The Little Guy Posted September 28, 2008 Share Posted September 28, 2008 I keep getting spam on my site, I am not sure how to stop it. Site: http://phpsnips.com/ I allow all non-members to post comments, but they have to type in a CAPTCHA from an image. I allow all members to post comments, but they don't have to type in a CAPTCHA (no member spam yet). Quote Link to comment Share on other sites More sharing options...
dezkit Posted September 28, 2008 Share Posted September 28, 2008 Captcha too weak? Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted September 28, 2008 Author Share Posted September 28, 2008 IDK, have a look at it, http://phpsnips.com/images/captcha.php (it changes every page refresh). Quote Link to comment Share on other sites More sharing options...
dezkit Posted September 28, 2008 Share Posted September 28, 2008 I am guessing you should add more characters and make the characters a little less visible. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted September 28, 2008 Author Share Posted September 28, 2008 The chars are less visible now. Quote Link to comment Share on other sites More sharing options...
CroNiX Posted September 29, 2008 Share Posted September 29, 2008 There is software that can get past most captcha now. Character recognition Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted September 29, 2008 Author Share Posted September 29, 2008 Yeah, but not if they can't recognize all fonts...? Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted September 29, 2008 Author Share Posted September 29, 2008 I added an extra anti-spam object... Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted September 29, 2008 Author Share Posted September 29, 2008 OMG, I am still getting TONS of spam... Quote Link to comment Share on other sites More sharing options...
damianjames Posted September 29, 2008 Share Posted September 29, 2008 Try ReCaptcha maybe? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 29, 2008 Share Posted September 29, 2008 Either your form processing code contains a security hole and the captcha is being easily bypassed or your captcha image is easy for automated spam bots to decode (all the characters are in a nice neat line and are all the same size and orientation and the small lines used for noise are all small compared to the size of the text and they are all the same width and would be easy to mathematically remove from the image) or your form processing code is not validating what was submitted well enough to filter out posts that contain undesirable content. The best captcha in the world won't stop someone if your form processing code still allows the content that they want to post. Only allow alphabetic characters and a few punctuation marks. You could convert the code to fully moderate posts that are not from members. Don't automatically display non-member posts until they have been manually reviewed and accepted. Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted September 29, 2008 Share Posted September 29, 2008 Your CAPTCHA is two weak. The letters aren't distorted or skewed. They are always at a fixed position so it's relatively easy to figure out where to look. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted September 29, 2008 Author Share Posted September 29, 2008 I am assuming the GD library can not swirl the image, so would that mean I would also have to use ImageMagick? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 29, 2008 Share Posted September 29, 2008 Your form processing code is the last link in the chain of preventing spam content. It must be the strongest link, not the weakest one, because no matter what you do to your captcha, a real person will be able to submit spam by entering the captcha phrase. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted September 30, 2008 Author Share Posted September 30, 2008 So far, my new Image is doing well, I don't have any spam yet... It could still be a bit better, with some swirls to it though... Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted October 2, 2008 Author Share Posted October 2, 2008 OK! Not bouncing the text around was a MAJOR issue, I have gone for about 3 days now, and have not gotten any spam! Quote Link to comment Share on other sites More sharing options...
Brian W Posted October 2, 2008 Share Posted October 2, 2008 Can you post your CAPTCHA generating code? Please... I am interested in upgrading some of my site's security. Right now I use a CAPTCHA and sleep(3) for the sign in form. Just trying to make it difficult for to brute force. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted October 9, 2008 Author Share Posted October 9, 2008 OK, I have gotten spam again... How does Wikipedia do it? Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted October 9, 2008 Share Posted October 9, 2008 OK, I have gotten spam again... How does Wikipedia do it? They have a lot of humans world-wide who search for spam, vandalizing, etc. and removes it. Quite often before very many people notice. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted October 9, 2008 Author Share Posted October 9, 2008 can robots perform JavaScript form actions? Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted October 9, 2008 Share Posted October 9, 2008 Possibly. Who knows except for the author of the robot? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted October 9, 2008 Share Posted October 9, 2008 You must have missed reading these parts of the thread - ...or your form processing code is not validating what was submitted well enough to filter out posts that contain undesirable content. The best captcha in the world won't stop someone if your form processing code still allows the content that they want to post. Only allow alphabetic characters and a few punctuation marks. You could convert the code to fully moderate posts that are not from members. Don't automatically display non-member posts until they have been manually reviewed and accepted. Your form processing code is the last link in the chain of preventing spam content. It must be the strongest link, not the weakest one, because no matter what you do to your captcha, a real person will be able to submit spam by entering the captcha phrase. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.