when you know someone is making a comment rather than on every permalink page. I caught a typo too!

Ben Poole, 2004-11-03 13:32

Testing, Testing...
works fine for me... but I feel sincerely flattered that you are moving to a faster server because of our comments.;-)

Martin Forisch, 2004-11-03 14:23