PHP blog being plagued by spam comments

Hi,

I have a blog that uses a captcha to verify comments.  I have tested the captcha with the usual sql injection and incorrect details and it does not post a comment.  It gives an error message as expected.

The problem is that I am getting loads of spam comments added to my site :-(  Is there something I am missing or is this the results of human entry?  Is there anything I can do to stop this from happening?

Many Thanks,

John
LVL 14
john-formbyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

midhungirishCommented:
it seems that you have taken a major step to avoid bots by incorporating captcha..... but since there is no reference to the site, i cannot test it..... the captcha you have incorporated might be breakable or may be bruteforceable.... please give a link to the site to test it....
0
john-formbyAuthor Commented:
Hi,

The site is: http://www.phpfreak.co.uk/

Many Thanks,

John
0
midhungirishCommented:
Your captcha is too simple .... the letters and alphabets come up at same place everytime and have the same color... you need to make those random... also change the angle of the letters... an attacker can write a script to extract the letters from your captch image using character recognition algorithms without any problem.. u need to make the image complex inorder to avoid that.... You can use common functions from php gd library to do this....
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

rajkumar_pbCommented:
Use Re-Captcha or Securimage CAPTCHA for high-level SPAM security.

http://recaptcha.net/plugins/php/

http://www.phpcaptcha.org/

We're using Re-Captcha for our site and didn't even got a spam comment or order yet. It uses some private and public key which will be available only if you sign-up, but thats not a big thing. Right?
0
john-formbyAuthor Commented:
Hi,

Thanks for your responses, I have just implemented recaptcha on my site for comments and contact form.  I hope that will resolve the issue.  It does look a lot more secure than what I was using so fingers crossed :-)

Many Thanks,

John
0
john-formbyAuthor Commented:
Thanks :-)
0
rajkumar_pbCommented:
^^ Hope you didn't feel refrain doing that. No need to worry about spammers any more.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.