My Fight Againt Comment SPAM: Spambots pass the Turing test!

Ok. I’ve had it. Either the spambots pass the Turing test and have achieved strong AI, or there is an army (a very large one) of folks paid to spam blogs.

Anyone who has posted a comment on my blog in the last few months knows it requires at least one full second, preferably two or three, to pass my captcha. Currently, you have to be able to do arithmetic with roman numerals. Not exactly Ph.D. worthy, but still a bit of a challenge. For all sorts of reasons, including accessibility, I have given up on image-based captchas. My captchas are customized and modified regularly, and usually involve that you read a piece of text and translate it into an arithmetic problem. Some human beings have complained that they had to give up posting a comment because the problem was too hard. If you took a snapshot of my system, you could easily build a computer program to pass my captchas, but because I change them all the time, and because they only appear on my low-traffic site, I figure that nobody would ever bother trying.

Well, I still get about 3 spam comments per day. No matter what. There is a spam-free delay of a week or so after I change drastically the captcha, but spam quickly resumes.

Ok, it could be that a spambot was programmed to beat the general type of captchas I use. Still, it is pretty impressive the way I get spammed with such efficiency.

The fact that I am nearly convinced that I deal with human beings, tell you that if I, in fact, have to deal with machines, these machines pass a Turing test with flying colors.

I am now waiting to see how long it will take for the spambots to learn roman numerals. If they do so in less than a week, I will seriously worry about my safety.

Published by

Daniel Lemire

A computer science professor at the University of Quebec (TELUQ).

9 thoughts on “My Fight Againt Comment SPAM: Spambots pass the Turing test!”

  1. I also find that Akismet does a good job.

    What about simply forbidding URLs in a comment? Blog spam seems to consist entirely of URLs.

  2. Programs can easily post your challenge to some other human in return for some commodity (eg, porn) and relay their response to your form. I am not sure if programs are necessarily figuring out the language.

  3. first-you might look into the log (or log all unsuccessfull attepts)-maybe they are just doing some brute forcing.
    secondly-you should challange them with face or emotion detection from photos etc 🙂

  4. I know it’s been a while since you posted this, but I just found your reference to it on “The Noisy Channel.” I’m curious if you think there is some possibility that people are being paid to post spam comments through something like Amazon’s Mechanical Turk? I’ve seen job postings on there that look dubious to me (i.e. requests to post comments or add bookmarks to some service). If that’s the case, the time and difficulty of solving your puzzles may not be a factor — the pay rates on Mechanical Turk are pretty terrible, and that doesn’t seem to stop anyone.

Leave a Reply

Your email address will not be published.

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    Markdown is turned off in code blocks:
     [This is not a link](

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see

You may subscribe to this blog by email.