Forums

Captcha and Required fields not doing job

nml375 27 Jul, 2009
Hi,
Unfortunately, Captcha's aren't fool-proof. There is, in fact, a growing industry of providing "de-captcha" services where shady firms decode the image on-the-fly for their client. Even so, it does weed out the simplest of attacks, and adds some costs to the spammers.

If possibly, try switching to the ReCaptcha plugin. They got a few additional features to detect automated services trying to bypass captchas.

Regarding the required fields, unless you've enabled the serverside validation and added some custom code, all the validations regarding required fields and content is done by javascripts in the client browser. Since most spambots are pieces of custom software, these rarely care for javascripts.
As such, this feature is rather intended for the real visitors to make sure they've filled out everything properly before they submit, rather than to stomp additional spam.

Some other techniques I've seen are (user agent) non-visible inputs, that these spambots pick up and fill, while a normal user would not see and not fill. This could be implemented through the server-side validation, but would require some creative html-styling/coding to either hide the input or let the user know it should not be filled (without letting any spambots know).
Others use base64-coded javascripts to add a required input, which some spambots would not see. This would however lock out any browser not supporting javascript.

Other approaches are blacklists, but since most spammers use hi-jacked systems, chances are they'll move on to another hi-jacked system while you're banning valid clients.

All in all, fighting spam is difficult. If you find a mechanism that works, chances are others will also use this mechanism - and spammers will find it worth cracking, and you need a new mechanism.

/Fredrik
This topic is locked and no more replies can be posted.