Captcha or not?

Question

Captcha or not?

I hate captcha, do you think there is a better solution

+6

security post php captcha

nirvanist Dec 14 '10 at 9:21

source share

6 answers

Math questions are becoming more popular.

e.g.: what is 3 + 2?

They are often easier to read than noodles, which can be very confusing for some users.

+5

mrwooster Dec 14 '10 at 9:25

source share

I have input of fictitious forms (something like zip or any other information that bots like to fill out, but you really don't need it), which has visibility: hidden; position: absolute visibility: hidden; position: absolute . The motivation is to get an input that is invisible to the user, but visible to the bot. So, whenever you get a request where this particular input is filled in, you know that this is not a person.

I am using visibility: hidden; position: absolute visibility: hidden; position: absolute so that it still uses a space but does not clutter up the design. This is for bots that use more sophisticated methods to detect hidden inputs, because for JS something is not hidden if it takes up some amount of space.

I have not tested this technique on a successful site, but still worth a try. Remember, however, that some browsers (I'm looking at you Safari / OSX!) That take information from your contact list and fill in all the input fields automatically (potentially even your hidden inputs) for you, so you better check for errors in this direction .

+4

Mike Dec 14 '10 at 9:40

source share

I solved it in a nice way a couple of years ago.

I had an email form on a small business website and I wanted to be as accessible as possible; spam bots found it and began to suppress legitimate messages. From reading server logs, I found out that the bots submitted the form without retraining it first - someone cached my form and simply sent POST whenever they had some kind of garbage for me to read. Hidden form input would help for several days, but then some bot owner would figure out the correct input, cache it, and the flood would start again.

I did not have a backend where I could add session information to the form and did not want to add it. Instead, between the "Enter your message here" field and the hidden element, I inserted script output that writes

 <div class="float-left" style="font-size: x-small;"> There will be a short delay before you may submit the form. If you have been typing in your information, the delay may already have ended. <br/><span> 4 ... </span><span> 

A block of garbage is randomly generated, making compression difficult. I experimented with how long garbage blocks should last. When I got the form size up to 200K, the spam messages stopped.

In fact, this is not so much additional data as adding a few additional images to the page. Even for a hypothetical client in dialup, the delay between rendering a text field and rendering a submit button is shorter than the time it would probably take to compose a message.

+4

rob Dec 14 '10 at 13:55

source share

there is a good trick that you can use by setting an empty input displayed none user, but visible to the bot.

and if this input has served !=="" empty, return false for the form.

more here http://klauskjeldsen.dk/avoid-html-form-spam-using-css/

+2

andrewk Dec 14 '10 at 9:32

source share

If you hate captcha, then I can give you two quick other options:

any type of authentication (facebook connects, you almost certainly know that the user is trustworthy).
akismet

+1

Alfred Dec 14 '10 at 9:24

source share

Sandeepan nath · Accepted Answer · 2010-12-14T09:29:32+0000

Can you check CAPTCHA Practical Image-Based Approaches not related to image?

I asked a question before. Need suggestions / ideas for easy to use but safe captchas

However, if you are annoyed by the difficulties that users face because of the very existence of captchas, then there was a lot of controversy about this, and people are still trying to come up with a universal solution that can work even for very popular sites.

You should see http://nedbatchelder.com/text/stopbots.html to implement Negative captchas . But, unfortunately, this is still inefficient for spam attacks on a particular site (when your site becomes very popular), as I understand it. The author says that he has successfully used these methods for less popular sites. The general conclusion with ultramodern negative captcha is that any method you use, spammers can program their bots to hack it in some time if they are aimed at your site. And they are likely to be targeted to your site when it becomes very popular. But you can definitely use them until your site is very popular.

Captcha or not?

More articles: