PHP blog being plagued by spam comments

Hi,

I have a blog that uses a captcha to verify comments.  I have tested the captcha with the usual sql injection and incorrect details and it does not post a comment.  It gives an error message as expected.

The problem is that I am getting loads of spam comments added to my site :-(  Is there something I am missing or is this the results of human entry?  Is there anything I can do to stop this from happening?

Many Thanks,

John
LVL 14
john-formbyAsked:
Who is Participating?
 
midhungirishCommented:
Your captcha is too simple .... the letters and alphabets come up at same place everytime and have the same color... you need to make those random... also change the angle of the letters... an attacker can write a script to extract the letters from your captch image using character recognition algorithms without any problem.. u need to make the image complex inorder to avoid that.... You can use common functions from php gd library to do this....
0
 
midhungirishCommented:
it seems that you have taken a major step to avoid bots by incorporating captcha..... but since there is no reference to the site, i cannot test it..... the captcha you have incorporated might be breakable or may be bruteforceable.... please give a link to the site to test it....
0
 
john-formbyAuthor Commented:
Hi,

The site is: http://www.phpfreak.co.uk/

Many Thanks,

John
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

 
rajkumar_pbCommented:
Use Re-Captcha or Securimage CAPTCHA for high-level SPAM security.

http://recaptcha.net/plugins/php/

http://www.phpcaptcha.org/

We're using Re-Captcha for our site and didn't even got a spam comment or order yet. It uses some private and public key which will be available only if you sign-up, but thats not a big thing. Right?
0
 
john-formbyAuthor Commented:
Hi,

Thanks for your responses, I have just implemented recaptcha on my site for comments and contact form.  I hope that will resolve the issue.  It does look a lot more secure than what I was using so fingers crossed :-)

Many Thanks,

John
0
 
john-formbyAuthor Commented:
Thanks :-)
0
 
rajkumar_pbCommented:
^^ Hope you didn't feel refrain doing that. No need to worry about spammers any more.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.