Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

CAPTCHA Alternatives

  • 11-03-2009 1:18pm
    #1
    Registered Users, Registered Users 2 Posts: 9,383 ✭✭✭


    I'm just about to develop a basic php/mysql site which will invlove users adding a small amount of information to a database.

    What are the best options for avoiding spam?

    Having a members area seems like it would have a major negative effect on those willing to contribute.

    Even a CAPTCHA seems a little user-unfriendly.

    Is there any other options out there?


Comments

  • Registered Users, Registered Users 2 Posts: 8,488 ✭✭✭Goodshape


    Not entirely fool-proof but using 'dummy' fields, hidden from view with css, seems to stop a lot of spam for me, while the user gets a clean and simple form-filling-out experience.

    Essentially, you've got your basic fields -- name, email, subject, enquiry -- and then add another one, call it something like "full_name", wrap it in a span or div and hide that span or div using css ("display : none; visibility : hidden;").

    A user won't see that field at all so it'll be submitted blank. Most spam bots will scan the html and will fill it up with junk same as the other fields.

    In the backend simply say "if full_name is not empty, we've got a spambot".

    I'm not sure of the longevity of this sort of fix (if I was writing a spambot today I'd probably instruct it to scan the css files for any hidden element shinanigans) but this is working for me at the moment on a number of sites.


  • Registered Users, Registered Users 2 Posts: 9,225 ✭✭✭Chardee MacDennis


    Goodshape wrote: »
    Not entirely fool-proof but using 'dummy' fields, hidden from view with css, seems to stop a lot of spam for me, while the user gets a clean and simple form-filling-out experience.

    Essentially, you've got your basic fields -- name, email, subject, enquiry -- and then add another one, call it something like "full_name", wrap it in a span or div and hide that span or div using css ("display : none; visibility : hidden;").

    A user won't see that field at all so it'll be submitted blank. Most spam bots will scan the html and will fill it up with junk same as the other fields.

    In the backend simply say "if full_name is not empty, we've got a spambot".

    I'm not sure of the longevity of this sort of fix (if I was writing a spambot today I'd probably instruct it to scan the css files for any hidden element shinanigans) but this is working for me at the moment on a number of sites.

    i like that idea, but instead of using visibility could you position it off the page or even behind an element, so the spambot wouldnt know you had hidden it?


  • Registered Users, Registered Users 2 Posts: 8,488 ✭✭✭Goodshape


    i like that idea, but instead of using visibility could you position it off the page or even behind an element, so the spambot wouldnt know you had hidden it?
    ah! hadn't thought of that!

    CSS hidden fields seems to be working for now but might try alternating the method if (or when?) they start copping on. Good idea.


  • Registered Users, Registered Users 2 Posts: 9,383 ✭✭✭S.M.B.


    Cheers lads,

    I'll probably go with positioning the hidden field off the page. Sounds like it should do the job.


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    S.M.B. wrote: »
    Cheers lads,

    I'll probably go with positioning the hidden field off the page. Sounds like it should do the job.

    Make sure you set your tab index on the field so the user can't tab to it. Could be confusing. You could also use JavaScript to set the style for the textbox, I can't see a spambot being able to figure that out.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,383 ✭✭✭S.M.B.


    tabindex = 0 would solve that problem wouldn't it?

    Maybe the css hidden field is a better option.

    I think I'll be avoiding any sort of captcha anyway.


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    I think tabindex='' will mean it can't get focus (other than through scripting), but not too sure.


  • Registered Users, Registered Users 2 Posts: 706 ✭✭✭DJB


    Recently been implementing that hidden dummy field solution on a number of sites that have been getting hit with "generic spam" as opposed to "specific spam". Until any of these sites get really big... this solution seems to be doing the trick.

    I should really track how many spam attacks are actually being stopped by this method.

    What I like about this method is that it's seemless to the user. Fingers crossed is serves us well for the forceable future.

    Dave


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    I reckon it would have to be a very intelligent spambot to figure it out given that you could use JavaScript to write out more JavaScript to hide the field.

    Another thing occurred to me though - in general, would it be an idea to use a form field name that would never be populated by the auto-complete feature of some browsers / toolbars?


Advertisement