I went a different route on my blog. Besides accessibility issues, I wanted to make it my responsibility rather than my users to prove they are human. So I maintain a blacklist.
More importantly I set two session variables on my comment form (a session.commentuser and a session.commentdatetime) which I use on the comment add page. If the session variables don't exist (meaning the posting didn't come from my form on my site, then the user is blacklisted using both ip and email. (When I was getting bombarded by spam comments, I logged them all and realized that spammers do re-use ip addresses and email addresses). I also maintain a word blacklist that blacklists all comments containing frequent spam words. I add to that all the time. When a new user comes in, the comment gets posted and an email comes to me with the comment. I have the option of either whitelisting a user (in which case they can post from that email and ip without further intervention from me. If the user is blacklisted already, their comment gets thrown out and never sees the light of day. New posters are sent to me and I have the opportunity to whitelist or blacklist them at that point. My spam has dropped from 100-250 spam comments a day to about 5-15 a week, which is extremely manageable. I need to rework the word blacklist so that I can update that automatically (currently its in an .ini file, which I am adding to manually and uploading). Although both Captcha's and Human Auth tags are understandable in the context of being bombarded by spam, I don't think its fair to require our users to prove they are human. Sandra Clark ============================== http://www.shayna.com Training in Cascading Style Sheets and Accessibility -----Original Message----- From: Deanna Schneider [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 7:55 AM To: CF-Talk Subject: Re: ANN: CFFormProtect, new open source project We did a version of the human auth tag - the major advantage being that it's accessible. It only uses 2 images, so bots have a 50/50 chance of getting it right - but since we can't use captcha, 50% less spam is better than nothing. It's pretty similar to Jacobs, except it asks the user to select a nature picture, and the alt text then has words that a sight-impaired user would able to logically deduce fit the criteria. For example: glassy lake vs. telephone. Ours uses a back-end home-grown "content server" cfc (to get around sandbox issues) - so it's not very sharable as is - but if anyone wants to try to take what we did and make it more open-source-ish, you'd be welcome to do that. On 10/25/06, Munson, Jacob <[EMAIL PROTECTED]> wrote: > True, there is a 1 and 3 chance. In the next release I want to put a > failure limit in, so bots can't keep hitting it until they get it right. > I suppose I could also add more images to decrease the odds. > > The biggest advantage I hoped was to make it easier on the user. > > > -----Original Message----- > > From: Michael Traher [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, October 24, 2006 1:21 PM > > To: CF-Talk > > Subject: Re: ANN: CFFormProtect, new open source project > > > > what advantage does it have over the usual CAPTCHA method apart from > > being prettier? I would have thought that a bot would take its 1 in > > 3 chance and > > you would therefore not block the bots so effectively. > > > > On 10/24/06, Munson, Jacob <[EMAIL PROTECTED]> wrote: > > > > > > I'm releasing a new open source project, called > > CFFormProtect (licensed > > > under MPL). This attempts to be more user friendly than > > the obfuscated > > > text type of CAPTCHA. CFFormProtect displays three pictures, and > > > the user is asked to click on the correct image. This is a > > > variation of CAPTCHA I've read about, but haven't seen in use. > > > You can see a screenshot and get the download at the project page: > > > http://cfformprotect.riaforge.org/ > > "EMF <idahopower.com>" made the following annotations. > ---------------------------------------------------------------------- > -------- This transmission may contain information that is privileged, > confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. > > ====================================================================== > ======== > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258090 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
