Pligg captcha useless against spammers

[beatniak]

You know the Pligg captcha that's verifying if people are actually human?

Well, a simple software program can "see" what that code is on the captcha in about one second: BotMaster.Net: captcha breaking, automatic recognition of pictocodes (human verification)

Why not ditch the captcha and protect pligg with something like CSS?

Fighting Spam with CSS

Quote:

Originally Posted by FTA

The idea here is setting up a form with a text field and via CSS making it invisible. Then, if a post is sent to a php script handling the request and that text box has information in it, that means a human didn’t fill it out, and the script is simply aborted.

[tbones]

Good idea, an alternative would be that: comments

Edit: A module for simple calculations

[beatniak]

EDIT: resolved

[tbones]

Sorry if I got misinterpreted:
I don´t want to hijack this thread at all! I just wan´t to give another thought. I was to lazy to write the content once more since I think it´s not much effort for users to click and go back. If you disagree with me I will copy the content in the linking thread in future!

Thank you for your opinion

[Simon]

Another one I've used before is a timing script. A human user will take at least 10 seconds to fill out a registration script usually, whereas most bots do it in a couple of seconds. It can filter out a lot of bot signups, in conjunction with hidden fields, and a simple maths question.

[AshDigg]

The CSS idea is interesting. I've been working on a module to work with reCaptcha.

[Simon]

I've been looking around lately for ways to stop spammers, although for vbulletin registrations, and so far I'm using the following "layers", in order of which they are used:

1.) Select the image - "click on the football" type question. This happens before the registration form appears, as a pre-check.
2.) Simple Question - a maths calculation for example, in place of the usual image captcha. This is filled out when submitting the registration form.
3.) E-mail validation - checks MX records and mail servers to make sure the email exists. This happens upon submitting the registration form.
4.) Spam E-mail list - better to be safe than sorry, filter out all those known spam domains!
5.) Hidden fields - if a bot fills it out upon registration, they are caught!
6.) Timing script - if they take less than 10 seconds to fill out the form, they are probably a bot!
7.) RBL Proxy Check - not all spam registrations come from bots after all
8.) E-mail Confirm - if they get past that lot, let's confirm their email address through an activation link to stop them spam posting.

The other thing you can do (although this happens post-signup) is to use something like askimet to check the submissions of new users (for example, their first 3 stories), to try and limit spam if they do manage to register.

[tbones]

Very comprehensive, thank you!

[EarthFrisker]

I'm actually working on another addition ot the site, a social bookmarking section that will allow my visitors to sign up to like 80 social bookmarking sites at once. There really isn't anything you can do to stop such mass uses I think, at least at the moment.

My only problem that I'm having so far is working on a module that enables visitors to even post to many/multiple sites at once and not just one.

It is the extra fields that stop me - choosing the category since most sites have different categories. It is not impossible though. I will update you and tell you when you can check out the module on my site EarthFrisk.

Give me just a week and it should be done. along with my social bookmarking section.

Mike
http://www.earthfrisk.com

[scrtadmr8]

Hi,
Register/search at this site, I failed the captcha test each time and need to try a couple of times. Spanner software are getting better and sites adapt to combat, while they do human loggers cannot read the captcha. I notice, pligg use distorted text and that seem to work today( yahoo and others use distorted/stretch style text).

Was going to inquire on spam technology and tx for the botxxx link. From the example of cracked captcha, I notice the software can beat text with overlying lines. From my evaluation of pligg software, it lines over text.

So, site today requires some sort of distorted text. Select good text to distort. For eg, i or 1 or capital I text should not be used. Be generous to make it easy for user to decipher. It just a matter of time before distorted-stretched text be beaten ( Have the spam software so good ?? Asking if this site login captcha need be like that - so challenging??) and it is a good idea to have other fail safe techniques - timing, hidden text but spam technology can adapt very easily.

Relying on checking email mx ( old web application devolpment mention limitation with that technique). So, just do simple email syntax check. Accept the registration, send email and asking them to click on that link back to your site). It is the best check that I can for valid email. If user has valid email, they pass thru yahoo captcha. Yahoo, google would use what is relevant to make it difficult for spam software. It conceivable that an email provider to have a weak captcha.

That is my two cents worth. Have anyone came across PHP software to do the last paragraph. I am sure it exist in GNU/GPL for that technique been around - craig list. Appreciate any help to find that library. Even what terminology phrase to use in my search (login, register, email sent to that address, user open their email, and click on that link to renter that login site). Follow the big sites for they have the money to research what to use.

I am newbie developer in training and looking for must have php library. In all sites, certain modules must be used ( login, captcha, email verifaction- the good one mention above, form validation, greeting card email module). Any help appreciated for I do try to look but a matter of where. Sometimes, it take more time to reinvent when PHP is all about reusing and improving.

With regard to CSS, what article or site mention technique. For I like to learn more. Question and answer is a good technique but need be done very properly like very properly done captcha or email validator. Photo technique (football) requires a lot of images for spammer can download your limited picture and cracked your method. Note - you need change some pixel each time to make it difficult to deduce your libray images). Good luck and tx in assisting my search.

Personally, I like the email validator (the human interaction one) and Q&A. Need create library of common questions. What would u buy at a toy shop? Meat, grocery, lego, paint, plywood. What color is the sky? Black, blue, green, brown. Any help to create this library of questions? Now u can understand why it is simpler to use captcha - text generated, filtered, and impose over image - too bad we need stretch the text and make it difficult for human to use. Oh, several questions and answers.

To do a search in this forum, does the captcha need to be so difficult for registered users at the beginning (search one, 2, or 3)?
Would like to hear from this site regarding on how to make it easier for humans to do a search.