Hi,
My site has always been targeted by spams for some reason. I want to write a code to prevent this. I know some people use captchas. but I would prefer to know the idea or concept to against the spams.
How entering numbers or answering questions can help us to stop the spams - I still don't get it yet...?
for instance, how answering the questions below can do the magic?
'What is 3 times nine?'
'What number is half a dozen?'
It would be great if you can give me some hint to make this code from scratch...
otherwise, any other programmes like captchas?
many thanks,
Lau
anti spam with questions or numbers
Moderator: General Moderators
-
lauthiamkok
- Forum Contributor
- Posts: 153
- Joined: Wed Apr 01, 2009 2:23 pm
- Location: Plymouth, United Kingdom
- AbraCadaver
- DevNet Master
- Posts: 2572
- Joined: Mon Feb 24, 2003 10:12 am
- Location: The Republic of Texas
- Contact:
Re: anti spam with questions or numbers
These techniques don't stop spam. They for the most part make sure that a human and not an automated program is entering the data. This will help prevent some spam, but a real human user can still enter spam. You probably need to analyze the submitted data and reject it if it contains things that you don't want like links, etc.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Re: anti spam with questions or numbers
Hi lauthiamkok,
While it's not fool-proof, this is a method that I worked out for a site I had that was getting a lot of spam from robots.
You can see it here: http://jerrysartaramastores.com/contact
The idea is relatively simple. Two numbers between one and 10 are selected and given to the user. The user is asked to evaluate the sum of the numbers, and if correct, the email is sent. It will not fool all robots, but It will get rid of the bulk of the dumber ones. The trick, however, is to obscure the math. In order to do this, I use the ord() function, to get the ascii character code. The numbers are displayed to the user, but are just displayed as "8 and 1" in the code. They are sent back to the server the same way, using hidden fields:
Once submitted, the server uses chr() to convert the ascii codes back to numbers, and checks the user's math. If the math was right, an email is sent, otherwise, the form is displayed again with the information re-inserted, and a notice "please check your math" is displayed.
Once again, this is not perfect, and it won't stop very very smart robots, but it should get the bulk of them.
Let me know if you have any questions, and good luck!
While it's not fool-proof, this is a method that I worked out for a site I had that was getting a lot of spam from robots.
You can see it here: http://jerrysartaramastores.com/contact
The idea is relatively simple. Two numbers between one and 10 are selected and given to the user. The user is asked to evaluate the sum of the numbers, and if correct, the email is sent. It will not fool all robots, but It will get rid of the bulk of the dumber ones. The trick, however, is to obscure the math. In order to do this, I use the ord() function, to get the ascii character code. The numbers are displayed to the user, but are just displayed as "8 and 1" in the code. They are sent back to the server the same way, using hidden fields:
Code: Select all
<input type="hidden" name="key1" value="56"/>
<input type="hidden" name="key2" value="49"/>Once again, this is not perfect, and it won't stop very very smart robots, but it should get the bulk of them.
Let me know if you have any questions, and good luck!
-
lauthiamkok
- Forum Contributor
- Posts: 153
- Joined: Wed Apr 01, 2009 2:23 pm
- Location: Plymouth, United Kingdom
Re: anti spam with questions or numbers
Hi omniuni,
thanks for the reply.
I am trying to understand your method so that I can write it myself... but I dont quite get it why there are two hidden fields are used - what are they for?
<input type="hidden" name="key1" value="56"/>
<input type="hidden" name="key2" value="49"/>
are these values fixed - 56, 49 or can I use any numbers?
why do we use ord(), and chr() to check the maths - can I use intval() to convert the string to integer for the math?
Thanks,
Lau
thanks for the reply.
I am trying to understand your method so that I can write it myself... but I dont quite get it why there are two hidden fields are used - what are they for?
<input type="hidden" name="key1" value="56"/>
<input type="hidden" name="key2" value="49"/>
are these values fixed - 56, 49 or can I use any numbers?
why do we use ord(), and chr() to check the maths - can I use intval() to convert the string to integer for the math?
Thanks,
Lau
Re: anti spam with questions or numbers
Hi,
The trick is to not include the answer within the form, and also to not make it obvious which numbers are added. The numbers in the hidden input are the ascii code of the actual number being asked to be added. They are generated by PHP and inserted into the form so that the server knows what to evaluate. chr() converts the ordinal number back into the number the user saw and you can then add them together to hopefully verify the sum the user gave.
If you look at the page, you'll notice that I'm generating numbers 1-10, not 56 and 49. 56 and 49 are just the ascii codes of the the two numbers I randomly generate. Also, I send back the two ascii codes and not a solution so that the robot has a more difficult time guessing the solution (as opposed to just, say, inserting the hidden field back into the form).
To display the form:
1. Generate two random numbers
2. Encode numbers to ascii codes
3. Display the form, including the ascii codes as hidden fields.
4. Display the numbers for the user by using html entity notation: 6 where "54" would be your ascii code.
To read and process the form:
1. Read the two hidden fields
2. Convert back to numbers and add them so you have the solution
3. Check the solution the "user" posted
4. Either send the mail, or re-send the form.
Does that help a bit?
The trick is to not include the answer within the form, and also to not make it obvious which numbers are added. The numbers in the hidden input are the ascii code of the actual number being asked to be added. They are generated by PHP and inserted into the form so that the server knows what to evaluate. chr() converts the ordinal number back into the number the user saw and you can then add them together to hopefully verify the sum the user gave.
If you look at the page, you'll notice that I'm generating numbers 1-10, not 56 and 49. 56 and 49 are just the ascii codes of the the two numbers I randomly generate. Also, I send back the two ascii codes and not a solution so that the robot has a more difficult time guessing the solution (as opposed to just, say, inserting the hidden field back into the form).
To display the form:
1. Generate two random numbers
2. Encode numbers to ascii codes
3. Display the form, including the ascii codes as hidden fields.
4. Display the numbers for the user by using html entity notation: 6 where "54" would be your ascii code.
To read and process the form:
1. Read the two hidden fields
2. Convert back to numbers and add them so you have the solution
3. Check the solution the "user" posted
4. Either send the mail, or re-send the form.
Does that help a bit?
-
lauthiamkok
- Forum Contributor
- Posts: 153
- Joined: Wed Apr 01, 2009 2:23 pm
- Location: Plymouth, United Kingdom
Re: anti spam with questions or numbers
Hi omniuni,
Thanks for the reply. It is very helpful. I will start doing this programme soon! thanks for this idea!
Cheers,
Lau
Thanks for the reply. It is very helpful. I will start doing this programme soon! thanks for this idea!
Cheers,
Lau
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: anti spam with questions or numbers
There's no way to entirely stop spam. It's like trying to stop anyone from putting spam in your real life mailbox. You just can't do that and sometimes it comes down to what we define as spam.
If you want to eliminate most of automated bots spamming your sites, a CAPTCHA will do if the CAPTCHA is not easy to break. This, however, is inconvenient to the real users. Another solution is to use JavaScript to trick bots or use CSS to hide elements. However, targeted bots will beat JavaScript and CSS based approaches and any other client-side techniques. In the end, it's all about getting less spam, and not stopping spamming entirely as it's not possible. Even with CAPTCHAs you will get spammed by human spammers.
One less used technique is to ask for a payment, ask for a driving license or send an SMS. For example, in order to register one needs to pay $1 from a unique account. That pretty much kills all spam, but still it won't make it impossible to spam. It's just that it becomes pricey to spam, thus it eliminates a huge portion of spam.
If you want to eliminate most of automated bots spamming your sites, a CAPTCHA will do if the CAPTCHA is not easy to break. This, however, is inconvenient to the real users. Another solution is to use JavaScript to trick bots or use CSS to hide elements. However, targeted bots will beat JavaScript and CSS based approaches and any other client-side techniques. In the end, it's all about getting less spam, and not stopping spamming entirely as it's not possible. Even with CAPTCHAs you will get spammed by human spammers.
One less used technique is to ask for a payment, ask for a driving license or send an SMS. For example, in order to register one needs to pay $1 from a unique account. That pretty much kills all spam, but still it won't make it impossible to spam. It's just that it becomes pricey to spam, thus it eliminates a huge portion of spam.
-
lauthiamkok
- Forum Contributor
- Posts: 153
- Joined: Wed Apr 01, 2009 2:23 pm
- Location: Plymouth, United Kingdom
Re: anti spam with questions or numbers
Hi kaisellgren,
Thanks for the reply and the suggestions.
Thanks for the reply and the suggestions.