| Re: Catching SPAM bots in XoopsForms without CAPTCHA |
| by nachenko on 2007/11/5 13:42:16 Now that we are talking about 2.0.18 possible new features, I'd want to bring this idea back. The only method I find would require to do add some code to the form class code and some code in header.php file to check the trap. If no one find a cleaner method to do this, that is, without hacking the core, I'll do a proposal later. Now I'd want to hear some suggestions. |
| Re: Catching SPAM bots in XoopsForms without CAPTCHA |
| by suico on 2007/10/15 14:45:22 Ok , now i understood completely the idea, I think this is very easy to be implemented in the same class XoopsSecurity, because now they create a token hash and add this value to session too, so the name of the var could be this same token value(hash) and in the other side the page whicj would check the token could check also the empty field. That's a good idea and a plus to security, good idea! |
| Re: Catching SPAM bots in XoopsForms without CAPTCHA |
| by Catzwolf on 2007/10/15 12:51:48 Quote:
Not sure I agree with that statement. The problem is that once this technic is introduced into the system, Bot writers will catch on and to target a high traffic site they will use human infervention first, namely look through the html, bingo we have a winner and add that to the bot. It would be important to use a random var on each form, that way the bot will never keep up. ATB Catz |
| Re: Catching SPAM bots in XoopsForms without CAPTCHA |
| by nachenko on 2007/10/15 12:47:04 I think randomizing the variable in every refresh can be done. The drawback is that they can try to detect the "visibility: hidden" property, but then we can do a really naughty trick: making text field have a width and height of 1 pixel and hide it somewhere. |
| Re: Catching SPAM bots in XoopsForms without CAPTCHA |
| by irmtfan on 2007/10/15 12:35:25 Yes the Madfish suggested method is really great. there is just one weak point when finally spam bot know about the "name" of that unnecessary hidden field. Quote:
is that mean we can randomize that name in every form by every refresh? or just we can choose a name in each installation? its important because the spam bot focus on a high traffic site and find the name, sooner or latter. a javascript method is already exist in the"Protector" module 3.14 to avoid spams from register. i use it in my high traffic site and the result is perfect. no spam register in about 1 month. |