A common question I hear about sites like weblogs.asp.net and other large communities we run (as well as Community Server in general) is: Why don’t you have support for CAPTCHA?
The short answer is: you don’t need it.
While CAPTCHA isn’t a feature included in Community Server there are several different CAPTCHA implementations that people have developed as add-ons for Community Server. You can download a CAPTCHA add-on for Community Server from the www.communityserver.org file gallery right now.
CAPTCHA, which stands for (C)ompletely (A)utomated (P)ublic (T)uring test to tell (C)omputers and (H)umans (A)part, works well for small sites but larger ‘community’ sites where there are multiple SPAM targets CAPTCHA only provides a false sense of security – it can be broken fairly easily and serious spammers are getting more sophisticated all the time.
Just do a Google search on “Break Captcha” and you’ll find several example. Below is one of the better write-ups on the topic:
However, this isn’t the reason we don’t support CAPTCHA in Community Server. It’s an overly cumbersome tool to solve a problem which can be much more easily solved by auto-detecting SPAM:
1. Dynamic Rules Engine – This is what we use for Community Server. It’s a set of rules and scores that validate content as it comes in that is designed to change/adapt/grow as the spam changes. The popular plug-in that Telligent makes use of is the WordPress Akismet plug-in.
2. Bayesian filters – Really only useful if the comment spam follows patterns. Unfortunately the type of spam seems to constantly be changing so a Bayesian filter isn’t really a great solution.