• From: Wiesbaden
  • Registered: 2008-01-10
  • Posts: 2

Topic: Anti spam solution?

I tried the following anti spam measure and until today
it works 100%, no spam bot registration at all. Before, I had about two or three
per week.
Just curious what you think about it, is it appropriate or is the barrier to big?

I added a question to the registration page which asks for a name of an object in an image which
is displayed on the web page. I use the icon of a small ship and ask which object is displayed.
http://www.acodedb.com/forum/register.php

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: Anti spam solution?

Looks good I hope it will work for you..


Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

3 Reply by MattF

  • MattF
  • Senior Member
  • Offline
  • From: South Yorkshire, England
  • Registered: 2007-03-15
  • Posts: 1,956

Re: Anti spam solution?

norbert wrote:

Just curious what you think about it, is it appropriate or is the barrier to big?

Can't see any problem with it personally, other than perhaps accessibility related, (but with all the stuff required in that regards, it's a losing battle anyhow). big_smile Might be worthwhile altering the alt= text on that image to just ship, however, rather than sailing ship.

It's similar to the V.I.P code mod on other forums software which you tend to see in use on quite a few sites. Quite like the concept myself.

MattF's Website

  • From: Wiesbaden
  • Registered: 2008-01-10
  • Posts: 2

Re: Anti spam solution?

quaker and Mattf, thank you for your comments.

I thought about the spam problem for quite a while and I asked myself
why not going a step further and delegating the whole process of "verifying that you are a human" to an external project/server?

This would free the forum developers from constantly improving the verification system.
Also it would help to keep the size of the forum code small.

The idea is to load the link of a random image together with the answer from a remote server and use both
to verify if the user is a human.

For testing I set up such a solution for my own forum registration page and it works quite well.
You could use it for your TEST-installation right away if you like.
Only register.php and 70_mod_php5.conf need few additional lines.

Here is how it works:

Download the modified register.php and overwrite the existing register.php with it.
Enable allow_url_fopen only for register.php (Gentoo):

vi /etc/apache2/modules.d/70_mod_php5.conf

Add 

 
<Location "/forum/register.php">
    php_admin_flag  allow_url_fopen On
</Location>

Restart Apache
Go to the register page of your forum. For every reload a new random images is loaded.

Patch for register.php
Additional lines only

It is not yet hardened of course. For example the hash of the answer is visible to the client.
In a later stage it may be used with one-time links to the images and all data for the answers should be on the server only.

5 Reply by MattF (edited by MattF 2008-01-12 19:03)

  • MattF
  • Senior Member
  • Offline
  • From: South Yorkshire, England
  • Registered: 2007-03-15
  • Posts: 1,956

Re: Anti spam solution?

Why not just use a session with matching image/answer in arrays for a random selection? Btw, it should be local to the server, not remote if possible. You'll run the possibility of time delays and no image if the external site is down, or for a number of other possible reasons.

MattF's Website