More anecdote: I got rid of pretty much 100% of spam on our blog by
commenting out the URL input box. Then add a few lines of code to the
comment processor:
if ($_POST['url']) {
header('HTTP/1.0 406 Not Acceptable');
exit;
}
If the post contains a URL it's a bot, since a human wouldn't be able
to submit a URL field. What I don't know is whether all the bots
hitting our comment form happen to be WordPress-specific bots
preprogrammed to send a URL value, or if it's really true in a more
general sense that commenting out input fields is a good way to foil
bots.
Genny Engel
Internet Librarian
Sonoma County Library
[EMAIL PROTECTED]
707 545-0831 x581
www.sonomalibrary.org
[EMAIL PROTECTED] 07/01/08 02:00PM
It's anecdotal, but since I added a little What's two plus two input
box to my forms, we hardly get any more form spam. You could easily
switch the question each time, although I haven't had the need to.
We weren't getting hit once a minute, mind you, so you might be
attracting a better class of bots . . . .
On Tue, Jul 1, 2008 at 10:36 AM, MJ Ray [EMAIL PROTECTED] wrote:
Thomas Dowling [EMAIL PROTECTED] wrote:
Does anyone know anything concrete about cognitive captchas? I've
run
into anecdotal support for things like:
Enter the word orange input name=foo
[...]
Are these known to work? Or are they just clever guesses about
what
bots might not be able to figure out?
There are mostly anecdotes because this stuff is hard to test
properly. I found they worked a little, but are just clever
guesses.
3.1 Logic puzzles
The goal of visual verification is to separate human from machine.
One
reasonable way to do this is to test for logic. Simple mathematical
word puzzles, trivia, and the like may raise the bar for robots, at
least to the point where using them is more attractive elsewhere.
Problems: Users with cognitive disabilities may still have trouble.
Answers may need to be handled flexibly, if they require free-form
text. A system would have to maintain a vast number of questions, or
shift them around programmatically, in order to keep spiders from
capturing them all. This approach is also subject to defeat by human
operators.
Source: http://www.w3.org/TR/turingtest/#logic
As that last phrase hints, bots are not the only problem. See
http://www.schneier.com/blog/archives/2007/11/spammers_using.html
for example.
Hope that helps,
--
MJ Ray (slef)
Webmaster for hire, statistician and online shop builder for a small
worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/
(Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
--
Andrew Darby
Web Services Librarian
Ithaca College Library
http://www.ithaca.edu/library/
[EMAIL PROTECTED]