Slashdot Mirror
How to Prevent Form Spam Without Captchas
UnderAttack writes "Spam submitted to web contact forms and forums continues to be a huge problem. The standard way out is the use of captchas. However, captchas can be hard to read even for humans. And if implemented wrong, they will be read by the bots. The SANS Internet Storm Center covers a nice set of alternatives to captchas. For example, the use of style sheets to hide certain form fields from humans, but make them 'attractive' to bots. The idea of these methods is to increase the work a spammer has to do to spam the form without inconveniencing regular users."
Why is it so hard to make a captcha that a bot can't read but a human can?
The slashdot captchas are among the easiest I have ever seen to read, however I still havn't seen any spam on slashdot. Is there something else goign on here? It can't be anything like IP banning or flood controlls as those don't stop botnets. Is it that spammers just don't target slashdot? or is it that captcha reading bots are not nearly that good at breaking them and we could tone down the level of those horrible tiwsted-doted-lined Captchas?
Do Or Do Not, There Is No Spoon, There Is Only Zuul. Everything in the above post is probably opinion.
This is still somewhat problematic for blind users. If decoy field names are picked up when CSS is turned off, then there will be a lot of users exposed to the bogus fields.
...can it be clearly labeld as bogus? Something like:
Subject: _______{-enter your spam topic here if you want me to disregard your email
Can the label/tag telling someone to leave a field blank be hidden form a bot but clearly visible to a live person?
I think you'd find Slashdot very much more trivial and redundant if all non-Americans left.
That said, ADA's can go fuck themselves. I can see making exceptions for EMPLOYEES but why would I have to go out of my way to help customers? What if it's simply not cost effective? If it costs millions to placate the handful of noisemakers is it worth the effort?
Being blind really has to suck. And *I DO* wish that companies would help them out. I don't think we should force them though as it can lead to smaller companies who can't afford to deal with it going out of business.
Sure, our websites would then be ADA compliant, but there would only be a handful of mega-corp websites at that point. So you're trading what little free market economy we have left to placate special interest groups.
Frankly, if I were blind I'd make due and where I couldn't I'd rely on friends or family. No shame in asking a family member to order something from a website for you. Granted "disabled" folk want their independence, they also have to be practical about it....
Tom
Someday, I'll have a real sig.
what fantasy world do you live in? sue spammers? good luck with that. Good luck even finding out what country they are in, much less their identity.
Funny, you guys don't seem to have problems telling others how they should live...
:-) [kiddin about that last bit].
This isn't an America vs. the world issue. All I was saying is that non-Americans bring a different point of view to the table.
If you can't tolerate another point of view, then you can just go on being a xenophobic, ignorant, sheltered, small minded individual. e.g., the typical american.
Tom
Someday, I'll have a real sig.
I can't read the article because it appears to be /.'d, but I have a technique that has foiled a spammer from using my web mail form and it would probably work with discussion forums, too.
.htaccess with a "Deny from" directive.
In the program run to process form input, I check the HTTP_REFERER header sent by the client. It should exactly match the URL of the form that was being posted, if it doesn't, then you know that someone is accessing the input program illegally, i.e. they aren't using your form. It seems that the spambots out there send a referer that matches my site's main domain, but doesn't include the full URL of the form.
Of course, now that this has been posted, it is only a matter of time before the bots are fixed to send the whole form URL. 'Course, I have a couple of other tricks to separate the bots from the humans.
What does my program do when it detects a bot? It returns a 403 Forbidden error and adds the ip address of the client to
I'll have to actually RTFA when it becomes available again later.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
You've obviously never ran a small business so you have no fucking clue whatsoever.
Adding ADA compatible facilities and also making sure you're compliant costs money that most small companies don't have to spend. Given that it's to cater to a SMALLER market segment it's not good business sense to do it.
And why should disabled people not expect to be 100% independent? Because majority rules. Sorry dude. Why should I cripple my business so you can read my literature? You don't have a right to be my customer. You have a right to employment, and to that end I'd have to at least accept the resumes of disabled folk. But i don't have to cater to the whims of every nancy out there with a problem.
Not that catering is bad. I think if a company has the means and market it should attempt to go all ADA compliant. I think it's a good thing to get ramps, lifts, braille/etc. I just don't think it's a good idea to FORCE it upon people.
Tom
Someday, I'll have a real sig.
That's a pretty thoughtless remark.
First off, SSI is for supplementing low income. SSDI is for disability. Secondly, how can you claim that Asperger's is a "fake mental disorder"? It's not something that just appeared recently. It took about 50 years from the time Hans Asperger identified it to when it became an accepted medical diagnosis. Clearly, there's been plenty of time between then and now to study and evaluate the validity of the work. I think it's pretty careless of you to dismiss it off-hand.
One reason people don't get the services they need is that people like you assume that if you can't see the disability, then they probably don't have one. Anyone who knows how a computer program works should know that malfunctioning code is not always obvious, and the cause of its mis-behavior is not always easy to trace. Well the human brain is much less understood than machine code, and is that much harder to diagnose when something is not right.
So if you know something the experts do not, then perhaps you should enlighten the rest of us.
Now, lets enter US law: American with Disabilities Act.
So? Just put a phone number on the site with a "If you are disabled and can't use our captcha, please call our tech support and we'll set up an account."
What makes you think Americans don't already have lots of points of view?
Seriously, what makes you think Americans are a homogeneous mass?
That said, I agree with the underlying theme of your statements - America has gotten away from defending individual freedoms, which is what it was all about originally. Perhaps we should get back to doing just that.
The cesspool just got a check and balance.
yeah, yeah I have. I helped run and manage a family antique shop for several years, then got out of the business to do more interesting things.
It's not about being 100% independent, it's about being as independent as possible. It's about all the small shit that YOU take for granted. It's being able to take a hot bath without worrying if you're going to boil your nerveless legs off, get an infection, and die. it's being able to cook your own meals, at least once in a while; or get your own groceries, or buy the things that other people are buying. Why does a disabled person have to do without, or beg for help from someone? And what if there -isn't- anyone to help, an all too common situation? Shit, my buddy can't even leave the house without someone to help him right now. He's got a visiting nurse who is nice and brings him some fast food once in a while so he can have a bit of variety.
If you're running a small enough shop, being ADA compliant isn't hard anyways, and can amount to a ramp and a handrail. Get some lumber, nails and a hammer and do it yourself! Shit, grants and tax incentives are even available for that shit! And offer assistance to the blind guy or girl, don't tell him/her to fuck off and learn to read. If you don't have regular blind customers, wait until someone asks before you spend the money on braille if you're gonna be cheap.
Goddamn, it's not asking you to suck a dick and buy a ferrari for every cripple who walks or wheels into your storefront! Just let people do their thing, regardless of their physical abilities! It's not about making a ton of money, it's about DOING THE RIGHT THING FOR PEOPLE. And yeah, yeah I DO have a right to be your customer. You cannot deny me custom in your public shop because of my race, gender, religion, or physical ability. That's the law. You have the right not to sell and expose yourself to a lawsuit, but I do have the right to enter your shop until you tell me to leave.
You know why it's law? because without the law, nobody would do it, because so many people are amoral cheapasses, particularly business owners. That's why we developed employee, child labor, and consumer protection laws - business owners weren't exactly chomping at the goddamn bit to be nice to people, not when it might cost a few dollars off the top.
I won't stand for that, so the simple fix is to remove the "WEBSITE" input from the form. If "WEBSITE" gets POSTed along with the other data, I know it's a robot and post a message to kindly go away. Genuine users can edit their profile once the account is activated, if they want to plug their website.
Author, Shell Scripting : Expert Re
You've obviously never ran a small business so you have no fucking clue whatsoever.
Maybe gp doesn't, but I do, and I also happen to be visually impaired (not blind, but bad enough to never be able to drive a car, not be able to read any signs that I can't get close to etc)
Adding ADA compatible facilities and also making sure you're compliant costs money that most small companies don't have to spend. Given that it's to cater to a SMALLER market segment it's not good business sense to do it.
It costs money in quite some cases, but this is to expand your market, not to cater to a smaller market.
And why should disabled people not expect to be 100% independent? Because majority rules. Sorry dude.
What you just described is tirany by the majority, not a democratic society. You may not have noticed, but the system in the USA has all kinds of provisions to try to prevent exactly that. Actually taking into account the needs of minorities, upto individuals, is a fundamental part of the system.
Why should I expect to not be 100% dependent? because there is no reason why I should be. I am actually in a situation where I am not much more dependent on others then I would be without being visually impaired. That is for a substantial part a consequence of my own choices, and it is first of all my own responsibility to see to this. That said, I am hindered by many things that would not have costed money to prevent, will cost little to fix, and mostly happen out of ignorance, not because of it costing money. I don't see anything wrong with getting people to put a little thought into this, if needed by means of the law.
Not to mention that when as many disabled people as possible can be as independent as reasonably possible, the outcome for society as a whole is surely better from a social point of view, and it is quite likely cheaper on the whole as well.
Why should I cripple my business so you can read my literature?
Expanding your potential market is not in itself crippling your business.
You do have a point that it may not be worth it financially when you have to do things like install ramps, elevators etc, it may not fit into your specific building for cosmetical or whatever other reasons, and you can quite rightfully ask how far this should go anyway.
Hence I don't think that there should be laws forcing this onto companies, rather, those who do try to be accessable to disabled people should get the possible cost compensated in the form of tax breaks for example.
You don't have a right to be my customer.
No, but depending on where exactly you live, you might not be allowed to discriminate against me based on disability.
You have a right to employment,
Again this depends on local law, this is different from state to state in the USA, and even more different between countries..
and to that end I'd have to at least accept the resumes of disabled folk. But i don't have to cater to the whims of every nancy out there with a problem.
Making sure you do not create obstacles for disabled people out of ignorace is not catering to the whims of everyone out there with a problem, it is being a decent human who tries to better the society he lives in. Being forced to incure cost for the sake of a better society however is not a good thing (because of the forced part of it), encouragement to do a bit extra in the form of compensation however seems like a worthwhile idea to me.
Not that catering is bad. I think if a company has the means and market it should attempt to go all ADA compliant. I think it's a good thing to get ramps, lifts, braille/etc. I just don't think it's a good idea to FORCE it upon people.
This I completely agree with, and since for all I can tell this was your real point also, maybe do yourself the favor to slow down a bit before posting such rants as the one in front of it, you have a reasonable and well defendable point of view I believe, but much of your post is going to prevent people from seeing that because it rather makes you look unreasonable and extremist.