22 Jul 2010 23:10
Last Modified
13 Jan 2013 18:20

It's taken a few weeks for the spam-bots to notice my blog engine, but they're now starting to become more active. There are many options in the toolbox for dealing with spam comments, one of which is to add a CAPTCHA. This is a test in which a computer generates a challenge, and then attempts to verify that the response is generated by a human.

There are many CAPTCHA implementations available (reCAPTCHA is a good example), however I though it would be instructive to generate my own. The System.Drawing.Drawing2D namespace got me started, as shown below in Figure 1.


Figure1. Initial CAPTCHA image (enlarged)

The image is generated by a controller action, returning a FileResult object with the appropriate content type. A new image is generated after a configurable interval. There are numerous ways to implement the CAPTCHA check when the comment form is submitted, the simplest of which is to have stored the CAPTCHA data in ASP.NET session state. Given this project is intended as a lightweight, personal blogging engine and that I wouldn't envisage scaling out across multiple servers, this doesn't seem a bad approach for the time-being.

Of course, it's rather sad that I have to use a CAPTCHA, and I apologise for inconveniencing anyone submitting a valid comment.


Pete Brown
26 Jul 2010 03:44
I had CAPTCHA for a while, until the spam bots were able to start parsing it. So, spammers started getting around it, and it still annoyed my visitors.

Don't use CAPTCHA. Instead, use the Akismet service. I've been using it for a while and barely any spam gets through. False positives are almost non-existent. It requires just a little code server-side.


Add Comment