Thanks, onion2k. That's useful information.onion2k wrote: CAPTCHA is not an adequate method. They're relatively easy to break, progressively more difficult for a user to enter as they get stronger, and they're usually very inaccessible for disabled users. Using a hidden form field, or randomised fields, makes life much harder for a bot and has no effect on the user at all. Much better than a CAPTCHA.
How to avoid CAPTCHA ?
Moderator: General Moderators
Re: How to avoid CAPTCHA ?
Re: How to avoid CAPTCHA ?
I don't think so, because we can write a program that :Using a hidden form field, or randomised fields, makes life much harder for a bot and has no effect on the user at all. Much better than a CAPTCHA.
read (open) a website and then submit any forms of it thus if we leave a a hidden field in our forms , it will submit like another form elements.

Re: How to avoid CAPTCHA ?
If you'd bothered to read the post above you'd notice that we're not talking about hidden form fields, we're talking about text input fields hidden using CSS. Unless you're going to go as far as writing a CSS parser for your bot it'll appear like any other text field ... in which case should your bot put text in it or not? It won't know. Let's say the input field has a name of "email" ... most bots are going to put an email address in there ... and then our PHP script rejects it because we know that field was hidden with CSS and thus won't have been filled in by a human.Mds wrote:I don't think so, because we can write a program that :Using a hidden form field, or randomised fields, makes life much harder for a bot and has no effect on the user at all. Much better than a CAPTCHA.
read (open) a website and then submit any forms of it thus if we leave a a hidden field in our forms , it will submit like another form elements.
You'll get on a lot better here if you read the entire thread before making incorrect assumptions.
Re: How to avoid CAPTCHA ?
Can you write a sample snippet code about it.text input fields hidden using CSS

Re: How to avoid CAPTCHA ?
Code: Select all
<div style="display:none;"><label for="email">Email:</label><input type="text" name="email"></div>Re: How to avoid CAPTCHA ?
Excuse me 
So if someone sees our website source and creates a program that leaves this text input fields hidden and doesn't complete it , then he/she can register many users easily.
But with CAPTCHA he/she can't do it.
Is it true ?

So if someone sees our website source and creates a program that leaves this text input fields hidden and doesn't complete it , then he/she can register many users easily.
But with CAPTCHA he/she can't do it.
Is it true ?

Re: How to avoid CAPTCHA ?
That's where the other part comes in - field randomisation. If the form is different every time, with different field names, different order, etc .. then it gets very difficult to program a bot to automatically fill it in. The hidden field is to stop bots that crawl the internet filling in forms at random to try and spam them rather than someone who is specifically targeting your website.Mds wrote:Excuse me
So if someone sees our website source and creates a program that leaves this text input fields hidden and doesn't complete it , then he/she can register many users easily.
But with CAPTCHA he/she can't do it.
Is it true ?
Mind you, no matter how hard you make it you'll never stop the problem completely. Someone could just employ a few people to sit at their PCs and fill in the form by hand. No scripting is going to stop that.
-
nickvd
- DevNet Resident
- Posts: 1027
- Joined: Thu Mar 10, 2005 5:27 pm
- Location: Southern Ontario
- Contact:
Re: How to avoid CAPTCHA ?
What worked for me in the past (100% success so far...) is to just use placeholder field names... email becomes field_one name becomes field_two and so on... After that it is a simple matter of some defines or an array to map the real name to the placeholder...
a small snippet from a contact form..
a small snippet from a contact form..
Code: Select all
$config['Contact_Form_Validation'] = array(
'fields' => array(
'input_one' => 'Name',
'input_two' => 'Email Address',
'input_three' => 'Message'
),
'rules' => array(
'input_one' => 'trim|required|alpha_dash|min_length[4]|max_length[50]',
'input_two' => 'trim|required|valid_email',
'input_three' => 'trim|required|min_length[5]'
)
);Re: How to avoid CAPTCHA ?
That's right.Mind you, no matter how hard you make it you'll never stop the problem completely. Someone could just employ a few people to sit at their PCs and fill in the form by hand. No scripting is going to stop that.
I think there is an issue yet.That's where the other part comes in - field randomisation. If the form is different every time, with different field names, different order, etc .. then it gets very difficult to program a bot to automatically fill it in. The hidden field is to stop bots that crawl the internet filling in forms at random to try and spam them rather than someone who is specifically targeting your website.

If a program open our website programmatic , random field doesn't do anything.
Because it downloaded and if the program submit the form random field will submit too.
Yes ?
Re: How to avoid CAPTCHA ?
I'm not talking about a single additional field. I'm talking about randomising all the fields in the form so when you load it 50 times in a row you never get the same fields in the same order, or with the same names, or anything. All the validation would still need to pass, which is easy for a person filling in the form, but really hard for a bot.Mds wrote:If a program open our website programmatic , random field doesn't do anything.
Because it downloaded and if the program submit the form random field will submit too.
Re: How to avoid CAPTCHA ?
I've got it.I'm not talking about a single additional field. I'm talking about randomising all the fields in the form so when you load it 50 times in a row you never get the same fields in the same order, or with the same names, or anything. All the validation would still need to pass, which is easy for a person filling in the form, but really hard for a bot.
But still you don't understand me
I'm saying there are some programs that work like an Internet Browser. First download your website completely and then fill the Form's fields of it then submit it.
Thus it makes no difference , if we use random fields or static fields.
Do you understand what I mean
Re: How to avoid CAPTCHA ?
You appear to be failing to think about how you might implement this approach. There needs to be something that tells the server which form it sent to the user, what the fields were, and in what order they appeared - otherwise you won't be able to validate any of it. That's usually something in the user's session data. If they save the form and submit it over and over it won't work because they won't have any session data that matches the form that they're submitting. Well, they will the first time if their session is still active but once the form is submitted once you can wipe out the session data. So it'll still fail.Mds wrote:I'm saying there are some programs that work like an Internet Browser. First download your website completely and then fill the Form's fields of it then submit it.
Thus it makes no difference , if we use random fields or static fields.
Do you understand what I mean
Re: How to avoid CAPTCHA ?
hmm.. could a hidden dummy input field with css work? If robots fill all the fields with trash then that field would be too, so we check if there is any value when submitted and prohibit submission if it is.
Re: How to avoid CAPTCHA ?
Already been mentioned in this thread a couple times. Like here. Interesting approach that I had never thought of.Sindarin wrote:hmm.. could a hidden dummy input field with css work? If robots fill all the fields with trash then that field would be too, so we check if there is any value when submitted and prohibit submission if it is.