miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
Specific miniBB Support Forums / Specific /  
 

Reverse CAPTCHA - anti-bot spam

 
Author Steve Shaw
Partaker
#1 | Posted: 25 Jan 2012 22:34 
I use Tectite.com forms on my website, and they have a great anti-spam process in the form of REVERSE CAPTCHA.

This seems to work 100%. I have been running it for over 5 years, and no spam at all.

See here: http://www.tectite.com/fmdoc/attack_detection_reverse_captcha.php

My question is how can I use this in MiniBB (being that my coding skills are HTML and CSS, not PHP)?
It looks to me (with my poor coding skills) that this would be a great way to reduce spam without using a normal human CAPTCHA - I just don't like them... personal view.

Any ideas/thoughts?

Author Paul
Lead Developer 
#2 | Posted: 26 Jan 2012 11:34 
As you know, we provide custom solutions for $25/hr. Investigating how it works may take up to 4 hours. $100 in total for this.

But honestly, I didn't understand what this solution is about.

They obviously force you to provide some extra fields on the form.
Obviously, values of these fields are passed to the script in a clear way. One of them is obviously generated in the JavaScript.
Everything which is submitted from the form, can be submitted by an automated program. Even JS values.

The only thing to avoid automated program know what is passed, is to show the value on the generated picture. The sense of Captcha is here. Automated program mostly can't read what's shown on the picture, because this data is not the part of the form. Therefore it can't fake to submit this data.

I would say, any other solution which passes data via POST can be broken.

We have an unbreakable and proved one for $6. It's a matter of your taste.

Author Guest
~
#3 | Posted: 26 Jan 2012 12:46 
Hi Paul,

The extra fields are hidden, so users see nothing additional.

One field is blank, the other pre-filled.
But when read by a bot it sees both as a valid fields to be filled in, so fills them in.
I have the blank field set as an obvious 'type' - Zip (post code), so a bot will attempt to fill in a zip code.
The other is set to 'City' but with the words 'Type Here' pre-filled.
A bot will overwrite the field with a city name, so changing it from 'Type Here'.

Either fields being filled-in/changed cause the form to be seen as being filled in by a bot, so is rejected.

As users can't see the fields they never alter them.

Works very, very well!

Cost is not an issue - but I really don't like normal CAPTCHAs, if that's what you mean by a $6 unbreakable one?

Author Guest
~
#4 | Posted: 26 Jan 2012 12:51 
Oh - I should say I was looking at this for user registration, not message posting!

Author Paul
Lead Developer 
#5 | Posted: 26 Jan 2012 14:11 
I'm still not sure how it works.

You don't have to rate it from the bot point. I'm not sure why the bot should pre-fill some fields or analyze the form. It should just submit what is required on the other end.

So this script - what does it require on the other end? What data should be passed to get it as the valid input?

Author Steve Shaw
Partaker
#6 | Posted: 26 Jan 2012 14:34 
Difficult for me to answer this, as my coding knowledge is not good enough. But...

I have this in my forms:

<div style="display:none;visibility:hidden;">
<input name="city" type="text" value="type here">
<input name="zip" type="text" value="">
</div>

When the form is submitted if there are any changes in the 'user value fields' the form is rejected.
Real users can't change the value fields as they can't see them.
Bots change them...

Make better sense?

Author Paul
Lead Developer 
#7 | Posted: 26 Jan 2012 14:45 
Steve Shaw:
Bots change them...
So if I would be a bot, and if I wouldn't change these fields - the form would pass, correct?

Author Steve Shaw
Partaker
#8 | Posted: 26 Jan 2012 15:03 
Yep, but in the various forms that use this method, the field names are not consistent, so it impossible to tell a bot which fields to not change.
The examples I gave is just from one form - other forms use different 'names' to identify the fields.

Keeps it random ;o)

Author mikeatv
Guest
#9 | Posted: 17 Feb 2012 19:59 
Why wouldn't the bot just ignore any field that is hidden? It doesn't need to know the name of the fields that will be hidden it just needs to look at the page source.

Author Paul
Lead Developer 
#10 | Posted: 20 Feb 2012 12:16 
The bot itself doesn't do anything. The programmer who codes the bot, does.
And any programmer can pass or substitute any hidden field's value.
It's a lame approach to try to achieve something secure with hidden fields, which can be easily faked.

Author Guest
~
#11 | Posted: 2 Dec 2012 08:06 
Paul
You hide the field with CSS. There's no way for the bot to know which fields are hidden.

Author Paul
Lead Developer 
#12 | Posted: 3 Dec 2012 15:34 
For the bot - no.
For the hacker - lots of ways.

Specific miniBB Support Forums / Specific /
 Reverse CAPTCHA - anti-bot spam
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Check out the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑