|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| ||||||||||||||||||||||||||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
|
|
#1
August 30th, 2007, 12:31 PM
|
||||
|
||||
|
Form validation against spammers
Hi
Does anyone know what the form validation component is called that asks you type what you see in alphanumeric characters that look like they're underwater, to prevent automated spammers abusing your input forms. It forces human input in filling in the forms. I have increasing number of spammers on my site, and although the information goes into an offline database for me to check and then to put online, they seem undeterred. If I had the name for it, I'll do a google on it and work out a way to do check info using php. Cheers
|
|
#2
August 30th, 2007, 05:15 PM
|
||||
|
||||
|
The feature I am looking for is captcha which stands for "Completely Automated Public Turning test to tell Computers and Humans Apart"!
There is a little about it here http://forums.devshed.com/dev-shed-lounge-26/generating-images-for-human-only-form-validation-114325.html and here http://www.interaktonline.com/Products/Dreamweaver-Extensions/FormValidation/Product-Forum/Details/82933/Form+validation+with+security+word+%252F+random+se cuity+image.html I suppose the MadCow is on vacation! This place isn't like what it used to be! I had to answer my own question. Bye all
|
|
#3
August 31st, 2007, 02:42 AM
|
||||
|
||||
|
Well, sorry, but it's night-time over here.
CAPTCHA is not without its drawbacks. There are other Turing tests that work nearly as good. But always remember: there are sweatshops with people typing CAPTCHA's all day long, and there are many OCR programs that can decipher 90% of the CAPTCHA's. Best way is use multiple techniques and obfuscate them. Think of your own and don't disclose them. Some of them I like and are well-known, so I'll repeat them. Tokenize all your forms. generate a md5 out of a random large number, send this along with your form in a hidden field. Also set a session variable with the same value. Check them after the post, if they differ, the post came from a different server. Adds security, too (XSS)! Check the IP and user agent. They should be identical before and after the post. Add a normal field, but hide it with css. Label it with something interesting like URL. A normal visitor will not see it, and leave it blank. A robot on the other hand will fill the field in greedily and fall in the trap we set for him. We log the attempt, but discard the spam. Record the time between pageload and submitting. There should be at least several seconds fill-in time per field. A spambot fills the form instantly and gets caught red handed. But it's all no use to post your ideas on a forum that is accessible to spambot authors. Unless it's really foolproof, but that is unlikely as long as there are sweatshops... Last edited by Humanetainit : August 31st, 2007 at 06:29 AM.
|
|
#4
August 31st, 2007, 01:27 PM
|
||||
|
||||
|
Thanks Humanetainit
I wasn't being serious about the answering thing and if you are in Holland, there is only 1 hour difference to the UK, so I don't think you were quite tucked up in bed! That is very interesting about the time difference in a spambot and a human filling in a form. One would be able to filter out spamming for sure.
|
|
| Viewing: Dev Articles Community Forums > Programming > PHP Development > Form validation against spammers |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
