On Thu, Oct 11, 2012 at 6:59 PM, Maciek Sokolewicz <tularis@xxxxxxx> wrote: > On 11-10-2012 22:18, Ashley Sheridan wrote: >>>> >>>> I've been getting spam comments on my personal blog (runs on >>>> self-written PHP blog software). I'd like to test some methods I've >>>> devised to prevent or block it. Does anyone know of a very >>> >>> lightweight >>>> >>>> framework for simulating an automated "form fill-out" on a site? >>>> Something where you could just add some code to designate the site >>> >>> for >>>> >>>> the "attack" and then what fields you wanted to send? >>>> >>>> This should be a relatively simple task for PHP and curl, but I'm not >>>> really familiar with the headers and that part of the HTTP >>> >>> conversation. >>>> >>>> Yes, I know this is a risky question for a public list. Feel free to >>>> contact me privately if you think the answer shouldn't be in the >>>> archives of a public list. Likewise, if you can point me to a source >>> >>> of >>>> >>>> quickly absorbable research on the subject. I frankly don't know how >>> >>> I'd >>>> >>>> google such a thing. >>>> >>>> Paul >>>> >>>> -- >>>> Paul M. Foster >>>> http://noferblatz.com >>>> http://quillandmouse.com >>>> >>>> -- >>>> PHP General Mailing List (http://www.php.net/) >>>> To unsubscribe, visit: http://www.php.net/unsub.php >>>> >> >> To avoid having to create your own anti-spam system, I recommend Akismet, >> which weights posts allowing you to set a rejection threshold. The great >> thing is that it is constantly improving over time. >> > I've recently looked into the more modern captcha systems. I personally > can't stand the "standard" captcha of having to decipher what characters are > present on a distorted image. The last few years I've noticed that more and > more often I can't decipher what an image is supposed to say. And after a > few tries of unsuccesful replying what the image says, I just give up. This > seems to be a reverse-Turing-test by now. Computers being able to guess > better than humans. > > Anyway, I wrote my own captcha system. I've noticed that simple things like > "what is the capital of the USA?" and then being able to choose "Hong-Kong, > Washington or Rome" or a question like "Is water wet or dry?" work very very > well. Just make up a bunch of these, and then randomly pick one to have > people answer on your blog. It completely stopped registration spam on my > forum. Simply because bots don't understand such questions. > > - Tul > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > The reCAPTCHA de facto standard most sites use is painful for many of us. Many times I cannot decipher the visual words, and the audio version is quite impossible for me to figure out. The http://textcaptcha.com/ site has some very good ideas about using captchas, and even *more* insight into why you might not need them at all: http://textcaptcha.com/really and http://textcaptcha.com/why offer great explanations and ideas. The method Tul describes above is very much in line with what they are proposing and offering as a service, should one need one. I run a few public wikis, and amazingly have never had a spam problem. The wiki is locked to editing, however, the guest user and password are shown in plain text right on the login page. Even the commenting system, which is open to anyone, doesn't ever get any spam, and the "sekrit code" you have to enter is printed right in front of the box in plain text. The extent to which some people think they need to go to avoid spam are largely wasted, I feel. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
