1
nachenko
Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 10:18

  • nachenko

  • Quite a regular

  • Posts: 356

  • Since: 2005/1/18


Hey!-

Have you read MadFish ideas about CAPTCHA and alternatives?

Well, he had a great idea. That is, all forms are (or should be) generated via XoopsForm object. He suggested that every form could include an invisible text field. Users can't fill it because they don't see it, but bots should bite.

I was thinking about hacking the XoopsForm object so that EVERY FORM is automatically protected this way.

The problem is checking the form, there are two solutions:

1 - every module should include some code to check the form

2 - Modify header.php to do this check.

The code should be someting like:

Quote:
if ( !empty($_POST['trap'])) {
xoops_redirect etc etc
}


What do you think? Ideas? Suggestions?

2
Catzwolf
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 10:47

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


Its so simple, and it's amazing that no one has actually thought of it before. lol

Would this be done with a hidden field or use CSS to hide a textbox or something from view?

ATB

Catz

3
suico
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 10:49

  • suico

  • Friend of XOOPS

  • Posts: 374

  • Since: 2003/7/24


It already exists with the XoopsSecurity class and Token feature introduced in 2.0.10 i think. Read this news:
https://xoops.org/modules/news/article.php?storyid=2212
Yogurt Social Network Service
Visit: http://www.marcellobrandao.eti.br/

4
nachenko
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 10:53

  • nachenko

  • Quite a regular

  • Posts: 356

  • Since: 2005/1/18


I don't like the token method.

Making something invisible via CSS is easy, just:

visibility: hidden

5
Catzwolf
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 10:57

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


Thanks for the clarfication on that.

I have to agree I don't like that salting method either.

ATB

Catz

6
suico
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 11:00

  • suico

  • Friend of XOOPS

  • Posts: 374

  • Since: 2003/7/24


Nachenko I do agree with you that security matters, but i thik the XOOPS token is one way of implementing it , and the css visibility doesn t hide from bots the field, only hides from humans. Maybe they can add this solution too as a security thing into the token idea but the idea is the same with the token system .

Just my two cents and really not trying to to create a war on what is the best solution, just my opinion.
Yogurt Social Network Service
Visit: http://www.marcellobrandao.eti.br/

7
Catzwolf
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 11:06

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


Quote:

suico wrote:
Just my two cents and really not trying to to create a war on what is the best solution, just my opinion.


I didn't take it that way nor did Nachenko (I presume), I just prefer not to use the token method myself and as you say, it helps having a few different solutions to the same problem :)

ATB

Catz

8
nachenko
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 11:14

  • nachenko

  • Quite a regular

  • Posts: 356

  • Since: 2005/1/18


No problem hee. I just think MadFish idea is better. Hiding the text field to humans is exactly what we want.

Example: we have a comments form with tittle, text and a hidden field named "trap101". The bot writes something in it and clicks send. We check the form and notice "trap101" is NOT empty. The sender of this message must be a bot, so we don't process the form and redirect it, ban it or whatever we want.

It's extremely simple.

9
MadFish
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 11:34

  • MadFish

  • Friend of XOOPS

  • Posts: 1056

  • Since: 2003/9/27


Quote:
Its so simple, and it's amazing that no one has actually thought of it before. lol

Would this be done with a hidden field or use CSS to hide a textbox or something from view?


Unfortunately it turned out not to be original idea :) But here is one approach using CSS.

To evaluate whether the hidden field is filled in, could this could be done conveniently within text sanitizer?

10
riosoft
Re: Catching SPAM bots in XoopsForms without CAPTCHA
  • 2007/10/15 11:45

  • riosoft

  • Not too shy to talk

  • Posts: 191

  • Since: 2003/11/8


I'm using an antispam plugin (wordpress - It requires Javascript) and ZERO spam. Im using it last 2 years.

The hidden field is a good idea...

Antispam Plugin Source
...

Login

Username:
Password:

Lost Password? Register now!

Who's Online

58 user(s) are online (33 user(s) are browsing Support Forums)


Members: 0


Guests: 58


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits