Blog post's comments Captcha

saidbakr

The comment on a blog post should be initially evaluated by a mean of Captcha solution even if the user is registered. The only exception should be assigned to the blog admin or editors.
There are many spamming comments that I had to remove weekly from registered users, it is a simple robot that should be stopped by Captcha.

ch3f

@saidbakr There are ways around captcha, so probably not the best solution.

Catweazle

@saidbakr , captchas and re-captchas are currently outdated protection, as current bots solve them better than a human. The best test is the Buster extension, which solves re-captchas with a simple click.
There are better methods to avoid bots, the simplest and most effective is to wait an hour or two, before sending the registration confirmation, this avoids the disposable emails that spambots use, which are only valid for minutes. Another method to avoid bots is the honeypot method.
I think that these would be systems that will have to be implemented.

saidbakr

@Catweazle Custom and simple captcha solution should be better than public captcha solutions. The most clever OCRs impossible to get the same level of accuracy against human brain without predefined algorithms.

However, a golden rule in the security states that "There is no any unlockable lock!" In other words, the majority of, or even all indeed, security actions works mainly on making things harder to be opened.

A custom and simple Captcha solution, that is easy to be implemented without any of considerable performance load on the system should play a significant rule in order to prevent or at least reduce spamming on the blog comments module.

Catweazle

@saidbakr , I think the same, before I named 2 methods which has prove good results, but yes, it's more difficult to resolve for un bot "2x7=?" as image, as the re-Captcha (with inbuild Google trackers)