I renamed our input for e-mail address from '<input name="email">' to
something pretty generic, and the bots that hit us immediately stopped
supplying valid addresses for that input, so that's easy to catch.
Then as an experiment, I put '<input name="email">' back in, inside a
comment. Sure enough, the bots see it and stick and address there,
which is even easier to catch. So it isn't just a WordPress thing.
Now if I could just return an HTTP status that meant "Go #%@! yourself".
Thomas Dowling
[log in to unmask]
Genny Engel wrote:
> More anecdote: I got rid of pretty much 100% of spam on our blog by
> commenting out the URL input box. Then add a few lines of code to the
> comment processor:
>
> if ($_POST['url']) {
> header('HTTP/1.0 406 Not Acceptable');
> exit;
> }
>
> If the post contains a URL it's a bot, since a human wouldn't be able
> to submit a URL field. What I don't know is whether all the bots
> hitting our comment form happen to be WordPress-specific bots
> preprogrammed to send a URL value, or if it's really true in a more
> general sense that commenting out input fields is a good way to foil
> bots.
>
>
>
>
> Genny Engel
> Internet Librarian
> Sonoma County Library
> [log in to unmask]
> 707 545-0831 x581
> www.sonomalibrary.org
>
>
>
>>>> [log in to unmask] 07/01/08 02:00PM >>>
> It's anecdotal, but since I added a little "What's two plus two" input
> box to my forms, we hardly get any more form spam. You could easily
> switch the question each time, although I haven't had the need to.
>
> We weren't getting hit once a minute, mind you, so you might be
> attracting a better class of bots . . . .
>
> On Tue, Jul 1, 2008 at 10:36 AM, MJ Ray <[log in to unmask]> wrote:
>> Thomas Dowling <[log in to unmask]> wrote:
>>> Does anyone know anything concrete about "cognitive" captchas? I've
> run
>>> into anecdotal support for things like:
>>> Enter the word "orange" <input name="foo">
>> [...]
>>> Are these known to work? Or are they just clever guesses about
> what
>>> bots might not be able to figure out?
>> There are mostly anecdotes because this stuff is hard to test
>> properly. I found they worked a little, but are just clever
> guesses.
>> "3.1 Logic puzzles
>>
>> The goal of visual verification is to separate human from machine.
> One
>> reasonable way to do this is to test for logic. Simple mathematical
>> word puzzles, trivia, and the like may raise the bar for robots, at
>> least to the point where using them is more attractive elsewhere.
>>
>> Problems: Users with cognitive disabilities may still have trouble.
>> Answers may need to be handled flexibly, if they require free-form
>> text. A system would have to maintain a vast number of questions, or
>> shift them around programmatically, in order to keep spiders from
>> capturing them all. This approach is also subject to defeat by human
>> operators."
>>
>> Source: http://www.w3.org/TR/turingtest/#logic
>>
>>
>> As that last phrase hints, bots are not the only problem. See
>> http://www.schneier.com/blog/archives/2007/11/spammers_using.html
>> for example.
>>
>>
>> Hope that helps,
>> --
>> MJ Ray (slef)
>> Webmaster for hire, statistician and online shop builder for a small
>> worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/
>
>> (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
>>
>
>
>
|