The Register’s Interview with a link spammer.
When Sam begins a spam run, he has one target, though he’ll accept any of six. Principal one: come top of the search engines for his chosen site’s phrase. “But you’ll accept coming in at 1,2 or 3, or if you come at 8,9 or 10. Actually, 8, 9 and 10 have better conversion rates. I don’t know why. Maybe the eyes fix on it when you scroll down the page.” And the cost of doing it? Once the code is written, pretty much zero. “Bandwidth is cheap,” he says. “You set it going in the evening and come back in the morning to see how it’s gone.”
So what beats them? Sounds like captchas (those distorted images requiring a human to type a letter)
So what does put a link spammer off? It’s those trusty friends, captchas – test humans are meant to be able to do but computers can’t, like reading distorted images of letters.
There’s several WP plug-ins that will do them; I haven’t tried it yet. But I will soon.
The only problem with captchas is the accessibility issues for vision impaired visitors. It effectively stops them from being able to leave comments but, as you said, they seem to be about the only thing that works.
There’s nothings stopping you putting in a natural language challenge-response thing, like “If Mary has twenty books and Steve burns seven, how many are left?”, “What colour do you get mixing blue and yellow?” or “What animal barks?” that the vision impared could use. Better yet, “If Mary has twenty books and Steve burns seven, what’s the name of this site?” ought to confuse non humans easily. You could white-list and black-list IPs. Or you could just enforce some kind of logins. There’s so many solutions to comment spam.
That’s quite a good idea. Do you wanna write one? (Or maybe someone already has…)
Logons are too much hassle. Part of the appeal of blog comments is that immediacy, including from any computer.
IP black/whitelists don’t work. They’re frequently forged. (Wait! You don’t actually have a blog of your own, do you, or you’d know all this!)
Someone has written one – Jeff Barr to be precise. See his WordPress Comment Verification entry for details. It’s cut comment spam to zero on my site thus far. It could probably be developed to ask a random question from a set, just in case the spammers get wise to it – however, if everyone has their own obvious but unique ‘non-graphic captcha’ (which it effectively is) then the spammers would have to write code for each site they want to spam. Not so likely!
The potential problem with this is that you need to be certain that the test is as simple as possible, because otherwise you could still exclude people without a particular ability your challenge relies on (ie poor mathematics, language skills, etc.) It will depend on your site’s audience as to what you can successfully implement.
It doesn’t tackle trackback spam, but then I’ve got rid of that feature now anyway.