Re: Catching SPAM bots in XoopsForms without CAPTCHA [Xoops Development]

11

Re: Catching SPAM bots in XoopsForms without CAPTCHA

2007/10/15 12:20
Catzwolf
Home away from home
Posts: 1392
Since: 2007/9/30

I am not really sure how Myts would work with this. Really you could just do a test to see if the string is empty or not, if it is not empty just do return true rather than saving to the database.

With most bots writers they tend to catch on pretty fast, if you where to use the same var name for the string it would kinds defeat the purpose. So probably better to use different var names and do a check before processing the data.

But, maybe someone will come up with a better implementation of this in XOOPS :)

Catz

12

Re: Catching SPAM bots in XoopsForms without CAPTCHA

2007/10/15 12:26
nachenko
Quite a regular
Posts: 356
Since: 2005/1/18

As MadFish suggested: just randomize the name of the var in every installation and define a constant.

There are methods, the name of the var is not a problem.

13

Re: Catching SPAM bots in XoopsForms without CAPTCHA

2007/10/15 12:35
irmtfan
Module Developer
Posts: 3419
Since: 2003/12/7

Yes the Madfish suggested method is really great. there is just one weak point when finally spam bot know about the "name" of that unnecessary hidden field.
Quote:

the name of the var is not a problem

is that mean we can randomize that name in every form by every refresh?
or just we can choose a name in each installation?
its important because the spam bot focus on a high traffic site and find the name, sooner or latter.

a javascript method is already exist in the"Protector" module 3.14 to avoid spams from register. i use it in my high traffic site and the result is perfect. no spam register in about 1 month.

Ready for Romance
First Persian Harry Potter Site(English added) | Persian Support Site | Xoops Persian Project

14

Re: Catching SPAM bots in XoopsForms without CAPTCHA

2007/10/15 12:47
nachenko
Quite a regular
Posts: 356
Since: 2005/1/18

I think randomizing the variable in every refresh can be done. The drawback is that they can try to detect the "visibility: hidden" property, but then we can do a really naughty trick: making text field have a width and height of 1 pixel and hide it somewhere.

15

Re: Catching SPAM bots in XoopsForms without CAPTCHA

2007/10/15 12:51
Catzwolf
Home away from home
Posts: 1392
Since: 2007/9/30

Quote:

nachenko wrote:
As MadFish suggested: just randomize the name of the var in every installation and define a constant.

There are methods, the name of the var is not a problem.

Not sure I agree with that statement. The problem is that once this technic is introduced into the system, Bot writers will catch on and to target a high traffic site they will use human infervention first, namely look through the html, bingo we have a winner and add that to the bot.

It would be important to use a random var on each form, that way the bot will never keep up.

ATB

Catz

16

Re: Catching SPAM bots in XoopsForms without CAPTCHA

2007/10/15 14:45
suico
Friend of XOOPS
Posts: 374
Since: 2003/7/24

Ok , now i understood completely the idea, I think this is very easy to be implemented in the same class XoopsSecurity, because now they create a token hash and add this value to session too, so the name of the var could be this same token value(hash) and in the other side the page whicj would check the token could check also the empty field.

That's a good idea and a plus to security, good idea!

Yogurt Social Network Service
Visit: http://www.marcellobrandao.eti.br/

17

Re: Catching SPAM bots in XoopsForms without CAPTCHA

2007/11/5 13:42
nachenko
Quite a regular
Posts: 356
Since: 2005/1/18

Now that we are talking about 2.0.18 possible new features, I'd want to bring this idea back. The only method I find would require to do add some code to the form class code and some code in header.php file to check the trap.

If no one find a cleaner method to do this, that is, without hacking the core, I'll do a proposal later. Now I'd want to hear some suggestions.

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Re: Catching SPAM bots in XoopsForms without CAPTCHA

Re: Catching SPAM bots in XoopsForms without CAPTCHA

Re: Catching SPAM bots in XoopsForms without CAPTCHA

Re: Catching SPAM bots in XoopsForms without CAPTCHA

Re: Catching SPAM bots in XoopsForms without CAPTCHA

Re: Catching SPAM bots in XoopsForms without CAPTCHA

Re: Catching SPAM bots in XoopsForms without CAPTCHA

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}