SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Member
    Join Date
    Feb 2012
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Best Captcha spam prevention

    Hi
    Do you have any comments on the best spam prevention Captcha ?
    Are they all equal, or are some better than others?
    I personally find the words often hard to read and prefer a question , like 2+2=

    Any help appreciated.
    John

  2. #2
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,296
    Mentioned
    460 Post(s)
    Tagged
    8 Thread(s)
    There have quite a few threads on this topic of late, such as here:

    http://www.sitepoint.com/forums/show...-Use&p=5138119

    In that thread, it mentions the "honeypot" method (e.g a simple 2 + 2 type question) but also a timestamp method. I was inpired to try out the latter, and wrote some simple instructions for it here, in case that's of use:

    http://pageaffairs.com/notebook/contact-form-honeypots

  3. #3
    SitePoint Zealot Sogo7's Avatar
    Join Date
    May 2011
    Posts
    129
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Another approach is to forget text with its universally recognised shapes completely and use images of objects, people or places that are related to the site and ask "Who or What is this?" to figure out if the sender is human. Remember some contact form spam bots are capable of reading simpler CAPTCHA's by themselves, others submit them to a 3rd party service to be solved by humans. This human outsourcing incidentally takes about 20-30 seconds to return an answer on average.

    For example an Electronics website could ask.. What does this represent?

    Now the puzzle becomes one of context & interpretation something that computers don't do well at all.

    How Bots bust Captcha
    Depending on the type of human solving service and nature of the captcha protection the the bot will either forward the image URL if it contains a unique session sequence. In which case your server could (should) be scripted to notice that the same image has been sent to two different IP locations. OR the Bot will take a static screenshot of the image/text and pass that along to a waiting human or a character recognition script. In this case animated gif, png or flash images with a blank intro frames should cause some pleasant confusion for the spammer.

  4. #4
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,296
    Mentioned
    460 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by Sogo7 View Post
    use images of objects, people or places ... an Electronics website could ask.. What does this represent?
    Remember to test any option with your eyes shut, to get some sense of what a blind user might have to do to pass muster.

    Also consider dudes like me, who might be trying to buy some electronic equipment for a friend, but who himself has no freaking idea about electronics, or what that image represents.

  5. #5
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,658
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Here is how simple captcha eg 2+2 http://www.visibilityinherit.com/cod...hp-captcha.php

  6. #6
    SitePoint Zealot Sogo7's Avatar
    Join Date
    May 2011
    Posts
    129
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    Remember to test any option with your eyes shut, to get some sense of what a blind user might have to do to pass muster.

    Also consider dudes like me, who might be trying to buy some electronic equipment for a friend, but who himself has no freaking idea about electronics, or what that image represents.
    Yes at the extreme end of useability spectrum the verification system has to ideally work for a visually impaired person who cannot use a keyboard or mouse. There's a blog out there from a dev who recently spent a week blindfolded whilst online and its a fascinating read.

    Audio questions created using text to speech scripting or simply pre-recorded would not be that difficult to implement on the above lines. Quiz shows have been asking them for decades after all so if IP geolocation reckons the user is somewhere in Australia it could ask...
    What kind of animal was Skippy?

  7. #7
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,658
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Someone with that knowledge should make that easy to do. As of now the only option I know of is using that big ugly red box with audio option

  8. #8
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,658
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    FYI someone should take my simple code and modify it to include audio. I would have no idea how to do that

  9. #9
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,296
    Mentioned
    460 Post(s)
    Tagged
    8 Thread(s)
    Off Topic:

    Quote Originally Posted by Sogo7 View Post
    What kind of animal was Skippy?
    But ... but ... Skippy was a real person ... wasn't he?

  10. #10
    SitePoint Member
    Join Date
    Jan 2013
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you human has stopped quite a lot of spam on my websites.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •