: What solutions to prevent spam of web forms are less intrusive for users? I know about captcha. However, often it is stated that captcha stops legitimate users due to the inconvenience. Are
I know about captcha. However, often it is stated that captcha stops legitimate users due to the inconvenience. Are there other solution, that in particular look for pattern in the input similar to e-mail spamfilters, or for random sequences of letters? (In particular, a solution that works with drupal would be good).
More posts by @Jamie184
4 Comments
Sorted by latest first Latest Oldest Best
I use the antispam module and configured it to let akismet check for spam. Works very well for me. It does mean you still get a lot of spam messages, but they are filtered out nearly flawlessly.
For solutions like this, if you're using an existing content management system, always seek best-of-breed solutions for your specific tool. The plus is that usually these tools are straightforward to install and test and if they don't work, try others out. If I were in your shoes and would check out Mollom. Here's a description:
Mollom provides a one stop solution
for all spam problems and can protect
the following Drupal forms. It offers
and intelligently combines:
CAPTCHAs -- both image and audio CAPTCHAs
text analysis
user reputations
and can:
block comment form spam
block contact form spam
protect the user registration form against fake user accounts
protect the password request form
block spam on any node form, such as forum topics, articles, stories, pages, and more
For more information about Mollom, you can read this Mollom introduction.
Here are 3 ways I have seen to do this:
One way - stackoverflow.com/questions/8472/practical-non-image-based-captcha-approaches. Another way - stackoverflow.com/questions/2475806/captcha-replacement Msft has even made a one with Ajax! www.asp.net/AJAX/AjaxControlToolkit/Samples/NoBot/NoBot.aspx
In general there are 3 "ways" to solve this:
Make the user do something to prove they are human. CAPTCHA or anything like it where the user must do extra work.
See how long it take the user to enter data. Computers are much faster at filling forms out.
Obfuscate what inputs are being used for what in the HTML itself.
All of these methods have shortcomings. CAPTCHA requires more work and eventually developers can find ways to solve the CAPTCHA programatically. Some have even resourted to paying cheap labor to manually overcome them. Waiting will work well until it becomes prevalent and then hackers will just make their programs wait until they submit. Finally, obfuscation except you have to tell the user what to enter so that will give some of it away. You can further obfuscate those fields by using Javascript to populate names later. It is all basically a cat and mouse game.
I think CAPTCHA ends up being the most effective and the most annoying for the user though.
I've heard of people putting fields in forms and then hiding them behind an image or div. Then when the form is submitted, if that 'hidden' field is filed out then they know it was filed out by a bot and not a human.
Obviously this method has drawbacks (particularly for the visually impaired) and I can't say I've ever implemented it myself.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.