SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Hybrid View

  1. #1
    SitePoint Enthusiast
    Join Date
    Apr 2004
    Location
    york
    Posts
    42
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Forms without CAPTCHA

    Hi,

    I'm working on a signup script that doesn't use captcha as a security measure. I've added off-screen honey pots and have used md5 with salt to obscure the id and names of the required fields and am making assumptions based on the time it takes to complete the form. You know the kind of thing.

    I was looking for opinions on the best approach for what to do with submissions that look like they've come from spammers. Just a simple "You're registration could not be completed" or should I also be recording IPs and user-agent and building a blacklist. Also, I'm aware that Google Chrome does autofill. If I give some leeway to Chrome users for filling in some of the honeypots, would I be leaving the door open to spammers?

    Many thanks in advance for any advice or opinions.

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,868
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by arthurnegas View Post
    making assumptions based on the time it takes to complete the form
    THis is what is known as an unobtrusive CAPTCHA.

    Anything that attempts to distinguish between people and bots is a CAPTCHA.

    As for what to do with registrations that look like bots but which might be real people - just ask them to confirm what they input and present them with a slightly more obtrusive CAPTCHA.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Member johnymilton001's Avatar
    Join Date
    May 2014
    Location
    india
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Never use any blog or sign up without captcha. It might be effect your blog so much. If you using captch than bot will not enter in your blog. It is working as a spam controller.

  4. #4
    SitePoint Member JamesChandler's Avatar
    Join Date
    May 2014
    Location
    Holy Trinity Church Strada Andrei Șaguna Sigh
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Anything you use to differentiate between human and robot is CAPTCHA. Never allow anyone to register on your site without solving captcha. Without using captcha there is too much chances for spamming.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •