Enter the numbers below to prevent spam

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
lauthiamkok
Forum Contributor
Posts: 153
Joined: Wed Apr 01, 2009 2:23 pm
Location: Plymouth, United Kingdom

Enter the numbers below to prevent spam

Post by lauthiamkok »

Hi,
I have seen many site asking users/ visitors to enter a certain type of numbers before submitting a form to prevent spam attackers.

How does it work actually? Does it really effective? Or is there any other better solutions to avoid spam attacks?

I am trying to look for tutorial or code to write this part for my blog but still can't find any resources yet...

Please let me know if u have any ideas.

Many thanks,
Lau
User avatar
jazz090
Forum Contributor
Posts: 176
Joined: Sun Apr 12, 2009 3:29 pm
Location: England

Re: Enter the numbers below to prevent spam

Post by jazz090 »

it does prevent spam bots A LOT to my exp, even if u dont wanna code one, just use reCAPTCHA free
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Enter the numbers below to prevent spam

Post by kaisellgren »

It is very easy to write a bot that interprets your spam challenge and answers correctly. The "protection" usually prevents only bots that are created for general spamming, but bots that are targeted at your site will easily circumvent it. CAPTCHAs usually prevent even targeted bots.
Yossarian
Forum Contributor
Posts: 101
Joined: Fri Jun 30, 2006 4:43 am

Re: Enter the numbers below to prevent spam

Post by Yossarian »

I don't like captchas, and not every server has gd installed.

I made myself a simple turing test not long ago.

I maintain a short array of questions and answers:

$q = [27]['What is 3 times nine?'];
$q = [6]['What number is half a dozen?'];

On the page I ask the question (kept in a session), and check the returning value against the key.

Three strikes and they are out.

There are only handful of questions and so far we got no spam thanks to it.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Enter the numbers below to prevent spam

Post by kaisellgren »

That would probably block 99% of non-targeted bots, but any targeted bot will pass it. As the time goes on, the number of targeted bots will increase. Cross your fingers.
david64
Forum Commoner
Posts: 53
Joined: Sat May 02, 2009 8:12 am
Location: Wales

Re: Enter the numbers below to prevent spam

Post by david64 »

One option is to use JavaScript to insert the action attribute of a form. If you are developing a bespoke site, this should do the trick. However, if you are making something to be used across numerous sites it is best to use a captcha. The best one is probably recaptcha, but there are some folks who have cracked it with a decent crack rate.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Enter the numbers below to prevent spam

Post by kaisellgren »

david64 wrote:but there are some folks who have cracked it with a decent crack rate.
It does not matter if the CAPTCHA you use is broken or not. Only a bot that is targeted at your site may bypass the CAPTCHA, therefore, it would be easier to just copy the email & do the CAPTCHA manually than to write a bot to do that for a specific site...
Post Reply