Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Prevent Form Spam Without Captchas

Posted by ryuzaki0 on from the can't-beat-the-curte-power-of-kittenauth dept.

UnderAttack writes "Spam submitted to web contact forms and forums continues to be a huge problem. The standard way out is the use of captchas. However, captchas can be hard to read even for humans. And if implemented wrong, they will be read by the bots. The SANS Internet Storm Center covers a nice set of alternatives to captchas. For example, the use of style sheets to hide certain form fields from humans, but make them 'attractive' to bots. The idea of these methods is to increase the work a spammer has to do to spam the form without inconveniencing regular users."

4 of 272 comments (clear)

  1. And how... by Creepy+Crawler · · Score: 4, Interesting

    Ok, so captchas and other email obfuscation mechanisms are used a lot. Fine, a web designer can choose to do this.

    Now, lets enter US law: American with Disabilities Act. Target is currently being sued for NOT complying with this federal law. I can understand why businesses would be required for this, but where will the net-boundaries stop?

    For example, I have a US corp. I hire an offshore datacenter to handle web processing. Is my website have the compulsory ADA lawss upon it, or do they not apply due to international boundaries? Yipe.

    --
  2. Javascript by Aladrin · · Score: 4, Interesting

    I hadn't read the article yet, and just the summary, and as soon as they said 'hidden fields' that are attractive to spambots, I thought "Why not hide the fields from the spambot instead?"

    It's easy, you just have the javascript create all or part of the form. Or modify the form in some way. It would happen before the user even sees the form, and the spambot would have to implement a javascript parser to get it. (Or a parser, that's unique to your site.)

    I would think AJAX would be a huge hamper to them as well.

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  3. Re:What is wrong with Captchas? by Thansal · · Score: 3, Interesting

    I actualy like the ones like that.

    instead of obfuscated images, just put in plain text questions.
    What is 2+2?
    What is the 3rd word in this sentance?
    What is the name of my blog?

    All of these can be answered by some one using a screen reader, and take less time then figguring out a captch. Sure it does not stop manual spamming, but what does?

    --
    Do Or Do Not, There Is No Spoon, There Is Only Zuul. Everything in the above post is probably opinion.
  4. use dnsbls by joost · · Score: 4, Interesting

    Shameless plug! I developed a plugin for Ruby on Rails that uses DNSBLs to combat form spam. (begin shameless self promotion)

    dnsbl_check rails plugin

    Basically what the plugin does is check clients against one or more DNSBLs. You might know them from mail servers. You see, it turns out that the forms are almost always abused by bots. These bots are quite well known. sbl-xbl from spamhaus catches 80% in my setup, spamcop catches the rest. You enable the plugin for key controllers and it really does work.

    (/end shameless self promotion) mod me down if you wish