RE: Trying to cut down on form spam

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Instead of re-inventing a wheel, maybe use this?

http://googleonlinesecurity.blogspot.com/2014/12/are-you-robot-introducing-no-captcha.html


-----Original Message-----
From: Ken Kixmoeller [mailto:phphelp@xxxxxxxxxxx] 
Sent: Monday, December 08, 2014 2:22 PM
Cc: PHP General list
Subject: Re:  Trying to cut down on form spam

Not for international use, but: I just downloaded a bunch of very easily-identifiable similarly-formatted pictures. Made them the same size.
I created a simple table with the name of the picture file and the english name of the object, both encrypted. Then a simple function created radio buttons with 5 random object names and one of the 5 photos. Display a "The best word to identify this:"

Match 'em up & act accordingly.

On Mon, Dec 8, 2014 at 9:37 AM, Aziz Saleh <azizsaleh@xxxxxxxxx> wrote:

> On Mon, Dec 8, 2014 at 10:14 AM, Ashley Sheridan 
> <ash@xxxxxxxxxxxxxxxxxxxx
> >
> wrote:
>
> >
> >
> > On 8 December 2014 15:10:43 GMT+00:00, Bastien Koert 
> > <phpster@xxxxxxxxx>
> > wrote:
> > >Another trick is to add a hidden field, call it token or something 
> > >like that, but its not used during the scripts execution. Bots are 
> > >stupid and will fill in the field, so a simple check to see if the 
> > >field is filled in renders that submission invalid.
> > >
> > >Bastien
> > >
> > >On Sun, Dec 7, 2014 at 8:05 AM, Matthew Lagoe 
> > ><matthew.lagoe@xxxxxxxxxxx>
> > >wrote:
> > >
> > >> I have also found a "type the number 4 in the box" spam check to 
> > >> be
> > >quite
> > >> effective ;)
> > >>
> > >> Trivial to bypass but itl stop most bots
> > >>
> > >> -----Original Message-----
> > >> From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx]
> > >> Sent: Sunday, December 07, 2014 02:46 AM
> > >> To: dealTek; php-general@xxxxxxxxxxxxx General
> > >> Subject: Re:  Trying to cut down on form spam
> > >>
> > >>
> > >>
> > >> On 6 December 2014 20:04:41 GMT+00:00, dealTek 
> > >> <dealtek@xxxxxxxxx>
> > >wrote:
> > >> >Hi All,
> > >> >
> > >> >I have a 2 page form
> > >> >
> > >> >page 1 = form
> > >> >
> > >> >page 2 = action page (updates database and sends email)
> > >> >
> > >> >So, I am getting a lot of spam. Owner wants very little error
> > >checking
> > >> >for maximum input for possible business..
> > >> >
> > >> >So to cut down on spam I added a simple captcha I made - very 
> > >> >easy
> > >to
> > >> >read with 4 numbers to add to a field and gen_validatorv4.js 
> > >> >helps
> > >to
> > >> >make sure it is filled out correctly or the form won't submit
> > >> >
> > >> >spam get to be way less...
> > >> >
> > >> >then I added an http referrer field to show where it came from....
> > >> >
> > >> >
> > >> >HOWEVER - one kind of spam comes through no matter what I do
> > >> >
> > >> >in the 2 new fields I added (captcha text and referrer) are just
> > >more
> > >> >random text entrees ....
> > >> >
> > >> >- also changed url for the action page - more spam again within
> > >minutes
> > >> >(seems like it would take spammers time to learn this...?)
> > >> >
> > >> >
> > >> >it's kind of like spammers are filling out the form - page 1 
> > >> >from
> > >some
> > >> >other location and possibly submitting from some other location
> > >also?
> > >> >
> > >> >Q: How do I stop this form spam?
> > >> >
> > >> >
> > >> >
> > >> >--
> > >> >Thanks,
> > >> >Dave - DealTek
> > >> >dealtek@xxxxxxxxx
> > >> >[db-14]
> > >> >
> > >> >
> > >> >--
> > >> >PHP General Mailing List (http://www.php.net/) To unsubscribe,
> > >visit:
> > >> >http://www.php.net/unsub.php
> > >>
> > >>
> > >> First, never rely on JavaScript for form validation, as you've 
> > >> seen,
> > >it's
> > >> trivial to bypass. You need some kind of validation on the 
> > >> server,
> > >always.
> > >>
> > >> Get that in place, tie it in with your captcha (if that one is 
> > >> not possible try Google recaptcha) and make sure everything else 
> > >> is
> > >validated
> > >> against, as I have a suspicion your queries may be full of holes...
> > >> Thanks,
> > >> Ash
> > >>
> > >> --
> > >> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
> > >> http://www.php.net/unsub.php
> > >>
> > >>
> > >>
> > >>
> > >> --
> > >> PHP General Mailing List (http://www.php.net/) To unsubscribe, 
> > >> visit: http://www.php.net/unsub.php
> > >>
> > >>
> >
> > A honeypot field wouldn't help in this case, as the spam is already 
> > bypassing the form if I read the op's email correctly Thanks, Ash
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> Personally, the best way I think is using recaptcha:
>
> https://www.google.com/recaptcha/intro/index.html
>
> It has been updated so that the only thing the user needs to do is check a
> checkbox! It doesn't get any easier.
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php






[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux