Ever since I created a Rock Paper Scissors [morerpscaptcha, rpscaptchasandwich, rpscaptcha] validation game to combat comment spam, the amount of comment spam on this blog has dropped quite a bit. The exceptions have been little flurries that happen every 8 hours or so. The spams always choose the same answer to Rock Paper Scissors, so if they choose an answer, they basically have a 1-in-3 chance of winning and successfully posting a spam.
I need to change how I present Rock Paper Scissors. Currently, I present a challenge choice in English text ("I choose ROCK"), then require the poster to select an answer by choosing an image. I think I'll remove a lot of the "luck" if I reverse this: Present the challenge as an image, and require the answer to be typed in. For a non-spammer, this won't be any more of a challenge, but I hope spammers won't bother with the hassle.
Looking a the logs, I realized the spammers not only always choose the same answer, but they always choose either the first or last answer in the list. I suspect this is because the posts are automated from zombie apps residing on unsuspecting computers around the world (the IP addresses are from Indonesia, Israel, Portugal, etc.). So I tried an experiment: I added completely invalid choices to the Rock Paper Scissors game. In addition to the three valid answers of Rock, Paper, or Scissors, the first answer is now a picture of a sandwich, and the last choice is a picture of JarJar Binks.
I've been hit with two flurries of comment spam since I put the experiment online. All of their "winning choices" in a game of Rock Paper Scissors?
Update 03/10/06: 60 spam attempts since I added the "Sandwich / JarJar" decoy, and all failed to successfully post a spam.