I believe that would be an error 438 (38 = F U on a DTMF keypad). Would you like to co-author an Internet Draft to get it in the RFC? ;) On Thu, Jul 3, 2008 at 4:22 PM, Thomas Dowling <[log in to unmask]> wrote: > I renamed our input for e-mail address from '<input name="email">' to > something pretty generic, and the bots that hit us immediately stopped > supplying valid addresses for that input, so that's easy to catch. > > Then as an experiment, I put '<input name="email">' back in, inside a > comment. Sure enough, the bots see it and stick and address there, which is > even easier to catch. So it isn't just a WordPress thing. > > Now if I could just return an HTTP status that meant "Go #%@! yourself". > > > Thomas Dowling > [log in to unmask] > > > > > Genny Engel wrote: > >> More anecdote: I got rid of pretty much 100% of spam on our blog by >> commenting out the URL input box. Then add a few lines of code to the >> comment processor: >> if ($_POST['url']) { >> header('HTTP/1.0 406 Not Acceptable'); exit; >> } >> If the post contains a URL it's a bot, since a human wouldn't be able >> to submit a URL field. What I don't know is whether all the bots >> hitting our comment form happen to be WordPress-specific bots >> preprogrammed to send a URL value, or if it's really true in a more >> general sense that commenting out input fields is a good way to foil >> bots. >> Genny Engel >> Internet Librarian >> Sonoma County Library >> [log in to unmask] >> 707 545-0831 x581 >> www.sonomalibrary.org >> >> >> [log in to unmask] 07/01/08 02:00PM >>> >>>>> >>>> It's anecdotal, but since I added a little "What's two plus two" input >> box to my forms, we hardly get any more form spam. You could easily >> switch the question each time, although I haven't had the need to. >> >> We weren't getting hit once a minute, mind you, so you might be >> attracting a better class of bots . . . . >> >> On Tue, Jul 1, 2008 at 10:36 AM, MJ Ray <[log in to unmask]> wrote: >> >>> Thomas Dowling <[log in to unmask]> wrote: >>> >>>> Does anyone know anything concrete about "cognitive" captchas? I've >>>> >>> run >> >>> into anecdotal support for things like: >>>> Enter the word "orange" <input name="foo"> >>>> >>> [...] >>> >>>> Are these known to work? Or are they just clever guesses about >>>> >>> what >> >>> bots might not be able to figure out? >>>> >>> There are mostly anecdotes because this stuff is hard to test >>> properly. I found they worked a little, but are just clever >>> >> guesses. >> >>> "3.1 Logic puzzles >>> >>> The goal of visual verification is to separate human from machine. >>> >> One >> >>> reasonable way to do this is to test for logic. Simple mathematical >>> word puzzles, trivia, and the like may raise the bar for robots, at >>> least to the point where using them is more attractive elsewhere. >>> >>> Problems: Users with cognitive disabilities may still have trouble. >>> Answers may need to be handled flexibly, if they require free-form >>> text. A system would have to maintain a vast number of questions, or >>> shift them around programmatically, in order to keep spiders from >>> capturing them all. This approach is also subject to defeat by human >>> operators." >>> >>> Source: http://www.w3.org/TR/turingtest/#logic >>> >>> As that last phrase hints, bots are not the only problem. See >>> http://www.schneier.com/blog/archives/2007/11/spammers_using.html for >>> example. >>> >>> >>> Hope that helps, >>> -- >>> MJ Ray (slef) >>> Webmaster for hire, statistician and online shop builder for a small >>> worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ >>> >> >> (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237 >>> >>> >> >> >>