On Sun, 2007-09-09 at 14:33 -0700, Asheesh Laroia wrote: > On Sun, 9 Sep 2007, Will wrote: > > > > > Hi, > > > > I had an idea to avoid spam. I could put an onClick hander in my > > submit button that inserts a token in to a hidden field, which is > > subsequently checked by the Python code. That should distinguish > > between bots and people, right? > > Only if the bots can't handle JavaScript. That's usually true. > > But humans using lynx or browsing with JS disabled wouldn't be able to > pass the test. So it's not quite great.
And speaking of humans, lots of "spambots" actually *are* human, so there's no foolproof method. Probably the best route is going to be a combination of techniques, each weighted and combined into a final "spamminess" factor: 1. Checking the "referer" header - lots of spammers try to go directly to forms (usually found via a search engine), so requiring them to visit another page first is a hassle for them. 2. Bayesian content filtering (divmod's Reverend might be a good choice here). 3. Simple "human" test (adding two numbers, captcha, etc). 4. External spam tests (i.e. checking against a dns blacklist). 5. Honeypot features. This is mostly useful against bots, but having a hidden form entry that would not be filled in by a human is a good way to detect a bot (most of them try to fill in all the fields on a form regardless of what the field pertains to). At the end of your tests, if the spamminess factor is a certain level you can submit it for human review (moderation), which is going to be the only foolproof method. You can also use this step to help train your Bayesian filter if you choose to use one. Clearly a human spammer can't be easily defeated by automated means, but volume is their goal, so a site that slows them down significantly will be an unattractive target (at the very least it helps reduce the overall amount of spam on the net if each spam takes longer). The trick is to find the sweet spot that isn't too draconian for valid users but bothersome for people trying to achieve high volumes. Regards, Cliff --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
