: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /homepages/u37107/www.sebastian-kirsch.org/moebius/blog/wp-includes/functions-formatting.php
on line 76
I added CAPTCHA support to my blog now, to curb blog spam. A CAPTCHA is a kind of reverse turing test: It is intended to allow humans to access a certain function, but keep out automated programs. (For example programs that deposit spam in the comments section of a blog.) Nowadays, this is usually done with an image that contains a short word, or a some characters, but twisted, distorted and with a distracting background. This is an attempt to foil OCR (optical character recognition) programs.
I used the AuthImage plugin for Wordpress, by Gudlyf. The installation was relatively straight-forward, but I had to make a couple of changes:
- authimage-inc/image.veriword.php: This file used the tag <? to introduce PHP sections instead of the more common <?php; this prevented my web server from processing it properly.
- authimage-inc/class.veriword.php: I added cache control headers to the outputImage method to prevent caching of the image.
- The README.txt file mentions wp-comments.php and wp-comments-popup.php as places where to add the CAPTCHA section, but forgets wp-comments-reply.php.
I also added a short explanatory text, explaining how to get a new image if you can’t decipher the current image, and that a comment with the wrong code will still appear on the web site, it may simply take a while. This way, people who enter the right code get instant gratification, and those who can’t decipher the image will still get their comment posted. (And the CAPTCHAs from this system can be really hard.)
A short anecdote from the history of CAPTCHAs: A couple of years ago, German email provider web.de had a free SMS gateway. They tried to limit abuse of this system by providing a simple CAPTCHA: An image with a word (without distortion or background noise) that one had to enter in order to send the SMS. It turned out that this system could be defeated with a 60-line shell script, using lynx and the free OCR system gocr. The complete details are here.