Monday, September 19, 2005

Blog spam

We seem to be suffering from an influx of blog spam at the moment, so if you see any exotic enticements please bear in mind that they might not be totally above board.

This has actually highlighted an accessibility problem on Blogger. To reduce the chances of blog spam, we could turn on Blogger's "Word Verification" feature - a friendler name for the CAPTCHA challenge and response test.

Verifying a comment on BloggerThis means that people have to type in text from a picture in order to prove that they're not a machine. However, there's no accessible alternative. If you can't see the image, you can't prove you're a person.

Hmmm.... What do you think about this?

8 Comments:

Blogger Simon Wharton said...

Is there anyway we could pre authenticate certain users so they are not challenged when trying to post?

Perhaps not an ideal solution by a workable interim.

1:40 pm  
Blogger Manchester_Blog said...

Hi spamming is a problem but I don't think the solution presented here is really acceptable especially given the nature of the group. It takes away the indpedence of anyone using screenreaders plus it can cause problems for people with cognitive difficulties.

Perhaps this type of blog is best not used or as psycobel we could use preauthentication.

Stu

4:32 pm  
Blogger Andy @ Sputnik said...

the blogger spam is trying to hijack the form to send spam. To do this, the hacker has to send very specific code, a common one at the moment is....

Name: zozj@domain.com
Email: zozj@domain.com
Question: zozj@domain.com
Content-Type: multipart/mixed;
boundary=\"===============0760313547==\"
MIME-Version: 1.0
Subject: 626425fc
To: zozj@domain.com
bcc: jrubin3546@aol.com
From: zozj@domain.com
This is a multi-part message in MIME format.
--===============0760313547==
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
nhyktiudsr
--===============0760313547==--



The solution is to verify submissions before posting.A simple thing like...


if (eregi("Content-Type: multipart/mixed",$comments){
die();
}
(in PHP)


...would do the trick. The only disadvantage is you couldn't legitimately post a message with the words "Content-Type: multipart/mixed" in it.

That may not be a big deal, unless it's a blog on mail relaying :-)

4:43 pm  
Blogger Andy @ Sputnik said...

...sorry my point was that blogger.com really should just fix the bug now that it's been highlighted, and i'm sure they will otherwise their servers will be clogged up with junk. A 30 minute fix will save them a fortune

4:46 pm  
Blogger Jon Hardisty said...

I've spoken to several of our users about this in the past, any workaround which doesn't offer the same independence available to sighted users is, obviously, not very well received.

There was a W3C paper about this issue published a couple of years ago.

More pragmatically, it might be worth considering a move to something like Wordpress? There seem to be various anti-spam plugins for it which don't use image authentication.

8:15 am  
Blogger Roy Wilding said...

That's really interesting. So nearly all forums are not accessible then?

Surely the fix is to have a simple audio and visual authentication.

Display the word with audio accompaniment?

12:12 pm  
Blogger Roy Wilding said...

I noticed the other day that Google have a wheelchair icon next to their word verification image for adwords users. When you click the wheelchair icon it opens the image in its own window.

For anyone interested you'll need to use a legitimate login (info@virtuffinity.com) and wrong password (password) over at Adwords

A quick look at the code and I'm struggling to understand how that is helping anyone with accessibility problems?

I notice they are still using tables for layout, no doc type declaration .....etc

I wonder when some of the big players will actually start doing things properly. Perhaps it's time to name and shame?

2:05 pm  
Blogger Simon Wharton said...

By all accounts, this chap, Matt Cutts, is something to do with Google. I haven't actually checked, but he set up a captcha on his Blog and got comment re accessibility back.

Go and make yourself known

http://www.mattcutts.com/blog/captcha/

8:36 pm  

Post a Comment

<< Home