I believe that would be an error 438 (38 = F U on a DTMF keypad). Would you
like to co-author an Internet Draft to get it in the RFC? ;)
On Thu, Jul 3, 2008 at 4:22 PM, Thomas Dowling <[log in to unmask]>
wrote:
> I renamed our input for e-mail address from '<input name="email">' to
> something pretty generic, and the bots that hit us immediately stopped
> supplying valid addresses for that input, so that's easy to catch.
>
> Then as an experiment, I put '<input name="email">' back in, inside a
> comment. Sure enough, the bots see it and stick and address there, which is
> even easier to catch. So it isn't just a WordPress thing.
>
> Now if I could just return an HTTP status that meant "Go #%@! yourself".
>
>
> Thomas Dowling
> [log in to unmask]
>
>
>
>
> Genny Engel wrote:
>
>> More anecdote: I got rid of pretty much 100% of spam on our blog by
>> commenting out the URL input box. Then add a few lines of code to the
>> comment processor:
>> if ($_POST['url']) {
>> header('HTTP/1.0 406 Not Acceptable'); exit;
>> }
>> If the post contains a URL it's a bot, since a human wouldn't be able
>> to submit a URL field. What I don't know is whether all the bots
>> hitting our comment form happen to be WordPress-specific bots
>> preprogrammed to send a URL value, or if it's really true in a more
>> general sense that commenting out input fields is a good way to foil
>> bots.
>> Genny Engel
>> Internet Librarian
>> Sonoma County Library
>> [log in to unmask]
>> 707 545-0831 x581
>> www.sonomalibrary.org
>>
>>
>> [log in to unmask] 07/01/08 02:00PM >>>
>>>>>
>>>> It's anecdotal, but since I added a little "What's two plus two" input
>> box to my forms, we hardly get any more form spam. You could easily
>> switch the question each time, although I haven't had the need to.
>>
>> We weren't getting hit once a minute, mind you, so you might be
>> attracting a better class of bots . . . .
>>
>> On Tue, Jul 1, 2008 at 10:36 AM, MJ Ray <[log in to unmask]> wrote:
>>
>>> Thomas Dowling <[log in to unmask]> wrote:
>>>
>>>> Does anyone know anything concrete about "cognitive" captchas? I've
>>>>
>>> run
>>
>>> into anecdotal support for things like:
>>>> Enter the word "orange" <input name="foo">
>>>>
>>> [...]
>>>
>>>> Are these known to work? Or are they just clever guesses about
>>>>
>>> what
>>
>>> bots might not be able to figure out?
>>>>
>>> There are mostly anecdotes because this stuff is hard to test
>>> properly. I found they worked a little, but are just clever
>>>
>> guesses.
>>
>>> "3.1 Logic puzzles
>>>
>>> The goal of visual verification is to separate human from machine.
>>>
>> One
>>
>>> reasonable way to do this is to test for logic. Simple mathematical
>>> word puzzles, trivia, and the like may raise the bar for robots, at
>>> least to the point where using them is more attractive elsewhere.
>>>
>>> Problems: Users with cognitive disabilities may still have trouble.
>>> Answers may need to be handled flexibly, if they require free-form
>>> text. A system would have to maintain a vast number of questions, or
>>> shift them around programmatically, in order to keep spiders from
>>> capturing them all. This approach is also subject to defeat by human
>>> operators."
>>>
>>> Source: http://www.w3.org/TR/turingtest/#logic
>>>
>>> As that last phrase hints, bots are not the only problem. See
>>> http://www.schneier.com/blog/archives/2007/11/spammers_using.html for
>>> example.
>>>
>>>
>>> Hope that helps,
>>> --
>>> MJ Ray (slef)
>>> Webmaster for hire, statistician and online shop builder for a small
>>> worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/
>>>
>>
>> (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
>>>
>>>
>>
>>
>>
|