More anecdote: I got rid of pretty much 100% of spam on our blog by
commenting out the URL input box. Then add a few lines of code to the
comment processor:
if ($_POST['url']) {
header('HTTP/1.0 406 Not Acceptable');
exit;
}
If the post contains a URL it's a bot, since a human wouldn't be able
to submit a URL field. What I don't know is whether all the bots
hitting our comment form happen to be WordPress-specific bots
preprogrammed to send a URL value, or if it's really true in a more
general sense that commenting out input fields is a good way to foil
bots.
Genny Engel
Internet Librarian
Sonoma County Library
[log in to unmask]
707 545-0831 x581
www.sonomalibrary.org
>>> [log in to unmask] 07/01/08 02:00PM >>>
It's anecdotal, but since I added a little "What's two plus two" input
box to my forms, we hardly get any more form spam. You could easily
switch the question each time, although I haven't had the need to.
We weren't getting hit once a minute, mind you, so you might be
attracting a better class of bots . . . .
On Tue, Jul 1, 2008 at 10:36 AM, MJ Ray <[log in to unmask]> wrote:
> Thomas Dowling <[log in to unmask]> wrote:
>> Does anyone know anything concrete about "cognitive" captchas? I've
run
>> into anecdotal support for things like:
>> Enter the word "orange" <input name="foo">
> [...]
>> Are these known to work? Or are they just clever guesses about
what
>> bots might not be able to figure out?
>
> There are mostly anecdotes because this stuff is hard to test
> properly. I found they worked a little, but are just clever
guesses.
>
> "3.1 Logic puzzles
>
> The goal of visual verification is to separate human from machine.
One
> reasonable way to do this is to test for logic. Simple mathematical
> word puzzles, trivia, and the like may raise the bar for robots, at
> least to the point where using them is more attractive elsewhere.
>
> Problems: Users with cognitive disabilities may still have trouble.
> Answers may need to be handled flexibly, if they require free-form
> text. A system would have to maintain a vast number of questions, or
> shift them around programmatically, in order to keep spiders from
> capturing them all. This approach is also subject to defeat by human
> operators."
>
> Source: http://www.w3.org/TR/turingtest/#logic
>
>
> As that last phrase hints, bots are not the only problem. See
> http://www.schneier.com/blog/archives/2007/11/spammers_using.html
> for example.
>
>
> Hope that helps,
> --
> MJ Ray (slef)
> Webmaster for hire, statistician and online shop builder for a small
> worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/
> (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
>
--
Andrew Darby
Web Services Librarian
Ithaca College Library
http://www.ithaca.edu/library/
[log in to unmask]
