I read something (I think on Slashdot) a while back about another method that could be used to avoid CAPTCHAs. Basically on top of your standard form field, you place some input fields in a javascript hidden div around your page conveniently named things like "email", "address", or "phone." Because they're hidden, when the form submits they should exist as post variables but have a value untouched by the user. Something simple like <div class="spamcatcher"> <input type="text" name="phonenumber" id="phonenumber" /> </div> Then <body onload="hideSpamCatcher()"> A spam bot will generally send a value with every field they come across, especially ones that have really common form field names. They find these fields by parsing through your source for anything that looks like it's submitted. If you hid some "trick" fields around your page and then checked on submit whether or not they had a value, you could probably get a pretty decent turing test without the user suspecting anything. My old thrown together blog from a few years back had an unchecked comment script that caught quite a bit of spam once I stopped caring about it. I've been considering putting that back together and using this method just to see if the spam is cut back at all. Anyone have any experiences (good or bad) with this method? "John Comerford" <johnc@xxxxxxxxxxxxxxxxxxxx> wrote in message news:460C5AF1.4040102@xxxxxxxxxxxxxxxxxx >I was reading the current tread on CAPTCHA and possible cracks and I >thought maybe I'd throw this out to the group to see what you think. >Recently I saw a forum where in order to post you first had to click on a >div that was placed at a random location on the page, it read something >like, "Click here if you are human". I was thinking that maybe you could >put together a system that looks something like this: > > http://people.aapt.net.au/JComerford/ClickMe.htm > > I was thinking you could use it in a couple of ways: > > 1) As a replacement to a CAPTCHA image > 2) When you click the image a CAPTCHA image is loaded into the 'Click Me' > container > > The main problem is how to tell the server that the div has been clicked, > in a way that can't be simulated. I am not an expect with either JS or > PHP, but maybe some of the bigger brains out there could throw in their 2 > cents...... > > JC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
