11
Catzwolf
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 12:20

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


I am not really sure how Myts would work with this. Really you could just do a test to see if the string is empty or not, if it is not empty just do return true rather than saving to the database.

With most bots writers they tend to catch on pretty fast, if you where to use the same var name for the string it would kinds defeat the purpose. So probably better to use different var names and do a check before processing the data.

But, maybe someone will come up with a better implementation of this in XOOPS :)

Catz

12
nachenko
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 12:26

  • nachenko

  • Quite a regular

  • Posts: 356

  • Since: 2005/1/18


As MadFish suggested: just randomize the name of the var in every installation and define a constant.

There are methods, the name of the var is not a problem.

13
irmtfan
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 12:35

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


Yes the Madfish suggested method is really great. there is just one weak point when finally spam bot know about the "name" of that unnecessary hidden field.
Quote:

the name of the var is not a problem

is that mean we can randomize that name in every form by every refresh?
or just we can choose a name in each installation?
its important because the spam bot focus on a high traffic site and find the name, sooner or latter.

a javascript method is already exist in the"Protector" module 3.14 to avoid spams from register. i use it in my high traffic site and the result is perfect. no spam register in about 1 month.

14
nachenko
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 12:47

  • nachenko

  • Quite a regular

  • Posts: 356

  • Since: 2005/1/18


I think randomizing the variable in every refresh can be done. The drawback is that they can try to detect the "visibility: hidden" property, but then we can do a really naughty trick: making text field have a width and height of 1 pixel and hide it somewhere.

15
Catzwolf
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 12:51

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


Quote:

nachenko wrote:
As MadFish suggested: just randomize the name of the var in every installation and define a constant.

There are methods, the name of the var is not a problem.


Not sure I agree with that statement. The problem is that once this technic is introduced into the system, Bot writers will catch on and to target a high traffic site they will use human infervention first, namely look through the html, bingo we have a winner and add that to the bot.

It would be important to use a random var on each form, that way the bot will never keep up.

ATB

Catz

16
suico
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 14:45

  • suico

  • Friend of XOOPS

  • Posts: 374

  • Since: 2003/7/24


Ok , now i understood completely the idea, I think this is very easy to be implemented in the same class XoopsSecurity, because now they create a token hash and add this value to session too, so the name of the var could be this same token value(hash) and in the other side the page whicj would check the token could check also the empty field.

That's a good idea and a plus to security, good idea!
Yogurt Social Network Service
Visit: http://www.marcellobrandao.eti.br/

17
nachenko
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/11/5 13:42

  • nachenko

  • Quite a regular

  • Posts: 356

  • Since: 2005/1/18


Now that we are talking about 2.0.18 possible new features, I'd want to bring this idea back. The only method I find would require to do add some code to the form class code and some code in header.php file to check the trap.

If no one find a cleaner method to do this, that is, without hacking the core, I'll do a proposal later. Now I'd want to hear some suggestions.

Login

Username:
Password:

Lost Password? Register now!

Who's Online

70 user(s) are online (42 user(s) are browsing Support Forums)


Members: 0


Guests: 70


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits