Slashdot Mirror

← Back to Stories (view on slashdot.org)

Block Spam Bots With Free CAPTCHA Service

Posted by timothy on from the screwtape-and-pals-shriek dept.

Chirag Mehta writes "I just released a freeware service called BotBlock (barebones demo) that lets site owners copy/paste a few lines of PHP code and insert a CAPTCHA image-verification system into any web form. The amount of form spamming by bots is on a rise. While remedies exist for MT blogs, a more efficient solution is to use image-verification or text-identification. Used for a while by sites like Yahoo! (scroll to bottom), Hotmail and patented in 2001 by AltaVista, CAPTCHAs are now being used more widely. PARC also came up with two algorithms Baffletext and Pessimal Print. The technology always existed, but until now required the site owners to install image libraries and understand how to generate images that cannot be OCR'ed. With BotBlock it is like inserting a page counter."

6 of 56 comments (clear)

  1. What about blind people? by FattMattP · · Score: 4, Interesting

    What about people who are blind or visually impared? Does your implementation take that into account?

    --
    Prevent email address forgery. Publish SPF records for y
    1. Re:What about blind people? by Glass+of+Water · · Score: 5, Interesting
      What they should do is use a question, written out in regular HTML text that is easy for a human to answer but hard for a computer. Example: What color is the sky on a cloudless day? Another example: My name is Joe Frank Smith. What are my initials?

      Think those are easy for basic AI bots? Then try them with one of the existing online bots.

      Seems like the problem with this (as opposed to generating pictures) is that it's hard to generate question/answer pairs where there is a one-word or obvious single answer. You don't want to use yes/no questions or questions where the answer is a word in the question ("Which is heavier, lead or cotton?").

      --
      There are no trolls. There are no trees out here.
    2. Re:What about blind people? by Jerf · · Score: 2, Interesting

      What they should do is use a question, written out in regular HTML text that is easy for a human to answer but hard for a computer. Example: What color is the sky on a cloudless day?

      I'm afraid I'd have to recommend against using that question for blind people.

      Might want to pick your examples a bit more carefully ;-)

      (Not that it's absolutely impossible they'd know the answer, but it's mere meaningless trivia to someone who has been blind from birth; I don't think I'd remember it.)

      Think those are easy for basic AI bots?

      Remember, you're not going up against the bots, you're going up against the bots as a proxy for a spammer. If you create a pattern "My name is $random_first $random_middle $random_last. What are my initials?" then the answer is something like

      perl -pe 's/My name is (\w)\w* (\w)\w* (\w)\w*. What are my initials\?/$1$2$3/g'

      (Try it on your question. Be sure to type the question precisely.)

      Now you're back in an arms race against the spammers; the whle point is to avoid the arms race in the first place.

      BTW, before criticising this 'solution', be sure you understand what an arms race is. I know you could further obfuscate it. But you could also further de-obfuscate it. And believe me, with a halfway intelligent system I can keep pace with you; for instance, if I write my cheating spammer so it brings things to my attention in real time as it can't figure them out, I can build a solution bank pretty quickly, not quite as quickly as you can create new challenges (well, maybe, if I'm better then the challenge writer), but certainly faster then you could deploy the new challenges. If you're not bypassing the arms race entirely, you're not winning, you're losing long term.

      This is a common failing of understanding when thinking about these technologies. You're not going up against a machine, you're going up against an augmented human. (It's why I still think Bayesian filtering will fail eventually, too; the spammers can augment themselves with the same technology, fortunately they just haven't correctly figured it out yet. The clock is probably ticking, though.)

  2. okay class, pencils down by Phoenix+Dreamscape · · Score: 2, Interesting

    Some of the examples on their site take a lot more time and mental effort than just looking at a word and typing it. I would be very bothered if I had to take one of those little tests just to fill out a form.

    --
    Scratched Emulsion
  3. Patented? by orthogonal · · Score: 2, Interesting

    patented in 2001 by AltaVista

    If AltaVista patented it, does BotBlock license the patent? Or will this service be rather short-lived?

    --
    Opinions on the Twiddler2 hand-held keyboard?
  4. I'm neither blind nor deaf, but... by jcwren · · Score: 2, Interesting

    ...the images here here are absolutely unreadable. If I had to use this to subscribe to a site or forum, or fill out a form, I'd just say "screw it", and wander on down the 'net.