[Phpwm] Securing feedback forms

Elliot Smith elliot at townx.org
Wed Nov 1 14:35:00 GMT 2006


David Goodwin wrote:
> Jonathan Adjei wrote :
>   
>> Is anyone using human-readble image checks, and how much of a turn off have
>> you found them? I've just added one to a contact form and am wondering if
>> these will end up on all my sites and what impact there will be to genuine
>> usage. I personally find them a bit of a pain.
>>     
I'd like to echo David's comments, and state that a simple captcha has 
removed the bulk of spam from my site. Drupal actually has a captcha 
module which does a similar thing to David's implementation (i.e. poses 
a simple addition question). I used to get maybe 30+ spam comments a 
day; Drupal used to catch about 75% (in the spam module), but I ended up 
cleaning out the rest manually. Adding a captcha has reduced my spam 
comments to zero. I think an image captcha is only really vital if you 
are a heavily-trafficked site which spammers are going to write 
specialised tools to reach (e.g. maths AI bots which can do sums but 
can't do image recognition :).

Elliot
>>     
>
> I agree with the 'pain' sentiment; I've found many to be annoying and
> hard to read correctly.
>
> I suspect, it's probably safe to say that if you're using a popular
> application (e.g. drupal, wordpress etc) then making minor changes to it
> will result in spam being 'blocked'. In my case, with Drupal, I edited the
> source code to add in a trivial check (3+3 = ?) to stop bots posting
> rubbish. Since doing this, I've not received any spam - before I was
> getting around 5 'spam' comments per day.
>
> In most cases, the spammer(s) probably look to see what popular
> applications are in use, write some script to automate e.g.
> mail/comment/etc posting, and then let it loose on us (probably using
> Google to provide a source of urls/sites to target).
>
> Of course, if you're a very high profile/traffic site, making minor
> deviations (like I did) probably wouldn't work, as spammers are likely
> to target you in particular.
>
> I believe the image checking breaks teh application for some
> disabled/blind users.
>
> thanks,
> David.
>   




More information about the Phpwm mailing list