Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
1 - 0 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
   

Re: Catching SPAM bots in XoopsForms without CAPTCHA
by nachenko on 2007/11/5 13:42:16

Now that we are talking about 2.0.18 possible new features, I'd want to bring this idea back. The only method I find would require to do add some code to the form class code and some code in header.php file to check the trap.

If no one find a cleaner method to do this, that is, without hacking the core, I'll do a proposal later. Now I'd want to hear some suggestions.
Re: Catching SPAM bots in XoopsForms without CAPTCHA
by suico on 2007/10/15 14:45:22

Ok , now i understood completely the idea, I think this is very easy to be implemented in the same class XoopsSecurity, because now they create a token hash and add this value to session too, so the name of the var could be this same token value(hash) and in the other side the page whicj would check the token could check also the empty field.

That's a good idea and a plus to security, good idea!
Re: Catching SPAM bots in XoopsForms without CAPTCHA
by Catzwolf on 2007/10/15 12:51:48

Quote:

nachenko wrote:
As MadFish suggested: just randomize the name of the var in every installation and define a constant.

There are methods, the name of the var is not a problem.


Not sure I agree with that statement. The problem is that once this technic is introduced into the system, Bot writers will catch on and to target a high traffic site they will use human infervention first, namely look through the html, bingo we have a winner and add that to the bot.

It would be important to use a random var on each form, that way the bot will never keep up.

ATB

Catz
Re: Catching SPAM bots in XoopsForms without CAPTCHA
by nachenko on 2007/10/15 12:47:04

I think randomizing the variable in every refresh can be done. The drawback is that they can try to detect the "visibility: hidden" property, but then we can do a really naughty trick: making text field have a width and height of 1 pixel and hide it somewhere.
Re: Catching SPAM bots in XoopsForms without CAPTCHA
by irmtfan on 2007/10/15 12:35:25

Yes the Madfish suggested method is really great. there is just one weak point when finally spam bot know about the "name" of that unnecessary hidden field.
Quote:

the name of the var is not a problem

is that mean we can randomize that name in every form by every refresh?
or just we can choose a name in each installation?
its important because the spam bot focus on a high traffic site and find the name, sooner or latter.

a javascript method is already exist in the"Protector" module 3.14 to avoid spams from register. i use it in my high traffic site and the result is perfect. no spam register in about 1 month.

Who's Online

159 user(s) are online (100 user(s) are browsing Support Forums)


Members: 0


Guests: 159


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits