So, that's it? There's no way to stop the gits!

[Sic]

i think i must've tried everything to stop my blog getting spammed.

when i first wrote it, it didnt have some form of CAPTCHA...so i wrote a very primitive form, which could probably do with an update...but it seemed to work for like 2 days.

i was then putting up with getting about 2 (what i can only assume were) manually submitted pieces of blog spam a day, just removing them as they were added.

then last week, enough was enough. i noticed all the spammers were either advertising tramadol, phentermine or scooters (wtf!!) so i decided to write a little something so i could ban certain words in my comments. i knew this wasnt going to stop it altogether, but it didnt even make a difference, even slightly (maybe it might when i put up a bigger list of banned words).

after that, i thought "maybe these are all coming from the same ip", i mean they were coming from the same email address...so i asked my host and he confirmed that there was an amount of usage for my comments posting file from this IP address. so i wrote something else to block ip addresses (ugh). so just as i block that ip address, i get submissions from 4 other ip addresses in one night. now i KNOW i'm not going to be able to block all ip addresses that would cause me trouble! although i might be able to thin them out somewhat

is there anything i can do to lessen these? as the blog has grown with age/size, it's getting more hits (god knows why) and more spam. have i missed anything blindingly obvious that i can do, or do i just have to put up and shut up?

 

[Sic]

They're possibly automating passing the CAPTCHA - try making it less easily legible.

i can barely read it sometimes i might redo the whole image now as i'm a little better with imagecreatefromgif

Adz - the problem is the moderation full stop. i dont really want to have to do any and that'd involve doing more.

 

[Sic]

Assuming it's robots doing this:

Include some Javascript in the process when a user submits a comment. E.g. make it so when the user clicks "Submit" it runs some Javascript code that _then_ performs the actual submission in a different way.

could you be a little less vague...i dont really know what you're talking about

 

[Sic]

that's the thing, i thought if it was automated then there'd be more of it.

 

[Sic]

this generates my image

<?php
session_start();
$_SESSION['random'] = $random;
//generate random 6 digit number
$random = rand(100000, 999999);

$im = imagecreatefromjpeg("img/random.jpg");

$textcolor = imagecolorallocate($im, 255, 255, 255);

imagestring($im, 3, 75, 3, "$random", $textcolor);

header("Content-type: image/jpeg");
imagejpeg($im);
?>

this is cut from my post comment file

$random = intval($_SESSION['random']);

$verify = htmlentities(intval($_POST['verify']));

   if (eregi("\r",$verify) || eregi("\n",$verify)){

     die("Why ?? :(");

if ($name == "" || $email == "" || $comment == "" || $verify != $random ){

echo "there's been a mistake";

it doesnt allow you to post if there's nothing there or if the code's wrong, but i don't know how they'd read it/bypass it. the code isnt printed anywhere but the image

 

[Sic]

oooh, thank you when i copied that code, i did wonder why i'd declared the session variable first