Is Clickcha Actually Working?

Unfortunately, Clickcha, which I mentioned in my last blog post, wasn’t working quite like I expected it to. Since I installed it, there’s been no slowdown in the amount of spam going into my Akismet queue (over 300 spam messages have hit my queue). Sure, it’s going into my Akismet queue — no problems there — but I have to ask “Why”? After doing a bit of research, I don’t think it’s Clickcha’s fault, so I’ll make a few adjustments and continue to test.

I still think that Clickcha is a great, unobtrusive system for reducing spam comments — much better than trying to read some distorted CAPTCHA image! I did get one weird comment that made it to my moderation queue, but I guess you’ll always have those people who will waste their time actually visiting blogs and entering weird / generic comments in hopes that they’ll get a link back to their website. Doesn’t work here, boys and girls… Only relevant, “intelligent” comments get approved.

But getting back to that Akismet queue…

I did all sorts of things, to include allowing my computer security geek side to play with the Clickcha system while capturing packet data with Wireshark. Without getting into a detailed discussion, it’s a pretty sophisticated system that, in my opinion, seems to be difficult to beat by a machine or bot; I think it would require a human to defeat it. You only get one chance to answer a particular puzzle / challenge; if you get that one wrong, you are given a different challenge that has a different answer. And from looking at the data being passed between the web server, the Clickcha server, and the user’s web browser, I think they’re doing a pretty good job of keeping things unique (I’ll leave it at that; I’m not going to spoon feed the script kiddies by telling them what’s going on. Besides, I have no idea what’s going on behind the scenes at the Clickcha server anyway, so my knowledge of the system is incomplete, regardless of how deeply I analyze packet data).

Lots of comment spam comes from various automated software programs and “bots”. I’m pretty sure that some of them will present any CAPTCHA images encountered to the human at the other end of the ‘bot so that the human can enter the correct answer. Have they already made adjustments for Clickcha? Perhaps. Has somebody already come up with an automated way to defeat the Clickcha system? While that’s always a possibility, between my common sense and what I know about how Clickcha works, I don’t think that this is the case. Instead, I simply think that Clickcha isn’t a factor for these ‘bots. I tried to find some ‘bot software to look at it, but the people who are using it are, for the most part, clever enough to know how to keep those sales pages out of the search engine listings, so I didn’t have any success.

In the final analysis, I think it’s automated comments from ‘bots that are causing the problem and Clickcha is not designed to stand in their way (which is not a defect or “fault” of the plugin). To test my theory, I’m going to install the WP Spam-Free Anti-Spam Plugin, which promises to block automated comment spam. By doing this, I’ll get the answer to the Clickcha question, which I’m pretty sure will be the answer I’m looking for: Clickcha works just fine for “live” comments, but you need a bit more to prevent those pesky ‘bots.

Let’s see what happens.

A belated “thank you” goes out to Frank Haywood for posting about Clickcha. Frank runs a great blog, makes some great products that are actually useful, etc. Take a moment to check out his blog — after you’re done here, of course (and don’t forget to post your comments, questions, and opinions before you leave!).

UPDATE: The creators of WP-SpamFree recommend that you disable any other plugins, so I’ve temporarily disabled Clickcha… They also claim that Akismet isn’t needed, so what the heck; I’m also going to disable it for 24 hours to see what happens! If I don’t post for a few days, it may be due to the need to delete a few hundred spam comments…