almost forgot. Second step is actually to add a time verification to see if user opened the comment form at least 5 seconds before posting.
On Saturday, June 15, 2013 10:52:44 PM UTC+2, Niphlod wrote: > > rephrasing. honeypot field (i.e. hidden from users, needs to be empty, > usually filled by bots) is the "simplier implementation". > If users programming bots wants to tackle your site, they find the > honeypot pretty easily and then code accordingly, so back to square 1. > > Second one is js execution. This is effectively mitigating a lot (>90%) of > attempts on the aforementioned site. > I don't know why you state that js verification can be passed by bots... > usually they don't want to waste cpu resources loading a full js > environment (spidermonkey, phantomjs) just to crack your site (that's the > other <10%) > > > Next on the moderation: everything gets checked in as draft and then > moderators check those messages and "publish them". Anthony's solution is > the best "bang for the buck" one, but a management "console" has to be > programmed anyway, and every bot that gets in needs to be removed anyway > (as right now) > > Here we stop about "transparent to the users" solutions to the problem. > > Next step, we want to "annoy" users.....then requiring filling a captcha, > replying to a question, require to register all make sense, but it kinda > shifts the problem. captcha are passed right now, a small database of > answers gets pounded easily if the bot's programmer is looking at your site > (or, with wolphram alpha, he wants to enjoy natural language programming). > > Another step, pass everything through predefined filters, as > stopforumspam. Surely won't get you killed, but can be heavy on a social > app (thinking about slices that runs on pythonanywhere, don't know how much > "juice" has got). > Yet another step, pass everything to akismet (@alan beat me while I was > writing the post). Doesn't work always and can ban for false positives. > Sync use slows the comment form a lot, async one needs some machinery to > work (again, checking in everything as draft, then submitting to akismet > and pruning whatever returns "it's a spam message"). > >> >>> -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
