I renamed our input for e-mail address from '<input name="email">' to something pretty generic, and the bots that hit us immediately stopped supplying valid addresses for that input, so that's easy to catch. Then as an experiment, I put '<input name="email">' back in, inside a comment. Sure enough, the bots see it and stick and address there, which is even easier to catch. So it isn't just a WordPress thing. Now if I could just return an HTTP status that meant "Go #%@! yourself". Thomas Dowling [log in to unmask] Genny Engel wrote: > More anecdote: I got rid of pretty much 100% of spam on our blog by > commenting out the URL input box. Then add a few lines of code to the > comment processor: > > if ($_POST['url']) { > header('HTTP/1.0 406 Not Acceptable'); > exit; > } > > If the post contains a URL it's a bot, since a human wouldn't be able > to submit a URL field. What I don't know is whether all the bots > hitting our comment form happen to be WordPress-specific bots > preprogrammed to send a URL value, or if it's really true in a more > general sense that commenting out input fields is a good way to foil > bots. > > > > > Genny Engel > Internet Librarian > Sonoma County Library > [log in to unmask] > 707 545-0831 x581 > www.sonomalibrary.org > > > >>>> [log in to unmask] 07/01/08 02:00PM >>> > It's anecdotal, but since I added a little "What's two plus two" input > box to my forms, we hardly get any more form spam. You could easily > switch the question each time, although I haven't had the need to. > > We weren't getting hit once a minute, mind you, so you might be > attracting a better class of bots . . . . > > On Tue, Jul 1, 2008 at 10:36 AM, MJ Ray <[log in to unmask]> wrote: >> Thomas Dowling <[log in to unmask]> wrote: >>> Does anyone know anything concrete about "cognitive" captchas? I've > run >>> into anecdotal support for things like: >>> Enter the word "orange" <input name="foo"> >> [...] >>> Are these known to work? Or are they just clever guesses about > what >>> bots might not be able to figure out? >> There are mostly anecdotes because this stuff is hard to test >> properly. I found they worked a little, but are just clever > guesses. >> "3.1 Logic puzzles >> >> The goal of visual verification is to separate human from machine. > One >> reasonable way to do this is to test for logic. Simple mathematical >> word puzzles, trivia, and the like may raise the bar for robots, at >> least to the point where using them is more attractive elsewhere. >> >> Problems: Users with cognitive disabilities may still have trouble. >> Answers may need to be handled flexibly, if they require free-form >> text. A system would have to maintain a vast number of questions, or >> shift them around programmatically, in order to keep spiders from >> capturing them all. This approach is also subject to defeat by human >> operators." >> >> Source: http://www.w3.org/TR/turingtest/#logic >> >> >> As that last phrase hints, bots are not the only problem. See >> http://www.schneier.com/blog/archives/2007/11/spammers_using.html >> for example. >> >> >> Hope that helps, >> -- >> MJ Ray (slef) >> Webmaster for hire, statistician and online shop builder for a small >> worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ > >> (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237 >> > > >