[PJUG Javamail] Captcha and Simple web form submission

Sun Feb 1 23:41:51 EST 2009

I was stuck with a similar problem last year, but didn't have time to  
put the effort into integrating a captcha system. So I cheated. I  
stole a single image from a captcha system and included that image on  
my form, and then ask the user to type in the value. Granted, my  
system repeats the same captcha image every time, but I've never had a  
bot get through it.

On Feb 1, 2009, at 8:18 PM, Vijay Balakrishnan wrote:

> Hi,
>
> Thanks, Bill for replying back.
>
> This is what I found after googling.I will be trying the CSS hidden  
> field approach.
>
> http://urbanoalvarez.es/blog/2008/08/23/best-unobtrusive-anti-spam-technique-not-captcha/
>
> Add CSS-hidden fields that a user won't see, but a spam-bot will  
> fill. Then using php check if they were filled, and if they were:  
> block the spammer!
>
> The CSS would be something as simple as:
>
>
> .noshow { display:none; }
>
>
> The HTML form should include something like this:
>
>
> <label for="leaveblank">Leave this blank</label>
>
> <input type="text" class="noshow" id="leaveblank" name="leaveblank" />
>
> <label for="dontchange">Do not change this</label>
>
> <input type="text" value="http://" class="noshow" id="dontchange"  
> name="dontchange" />
>
>
> And finally the php would be simply:
>
>
> if ($_POST['leaveblank'] == '' && $_POST['dontchange'] == 'http://') {
>
>  // accept form submission
> }
>
> The only possible drawback would be that some users with CSS  
> disabled would see the "hidden" form fields, and thus would be quite  
> puzzled.
> The good thing is that the percentage of users with CSS disabled is  
> so low that I wouldn't even care about that issue
>
> Another way I was thinking about was to position it under the real  
> form elements using negative top margin. For example under the field  
> Name, we could place another field that shouldn't be filled…
> Hiding your form field with display:none; may not be ideal, lots of  
> bots will not fill anything with display:none; since they figure if  
> you don't want visitors to see it, then they don't need to either…  
> Kinda the way input type=hidden works.
>
> Maybe use a negative margin on the input you want to hide instead?
> Maybe an even better way to counter this would be to actually show  
> the field and ask the user not to enter anything here!!! This way,  
> the "human" genuine user does not enter anything in that field while  
> the bot does!
> My latest approach takes a couple of hashes and a random number. I  
> hash their IP and the random number together, then i hash their user  
> agent. Since most bots don't actually have to use your form for  
> submission, it's a good idea to try and make your handler force  
> submission through your form. I hash their user agent because that  
> changes when they start implementing the bots too. It has to be  
> exactly the same for it to match for a hash. I also flush the email  
> if I get an empty user agent. In addition I pass the hashes via GET  
> and the random number via POST.
>
> Vijay
>
> On Fri, Jan 30, 2009 at 5:12 PM, Vijay Balakrishnan <bvijaykr at gmail.com 
> > wrote:
> Hi,
>
> I have a simple web form with 5 input boxes and when it is  
> submitted, an email is sent to the receiver.
> Now, we get a ton of spam from these forms.
>
> Captcha(Yahoo) was recommended as a solution but it is very  
> intrusive and forces the user to enter an input textfield that has  
> nothing to do with their business purpose.
> Has anyone done any other solutions ?
>
> TIA,
> Vijay
>
> _______________________________________________
> Web Site - http://www.pjug.org/
> Javamail mailing list
> Javamail at pjug.org
> http://www.pjug.org/mailman/listinfo/javamail

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pjug.org/pipermail/javamail/attachments/20090201/bab13325/attachment.html 