Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Blocking comment spam without using captcha [closed]

Tags:

php

captcha

spam

What are some non-captcha methods for blocking spam on my comments?

like image 298
ian Avatar asked Oct 16 '09 13:10

ian


People also ask

Does ReCAPTCHA stop spam?

The reason why ReCAPTCHA is a prevalent tool in online submission forms is to prevent spam and abuse from entering the site.

What is an anti spam honeypot?

Honeypot, as the name suggests, is a “trap” that is designed to lure bots and computer programs into accidentally revealing their identities. The idea is to provide something that is going to attract the bot, the “honey”, which is invisible or hidden from legitimate human users.


2 Answers

In my experience the currently most effective methods are honeypot input fields that are made invisible to users via CSS (best use several different methods, such as visibility:hidden, setting a size of 0 pixels, and absolute positioning far outside the browser window); if they're filled anyway you can assume it's a spambot.

This blog describes a rather complex method that I've tried out myself (with 100% success so far), but I suspect that you could get the same result by skipping all the stuff with hashed field names and just add some simple honeypot fields.

like image 58
Michael Borgwardt Avatar answered Oct 02 '22 14:10

Michael Borgwardt


1) Adding session-related information into the form Example:

<input type="hidden" name="sh" value="<?php echo dechex(crc32(session_id())); ?>" /> 

then at postback, check whether session is valid or not.

2) Javascript-only. Use Javascript injection at Submission. Example:

<input type="hidden" id="txtKey" name="key" value="" /> <input type="submit" value="Go" onclick="document.getElementById('txtKey').value = '<?php echo dechex(crc32(session_id())) ?>';" /> 

3) Time-limit per IP, User or Session. this is quite straightforward.

4) Randomizing field names:

<?php    $fieldkey = dechex(crc32(mt_rand().dechex(crc32(time()))));    $_SESSION['fieldkey'] = $fieldkey; ?> <input type="text" name="name<?php echo $fieldkey; ?>" value="" /> <input type="text" name="address<?php echo $fieldkey; ?>" value="" />    

Then you can check it over at the server side.

like image 45
mauris Avatar answered Oct 02 '22 15:10

mauris