In the last two weeks, spam engines finally have found their way to Kyusl signup page. In the Apache log it looks like getting to the form and firing the send button right away, all the data filled in correctly. As Kyusl is used to store site links, among other things, it’s a natural target for folks dumping the stinking stuff onto the Net.
My first idea was to find the most simple PHP script that will supposedly use GD library to generate some distorted text to be presented as CAPTCHA challenge. Just like everyone else does. But I have found an interesting link on Wikipedia. Carnegie Mellon University, known for its software-related research and software itself, has an interesting project that has developed a kind of Web service that does everything for you: RECAPTCHA.
Integrating the checks is very easy and they provide ready to use code in many languages including PHP. I have tested it with Firefox and IE, and after adding the new checks into the signup code, the spam signups have disappeared. Hmmmm…. as of today.
