captcha to defeat form spammers

Post removed (X-No-Archive: yes)

Re: captcha to defeat form spammers

wrote in message
news:an2e3393ursd9lcpt0ra6gnpbef9lf0na3@4ax.com...
> I wish to use a CAPTCHA to defeat form spammers... currently I am
> using NMS FormMail Version 3.14c1 ... is there a simple solution for
> NMS FormMail perhaps using a CAPTCHA (I know it's been mentioned
> before)?
>
> Alternatively there is http://www.freecontactform.com/
>
> I would like to hire someone to customise that freecontactform for me.
> It is written in PHP and I do not understand PHP. I need two contact
> forms and could pay $40 by paypal to a developer for the minor changes
> needed to the form.
>
> Please reply to furriner67@hotmail.com
>
> This is a service which the form developer claims to provide but they
> have not answered my emails.


I have a really simple form that may work for you here:

www.formmailscript.com

You don't need to know any coding at all, you just copy/paste the form bit
into your webpage.

--Tina

Re: captcha to defeat form spammers

Tina Peters wrote:
> I have a really simple form that may work for you here:
>
> www.formmailscript.com
>
> You don't need to know any coding at all, you just copy/paste the form bit
> into your webpage.

Your fake CAPTCHA is just as useless as the last time you advertised it
here. The security characters are printed _in_the_clear_ in the HTML
source of the page. It would be completely trivial to write a script to
break your 'CAPTCHA', as seen here:
.

Please stop selling snake oil. Your code isn't worth the hard drive
space used to store it, and it _certainly_ isn't worth $10.

Re: captcha to defeat form spammers

"Leif K-Brooks" wrote in message
news:463748ff$0$20597$4d3efbfe@news.sover.net...
> Tina Peters wrote:
> > I have a really simple form that may work for you here:
> >
> > www.formmailscript.com
> >
> > You don't need to know any coding at all, you just copy/paste the form
bit
> > into your webpage.
>
> Your fake CAPTCHA is just as useless as the last time you advertised it
> here. The security characters are printed _in_the_clear_ in the HTML
> source of the page. It would be completely trivial to write a script to
> break your 'CAPTCHA', as seen here:
> .
>
> Please stop selling snake oil. Your code isn't worth the hard drive
> space used to store it, and it _certainly_ isn't worth $10.


and yet, I've been using it for close to a year with ZERO spam issues.

Further, I've sold it close to 60 times with not one complaint. I'm fairly
certain that some of those sales came from people here at alt.html, because
there was a spike in sales last time you went on your tirade about how
worthless it was. Yet, I don't see anyone here complaining about it ;-)

--Tina

Re: captcha to defeat form spammers

Tina Peters wrote:
> and yet, I've been using it for close to a year with ZERO spam issues.

That's because spammers typically go for the very low-hanging fruit and
ignore everything else; it has nothing to do with the merits of your
'CAPTCHA'.

When one of your 'close to 60' customers finally wakes up and realizes
how they've been scammed, I would suggest you give them a link to a real
CAPTCHA, with real security. Luckily, quite a few of them are available
for free; for example, QuickCaptcha:
.

Re: captcha to defeat form spammers

"Leif K-Brooks" wrote in message
news:46375460$0$20597$4d3efbfe@news.sover.net...
> Tina Peters wrote:
> > and yet, I've been using it for close to a year with ZERO spam issues.
>
> That's because spammers typically go for the very low-hanging fruit and
> ignore everything else; it has nothing to do with the merits of your
> 'CAPTCHA'.


Thank you for making the argument for my form (which I never said was
CAPTCHA). ;-)

I never said my form couldn't be cracked. I'm saying that spam bots have no
reason to try to get around it and will probably be a very long time before
they even try. In the almost year that I've been using it, we went from
about 99% bot generated spam to 1% legitimate email ratio from our
form....to 100% legit. That's ZERO bot generated spams for almost a year.
For $10, its more than worth it.

Also, as you so rightly suggested, guess which method spammers are going to
try to get around first? CAPTCHA, which millions of sites currently
use...or my form, which *maybe* 200 people use. Do you honestly think
CAPTCHA is 100% spam proof? I'm sure that's not what you're trying to
imply.

--Tina

Re: captcha to defeat form spammers

Tina Peters wrote:
> "Leif K-Brooks" wrote in message
> news:46375460$0$20597$4d3efbfe@news.sover.net...
>> Tina Peters wrote:
>>> and yet, I've been using it for close to a year with ZERO spam issues.
>> That's because spammers typically go for the very low-hanging fruit and
>> ignore everything else; it has nothing to do with the merits of your
>> 'CAPTCHA'.
>
>
> Thank you for making the argument for my form (which I never said was
> CAPTCHA). ;-)


No you allude to it by offing it as a solution to posters looking for
CAPTCHA. Your make your bogus "security" code look like a CAPTCHA
*image* by randomizing the color and font faces but it still is just
plain old character data.

The principle behind the *security* in CAPTCHA is that the characters
are represented as distorted binary data images of the characters which
can neither be recognized as characters nor OCR converted! You form is
*no more effective* than adding an input field with an unexpected name
say "monkey"

Enter 'monkey' in this box


Spammers would not be expecting a required "monkey" field.

>
> I never said my form couldn't be cracked. I'm saying that spam bots have no
> reason to try to get around it and will probably be a very long time before
> they even try. In the almost year that I've been using it, we went from
> about 99% bot generated spam to 1% legitimate email ratio from our
> form....to 100% legit. That's ZERO bot generated spams for almost a year.
> For $10, its more than worth it.
>
> Also, as you so rightly suggested, guess which method spammers are going to
> try to get around first? CAPTCHA, which millions of sites currently
> use...or my form, which *maybe* 200 people use. Do you honestly think
> CAPTCHA is 100% spam proof? I'm sure that's not what you're trying to
> imply.

As long as your "security" script remains obscure no one will bother to
hack it but that is no excuse to sell it under the pretext of what is is
not! You are just scamming the ignorant.

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Re: captcha to defeat form spammers

"Jonathan N. Little" writes:
> The principle behind the *security* in CAPTCHA is that the characters
> are represented as distorted binary data images of the characters
> which can neither be recognized as characters
....by people. I mentioned CAPTCHAs at a talk on web application
security I was giving earlier today, and the audience found them very
annoying from a user perspective...

The reason the majority of spam-bots don't break CAPTCHAs is not
because it's especially difficult (several well-documented methods
exist) but because there are enough sites out there that don't have
any anti-spam defences of any sort it's not worth their time to try.

That being the case, I'd take a custom-written plain text challenge
over a standard CAPTCHA library any time. If I wasn't capable of
coding my own, I might even consider paying someone $10 to add a
unique one to my application.

> Enter 'monkey' in this box
>

I did this for an installation of a popular bulletin board, except
that the field was hidden and prefilled with the correct value. I
already had a decent keyword-based spam filter in place, I was just
curious as to how much I would catch by using this first. 20-25%, as
it happens, which gives an idea of the spammers' methodology and
cost-benefit calculations here.

The most effective one is to drop messages containing URLs (or too
many URLs, if there might be legitimate reasons to include any at all)
and there's nothing the spammers can do about it because they need
those URLs to be present to get any benefit from the spam.

--
Chris

Re: captcha to defeat form spammers

In article <46375460$0$20597$4d3efbfe@news.sover.net>,
Leif K-Brooks wrote:

> Tina Peters wrote:
> > and yet, I've been using it for close to a year with ZERO spam issues.
>
> That's because spammers typically go for the very low-hanging fruit and
> ignore everything else; it has nothing to do with the merits of your
> 'CAPTCHA'.
>
> When one of your 'close to 60' customers finally wakes up and realizes
> how they've been scammed, I would suggest you give them a link to a real
> CAPTCHA, with real security. Luckily, quite a few of them are available
> for free; for example, QuickCaptcha:
> .

I have been waiting for a link like this for ages. Always meaning
to investigate it. Thanks for posting this, Leif.

--
dorayme

Re: captcha to defeat form spammers

Chris Morris wrote:
> "Jonathan N. Little" writes:
>> The principle behind the *security* in CAPTCHA is that the characters
>> are represented as distorted binary data images of the characters
>> which can neither be recognized as characters
> ...by people. I mentioned CAPTCHAs at a talk on web application
> security I was giving earlier today, and the audience found them very
> annoying from a user perspective...

I totally agree...I was not advocating the use of CAPTCHAs just that
TP's script is masquerading as one...which it is not.

>
> The reason the majority of spam-bots don't break CAPTCHAs is not
> because it's especially difficult (several well-documented methods
> exist) but because there are enough sites out there that don't have
> any anti-spam defences of any sort it's not worth their time to try.
>

Proper server-side validation of data and simple measures to prevent
relaying is your best defense.

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Re: captcha to defeat form spammers

In alt.html, dorayme wrote:

> In article <46375460$0$20597$4d3efbfe@news.sover.net>,
> Leif K-Brooks wrote:
>
>> for free; for example, QuickCaptcha:
>> .
>
> I have been waiting for a link like this for ages. Always meaning
> to investigate it. Thanks for posting this, Leif.

Is the sample on that page supposed to work? I tried at least a dozen
different 'Submits', after refreshing the page each time and getting a
new image. Always the answer, "You entered an incorrect code." ..and my
eyes are pretty good.

They are extremely hard to read; I'd never use it on my sites.

--
-bts
-Motorcycles defy gravity; cars just suck

Re: captcha to defeat form spammers

In article <48dd5$4637c0c8$40cba7b7$17681@NAXS.COM>,
"Jonathan N. Little" wrote:

> I totally agree...I was not advocating the use of CAPTCHAs

ah but they do look nice...

--
dorayme

Re: captcha to defeat form spammers

"Jonathan N. Little" wrote in message
news:48dd5$4637c0c8$40cba7b7$17681@NAXS.COM...
> Chris Morris wrote:
> > "Jonathan N. Little" writes:
> >> The principle behind the *security* in CAPTCHA is that the characters
> >> are represented as distorted binary data images of the characters
> >> which can neither be recognized as characters
> > ...by people. I mentioned CAPTCHAs at a talk on web application
> > security I was giving earlier today, and the audience found them very
> > annoying from a user perspective...
>
> I totally agree...I was not advocating the use of CAPTCHAs just that
> TP's script is masquerading as one...which it is not.

Is that the best argument you can come up with against my form? That is
pretends to be CAPTCHA when it isn't? Its NOT CAPTCHA and is so obviously
NOT CAPTCHA - its a simple script that thwarts spam bots and IT WORKS.
Will it work 12 months from now? Who knows? Will CAPTCHA? It probably
has a better chance of being beaten, since more people use it...hence,
spammers have more motivation to get around it.

--Tina

Re: captcha to defeat form spammers

"Tina Peters" wrote in message
news:5yPZh.71$fu.15@newsfe02.lga...
>
>
> "Jonathan N. Little" wrote in message
> news:48dd5$4637c0c8$40cba7b7$17681@NAXS.COM...
> > Chris Morris wrote:
> > > "Jonathan N. Little" writes:
> > >> The principle behind the *security* in CAPTCHA is that the characters
> > >> are represented as distorted binary data images of the characters
> > >> which can neither be recognized as characters
> > > ...by people. I mentioned CAPTCHAs at a talk on web application
> > > security I was giving earlier today, and the audience found them very
> > > annoying from a user perspective...
> >
> > I totally agree...I was not advocating the use of CAPTCHAs just that
> > TP's script is masquerading as one...which it is not.
>
> Is that the best argument you can come up with against my form? That is
> pretends to be CAPTCHA when it isn't? Its NOT CAPTCHA and is so obviously
> NOT CAPTCHA - its a simple script that thwarts spam bots and IT WORKS.
> Will it work 12 months from now? Who knows? Will CAPTCHA? It probably
> has a better chance of being beaten, since more people use it...hence,
> spammers have more motivation to get around it.
>
> --Tina


PS: Four more people purchased it today and I can only assume that it was
from these postings, since traffic to the site
(http://www.formmailscript.com) is almost negligible. Soooooo, whoever
purchased it, please be sure to post about how useless it is, how it didn't
completely eliminate your form spam and how it wasn't worth your $10. ;-)

--Tina

Re: captcha to defeat form spammers

In article
,
"Beauregard T. Shagnasty" wrote:

> In alt.html, dorayme wrote:
>
> > In article <46375460$0$20597$4d3efbfe@news.sover.net>,
> > Leif K-Brooks wrote:
> >
> >> for free; for example, QuickCaptcha:
> >> .
> >
> > I have been waiting for a link like this for ages. Always meaning
> > to investigate it. Thanks for posting this, Leif.
>
> Is the sample on that page supposed to work? I tried at least a dozen
> different 'Submits', after refreshing the page each time and getting a
> new image. Always the answer, "You entered an incorrect code." ..and my
> eyes are pretty good.
>
> They are extremely hard to read; I'd never use it on my sites.

mmm... it is a point! Some of them _are_ hard to read, I agree.
Most I have little trouble.

My guess for



is:

1. 7C2CR

2. 9NSW1

3. J7B4D

4. PJ9FK (this one is really too hard!)

So more care is needed I guess in the construction of these
things, but the idea is pretty good as far as I can see?

--
dorayme

Re: captcha to defeat form spammers

Tina Peters wrote:

>> Is that the best argument you can come up with against my form? That is
>> pretends to be CAPTCHA when it isn't? Its NOT CAPTCHA and is so obviously
>> NOT CAPTCHA

Then why to you bother to change the fonts and colors of the "security"
code?


- its a simple script that thwarts spam bots and IT WORKS.
>> Will it work 12 months from now? Who knows? Will CAPTCHA? It probably
>> has a better chance of being beaten, since more people use it...hence,
>> spammers have more motivation to get around it.
>>
>> --Tina
>
>
> PS: Four more people purchased it today and I can only assume that it was
> from these postings, since traffic to the site
> (http://www.formmailscript.com) is almost negligible. Soooooo, whoever
> purchased it, please be sure to post about how useless it is, how it didn't
> completely eliminate your form spam and how it wasn't worth your $10. ;-)

Hey, some folks also give away their money to folks that promise them
some sort of afterlife, does not mean that they shall receive!

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Re: captcha to defeat form spammers

"Jonathan N. Little" wrote in message
news:69689$4637c89c$40cba7b7$24329@NAXS.COM...
> Tina Peters wrote:
>
> >> Is that the best argument you can come up with against my form? That
is
> >> pretends to be CAPTCHA when it isn't? Its NOT CAPTCHA and is so
obviously
> >> NOT CAPTCHA
>
> Then why to you bother to change the fonts and colors of the "security"
> code?

What a dumb question. Who cares what color the font is? It can be changed
to whatever anyone wants it to be.


> > PS: Four more people purchased it today and I can only assume that it
was
> > from these postings, since traffic to the site
> > (http://www.formmailscript.com) is almost negligible. Soooooo, whoever
> > purchased it, please be sure to post about how useless it is, how it
didn't
> > completely eliminate your form spam and how it wasn't worth your $10.
;-)
>
> Hey, some folks also give away their money to folks that promise them
> some sort of afterlife, does not mean that they shall receive!


Some folks also try to make completely unrelated analogies seem relevant.
;-)

--Tina

Re: captcha to defeat form spammers

Tina Peters wrote:
> What a dumb question. Who cares what color the font is? It can be changed
> to whatever anyone wants it to be.

So you made every character in your 'CAPTCHA' a different color and font
just because you felt like it? I find that hard to believe.

Re: captcha to defeat form spammers

In alt.html, dorayme wrote:

> "Beauregard T. Shagnasty" wrote:
>> They are extremely hard to read; I'd never use it on my sites.
>
> mmm... it is a point! Some of them _are_ hard to read, I agree.
> Most I have little trouble.
>
> My guess for
>
>

Good samples. My point, which I might expound on a bit, was that I
*studied* the graphics - up close and personal - to be sure I had the
right characters, and every time I typed one, the site told me it was
incorrect. If I couldn't read it fairly easily, I refreshed and got
another. So either I'm colorblind, or the sample page fails.

I'm not colorblind, but just now thinking about that, how would a
colorblind person ever get one of these QuickCaptcha things to work?

> So more care is needed I guess in the construction of these
> things, but the idea is pretty good as far as I can see?

Pardon my French, but the idea sucks. :-)

--
-bts
-Motorcycles defy gravity; cars just suck

Re: captcha to defeat form spammers

In article
,
"Beauregard T. Shagnasty" wrote:

> In alt.html, dorayme wrote:
>
> > "Beauregard T. Shagnasty" wrote:
> >> They are extremely hard to read; I'd never use it on my sites.
> >
> > mmm... it is a point! Some of them _are_ hard to read, I agree.
> > Most I have little trouble.
> >
> > My guess for
> >
> >
>
> Good samples. My point, which I might expound on a bit, was that I
> *studied* the graphics - up close and personal - to be sure I had the
> right characters, and every time I typed one, the site told me it was
> incorrect. If I couldn't read it fairly easily, I refreshed and got
> another. So either I'm colorblind, or the sample page fails.
>
> I'm not colorblind, but just now thinking about that, how would a
> colorblind person ever get one of these QuickCaptcha things to work?
>
> > So more care is needed I guess in the construction of these
> > things, but the idea is pretty good as far as I can see?
>
> Pardon my French, but the idea sucks. :-)

I like this kind of French.

It is, indeed, a point about the color-blind. But I don't really
see that the basic idea depends on colour:

le.gif>

And I am not at all sure why you think the idea itself sucks? As
for it not working on some page, that may be due to other faults
(surely on the link you used it would not be meant to work, but
just showing an example? But I don't know this for sure.). I very
much like the idea that a pattern recognition being can see
things that clunky old robots can't.

True, this would still leave the blind without help and this may
be something you are concerned about and fair enough too.

--
dorayme

Re: captcha to defeat form spammers

Tina Peters wrote:
> "Jonathan N. Little" wrote in message
> news:69689$4637c89c$40cba7b7$24329@NAXS.COM...
>> Tina Peters wrote:
>>
>>>> Is that the best argument you can come up with against my form? That
> is
>>>> pretends to be CAPTCHA when it isn't? Its NOT CAPTCHA and is so
> obviously
>>>> NOT CAPTCHA
>> Then why to you bother to change the fonts and colors of the "security"
>> code?
>
> What a dumb question. Who cares what color the font is? It can be changed
> to whatever anyone wants it to be.
>

What is dumb is that you would believe that anyone with technical could
not see though the ruse. If it is not important then why change the
color and font for each character, we all know why.


>>> PS: Four more people purchased it today and I can only assume that it
> was
>>> from these postings, since traffic to the site
>>> (http://www.formmailscript.com) is almost negligible. Soooooo, whoever
>>> purchased it, please be sure to post about how useless it is, how it
> didn't
>>> completely eliminate your form spam and how it wasn't worth your $10.
> ;-)
>> Hey, some folks also give away their money to folks that promise them
>> some sort of afterlife, does not mean that they shall receive!
>
>
> Some folks also try to make completely unrelated analogies seem relevant.

Maybe you don't see the correlation, but then again you may truly
believe that your script adds security. Here I will explain the
relevance of the analogy, just because some folks buy it does not prove
that it is does what you purport...

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Re: captcha to defeat form spammers

Jonathan N. Little wrote:

Okay now I see the typos! Why I connot see them before I hit send! Now
in English

> What is dumb is that you would believe that anyone with technical could
> not see though the ruse. If it is not important then why change the
> color and font for each character, we all know why.
>
What is dumb is that you would believe that anyone technical could not
see through the ruse. If it is not important then why change the color
and font for each character? We all know why.


--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Re: captcha to defeat form spammers

In article <61144$4637ff42$40cba7b7$23526@NAXS.COM>,
"Jonathan N. Little" wrote:

> Jonathan N. Little wrote:
>
> Okay now I see the typos! Why I connot see them before I hit send! Now
> in English
>
> > What is dumb is that you would believe that anyone with technical could
> > not see though the ruse.
> >
> What is dumb is that you would believe that anyone technical could not
> see through the ruse.

I liked the first version, it was more interesting, "with
technical" and the reader fills in, is not so bad at all. Play to
your strengths and have more confidence in your dyslexic typing...

--
dorayme

Re: captcha to defeat form spammers

dorayme wrote:

> I liked the first version, it was more interesting, "with
> technical" and the reader fills in, is not so bad at all. Play to
> your strengths and have more confidence in your dyslexic typing...
>

You're just toying with me aren't 'cha! :-)

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Re: captcha to defeat form spammers

In article <6b026$46380748$40cba7b7$20334@NAXS.COM>,
"Jonathan N. Little" wrote:

> dorayme wrote:
>
> > I liked the first version, it was more interesting, "with
> > technical" and the reader fills in, is not so bad at all. Play to
> > your strengths and have more confidence in your dyslexic typing...
> >
>
> You're just toying with me aren't 'cha! :-)

Maybe just a little teensy weensy bit... but that I liked that
first sentence better is a fact. It may be a Martian fact.

--
dorayme

Re: captcha to defeat form spammers

On 1 May, 21:00, "Tina Peters" wrote:

> I'm saying that spam bots have no reason to try to get around it

Spam bots have no reason to get onto my site, so I have no need for a
CAPTCHA form at all - real or fake..

If I build the next YouTube/LiveJournal, then I'll immediately become
interesting to them. Exactly at this point, fake captchas like yours
become useless.

So just _when_ is your fake form actually useful to me? And why
should I pay $10 for it?

Re: captcha to defeat form spammers

"Andy Dingley" wrote in message
news:1178101327.276409.300800@h2g2000hsg.googlegroups.com...
> On 1 May, 21:00, "Tina Peters" wrote:
>
> > I'm saying that spam bots have no reason to try to get around it
>
> Spam bots have no reason to get onto my site, so I have no need for a
> CAPTCHA form at all - real or fake..
>
> If I build the next YouTube/LiveJournal, then I'll immediately become
> interesting to them. Exactly at this point, fake captchas like yours
> become useless.
>
> So just _when_ is your fake form actually useful to me? And why
> should I pay $10 for it?

You don't have to be the next YouTube to become a target of spam bots. One
of my little sites was seeing maybe 1000 visitors per month and the form was
being spammed to death. I think a lot of people with sites that aren't on
the level of YouTube can relate.

Its useful to you when the spam bots find your unprotected form and you
become beyond frustrated with the spam that comes through. You won't find a
solution that is easier to use (except maybe taking your form offline). You
just copy/paste the form bit into your webpage and upload it and one other
file to your site.

Again, I never said this can't be worked around by spam bots. What I've
always said is that its not likely to be for a very long time and many
people are using it with excellent results. Logic dictates that with the
popularity of Captcha, its going to be figured out by spambots wayyy before
my script will be. If you want to do the whole Captcha thing...more power
to you. For those who can't easily figure that out, formmailscript.com
offers a quick/easy/cheap solution.

--Tina

Re: captcha to defeat form spammers

On Wed, 02 May 2007 03:22:07 -0700, Andy Dingley wrote:

> On 1 May, 21:00, "Tina Peters" wrote:
>
>> I'm saying that spam bots have no reason to try to get around it
>
> Spam bots have no reason to get onto my site, so I have no need for a
> CAPTCHA form at all - real or fake..
>
> If I build the next YouTube/LiveJournal, then I'll immediately become
> interesting to them. Exactly at this point, fake captchas like yours
> become useless.

I think the easiest way to kill it, if you have access to the server
mailer program's source, is just to watch the spam that actually comes in
and filter for particular strings that they use which normal posters would
seldom if ever use, dying with an error if one is found. You have to
update the code occasionally, but it only takes a few minutes.
Spam on my forms has gone from about twenty a day to zero, but YMMV.

Re: captcha to defeat form spammers

mbstevens wrote:
> On Wed, 02 May 2007 03:22:07 -0700, Andy Dingley wrote:
>
>> On 1 May, 21:00, "Tina Peters" wrote:
>>
>>> I'm saying that spam bots have no reason to try to get around it
>> Spam bots have no reason to get onto my site, so I have no need for a
>> CAPTCHA form at all - real or fake..
>>
>> If I build the next YouTube/LiveJournal, then I'll immediately become
>> interesting to them. Exactly at this point, fake captchas like yours
>> become useless.
>
> I think the easiest way to kill it, if you have access to the server
> mailer program's source, is just to watch the spam that actually comes in
> and filter for particular strings that they use which normal posters would
> seldom if ever use, dying with an error if one is found. You have to
> update the code occasionally, but it only takes a few minutes.
> Spam on my forms has gone from about twenty a day to zero, but YMMV.
>

Perhaps you should look at the free form here: www.tectite.com

There is a setting to defeat multiple urls from being inserted anywhere
in the form. I use it with a setting og "1" for the number of urls to
allow and it has virtually stopped this kind of postings. The forms are
used here:
bayareabluegrass.org on the "Fire on the Strings" page mostly. The
organization was getting 10 or more spams a day, from a relatively low
traffic site.


--
Wayne
www.glenmeadows.us
"I cannot imagine a God who rewards and punishes the objects of his
creation, whose purposes are modeled after our own -- a God, in short,
who is but a reflection of human frailty. Neither can I believe that the
individual survives the death of his body, although feeble souls harbor
such thoughts through fear or ridiculous egotism." [Einstein]

Re: captcha to defeat form spammers

On Wed, 02 May 2007 11:35:16 +0000, wayne wrote:

> mbstevens wrote:
>> On Wed, 02 May 2007 03:22:07 -0700, Andy Dingley wrote:
>>
>>> On 1 May, 21:00, "Tina Peters" wrote:
>>>
>>>> I'm saying that spam bots have no reason to try to get around it
>>> Spam bots have no reason to get onto my site, so I have no need for a
>>> CAPTCHA form at all - real or fake..
>>>
>>> If I build the next YouTube/LiveJournal, then I'll immediately become
>>> interesting to them. Exactly at this point, fake captchas like yours
>>> become useless.
>>
>> I think the easiest way to kill it, if you have access to the server
>> mailer program's source, is just to watch the spam that actually comes in
>> and filter for particular strings that they use which normal posters would
>> seldom if ever use, dying with an error if one is found. You have to
>> update the code occasionally, but it only takes a few minutes.
>> Spam on my forms has gone from about twenty a day to zero, but YMMV.
>>
>
> Perhaps you should look at the free form here: www.tectite.com


It looks like a good system for those who need the really need the big
guns, but I just look at the actual spams that are coming in and add a
function to the mail program (mine is in Perl) like:

if (
($msg =~ m/asvfdv/)
|| ($msg =~ m/guests:/ )
|| ($msg =~ m|info/index.html|)
|| ($msg =~ m/-report/)
|| ($msg =~ m/-credit/)
|| ($msg =~ m/-loans/)
|| ($msg =~ m/-airline/)
)
{
die "Error: Spam strings detected. Please remove common words used in spam.";
}

You just look at the spams that are coming in and choose some part that
would be unlikely for a real poster to use. I don't really need 9700
lines of PHP for my small problems, but I can imagine there are those that
do.

Re: captcha to defeat form spammers

mbstevens wrote:
>
> You just look at the spams that are coming in and choose some part that
> would be unlikely for a real poster to use. I don't really need 9700
> lines of PHP for my small problems, but I can imagine there are those that
> do.

All of the prefab mail form scripts I've seen seem to be designed to be
all things to all people, thus they have a lot of extra stuff I'll never
use. I, too, ended up writing my own, doing similar filtering that
you're doing, in about 200 lines of code. Once in a while I'll get a few
spam messages through it, but a tweak of the filtering stops it.

--
Berg

Re: captcha to defeat form spammers

mbstevens wrote:
> It looks like a good system for those who need the really need the big
> guns, but I just look at the actual spams that are coming in and add a
> function to the mail program (mine is in Perl) like:
>
> if (
> ($msg =~ m/asvfdv/)
> || ($msg =~ m/guests:/ )
> || ($msg =~ m|info/index.html|)
> || ($msg =~ m/-report/)
> || ($msg =~ m/-credit/)
> || ($msg =~ m/-loans/)
> || ($msg =~ m/-airline/)
> )
> {
> die "Error: Spam strings detected. Please remove common words used in spam.";
> }
>
> You just look at the spams that are coming in and choose some part that
> would be unlikely for a real poster to use. I don't really need 9700
> lines of PHP for my small problems, but I can imagine there are those that
> do.
>
>
Yes, 9700 lines, but how many are actual code? I believe all of the
documentation is included in those 9700 lines, along with all of the
changes and revisions. Perhaps the documentation is a useful learning
tool for those so inclined.

I'm happy that your solution works for you, but wonder how much time is
needed to monitor the results. The site I had listed gets quite a few
spam attempts every day (I get an email each time there is an attempt to
send multiple urls or any errors, perhaps missing or duplicate
information in the fields) even though the site does not do major
business. I am not the recipient of the forms, I only set the site up
and make changes to the structure, troubleshoot problems - like spammed
forms. It only took three forms with multiple urls for the board of
directors for the organization to complain about receiving them. Luckily
the functionality to stop them was already in the script, just not
activated.

I believe this thread started with an op that wasn't prepared to write
php programs but wanted to eliminate spam. This seems to be a good
option to me.

YMMV.

Regards,
--
Wayne
www.glenmeadows.us
"I cannot imagine a God who rewards and punishes the objects of his
creation, whose purposes are modeled after our own -- a God, in short,
who is but a reflection of human frailty. Neither can I believe that the
individual survives the death of his body, although feeble souls harbor
such thoughts through fear or ridiculous egotism." [Einstein]

Re: captcha to defeat form spammers

On Wed, 02 May 2007 08:49:15 -0500, Bergamot wrote:

> All of the prefab mail form scripts I've seen seem to be designed to be
> all things to all people, thus they have a lot of extra stuff I'll never
> use. I, too, ended up writing my own, doing similar filtering that
> you're doing, in about 200 lines of code. Once in a while I'll get a few
> spam messages through it, but a tweak of the filtering stops it.

Yes, and I think if you have a script that filters for everything, it
slows things down when you might really only need to search
for strings from the 10-20 spammers that happen to
have found you.

Re: captcha to defeat form spammers

In article
,
"Beauregard T. Shagnasty" wrote:

> > So more care is needed I guess in the construction of these
> > things, but the idea is pretty good as far as I can see?
>
> Pardon my French, but the idea sucks. :-)

I have been looking into it a bit and the business of letters on
backgrounds does suck more than I thought! And a test should
really not depend on just vision. I came across one view that
they are easy to robot crack by getting humans to solve them on a
high vol site and relaying the info back! Now I guess, if this is
right, this puts paid to all such "Turing" tests for such
purposes.

--
dorayme

Re: captcha to defeat form spammers

Post removed (X-No-Archive: yes)

Re: captcha to defeat form spammers

In article ,
let@it.snow wrote:

> >In article <46375460$0$20597$4d3efbfe@news.sover.net>,
> > Leif K-Brooks wrote:
> >
> > ...I would suggest you give them a link to a real
> >> CAPTCHA, with real security. Luckily, quite a few of them are available
> >> for free; for example, QuickCaptcha:
> >> .
> >

>
> Can someone help me integrate this Quickcaptcha with my two contact
> forms? This should be a really easy job and I'm willing to pay US$ 50
> by PayPal for the work. I'm not a PHP coder so I'd be unable to do the
> job myself.

Alternatively, you could post a question at alt.php, there are
many helpful people there.

One thing to note about this particular "Turing" test technique
is the difficulty not a few people will face in reading the
correct numbers even though well sighted. As discussed in this
thread.

I think there must be better implementations. One simple thing
better would be for the whole image to be about 5 times bigger!
That would solve many of the difficulties. And the idea of
confusing backgrounds can be taken too far. If the images were to
be bigger and the background plain white, you could turing away
on the distortion to the letters and it all would be easier for
humans, but I doubt easier for robots.

Letters are a very limited idea for this sort of thing. What
humans are good at is pattern recognition and background
knowledge of the world. Better to have things like "Was Marilyn
Monroe an actor, an athlete, a prime minister etc out of a big
field. A few human slam dunkers and the punter has to get over
90% score or whatever, a robot not having a chance. There are
many other things that would give crisper results.

--
dorayme