Jump to content

will this be a good anti-robot function ?

jamesxg1

By jamesxg1
in PHP Coding Help

 Share

Recommended Posts

jamesxg1 Advanced Member

jamesxg1

Posted
Posted

ok iv noticed that auto-mated robots fill the selected form in and then searches the page for a button, if i was to do the following would it works,

 

ok so u have this. . .

 

if (isset($_POST['submit'])) {

your code here !!

}

 

and

 

<input type="button" id="submit" name="submit" value="submit">

 

ok so to make it so that the robot doesnt know what the submit button is i wanted to make the script randomly generate a 4 figure mixed line and i want it to be like so. . .

 

$random = rand(1, 10);

 

and then go. . .

 

if (isset($_POST['$random'])) {

 

<input type="button" id="$random" name="$random" value="$random">

 

 

Would this work ?

 

Thanks,

 

James.

Link to comment
https://forums.phpfreaks.com/topic/158539-will-this-be-a-good-anti-robot-function/
Share on other sites
kickstart Member

kickstart

Posted
Posted

Hi

 

As above, but plenty of other things you can do to make life more difficult for the spammers.

 

You can use dynamic field names.

 

You can have form fields that are not displayed and check if they have changed. Possibly repeat all the form with one copy hidden using CSS but with alternative field names which could be real names. Wrong fields returned then you know it wasn't a normal user.

 

Ask a question which is easy for a normal person to answer.

 

Timestamp the form and check how quickly it is returned.

 

Maybe use Javascript to change the action tag on the form once the page is loaded (although this would prevent the page being used by those who have javascript turned off).

 

etc.

 

Nothing will ensure that a bot cannot get through (including Captcha stuff), but all make life difficult for the them.

 

All the best

 

Keith

Daniel0 Advanced Member

Daniel0

Posted
Posted

As above, but plenty of other things you can do to make life more difficult for the spammers.

 

You can use dynamic field names.

 

You can have form fields that are not displayed and check if they have changed. Possibly repeat all the form with one copy hidden using CSS but with alternative field names which could be real names. Wrong fields returned then you know it wasn't a normal user.

 

Ask a question which is easy for a normal person to answer.

 

Timestamp the form and check how quickly it is returned.

 

Maybe use Javascript to change the action tag on the form once the page is loaded (although this would prevent the page being used by those who have javascript turned off).

 

I could easily create a script that would circumvent all of those things... Except maybe the "ask a question". It would sort of depend on what the question is.

kickstart Member

kickstart

Posted
Posted

I could easily create a script that would circumvent all of those things... Except maybe the "ask a question". It would sort of depend on what the question is.

 

Possibly you could, but 99% couldn't and would just go for attacking another site. Anything which just returns a normal form is far easier to attack, and having the hacker have to evaluate not only the form but also the css and / or javascript will make it far more of a job.

 

As mentioned captchas can be broken as well.

 

All the best

 

Keith

Daniel0 Advanced Member

Daniel0

Posted
Posted

Evaluating CSS and Javascript wouldn't be necessary for specialized attacks. The developer of the bot could simply check the Javascript algorithms and the CSS rules to determine what to do with the served HTML, and write his bot accordingly.

 

Relying on Javascript could in some countries be regarded as violation of disability discrimination laws. As an example, if you are blind you would have to rely on screen readers, and these cannot use Javascript. Then there are of course all the normal users like me browsing with Javascript off who you would piss off.

kickstart Member

kickstart

Posted
Posted

Evaluating CSS and Javascript wouldn't be necessary for specialized attacks. The developer of the bot could simply check the Javascript algorithms and the CSS rules to determine what to do with the served HTML, and write his bot accordingly.

 

Relying on Javascript could in some countries be regarded as violation of disability discrimination laws. As an example, if you are blind you would have to rely on screen readers, and these cannot use Javascript. Then there are of course all the normal users like me browsing with Javascript off who you would piss off.

 

All true, and the same applies to all other techniques (including any captchas), although no reason the CSS cannot be generated dynamically, forcing the spammer to write code to process it.

 

All we can do is make life more difficult to write software to spam, and these ideas will all make it more difficult.

 

Even then you just land up with people using cheap bureaus to use humans to get through the spam checks and do things manually.

 

Biggest issue is running common software (such as bulletin boards), used by many sites. Requires minimal coding to hit a max number of sites. In these cases minor changes can help by rendering the particular site different enough from the other millions being attacked. Certainly has worked on a phpBB based site I run, where I have no doubt the minor changes could be coped with.

 

All the best

 

Keith

Daniel0 Advanced Member

Daniel0

Posted
Posted

The most effective solutions seems to be using sophisticated AI and machine learning algorithms to analyze and detect the content of spam messages like I would assume is how Gmail's spam filter works. That's way over the head of most web developers though. There are some services such as Akismet that offer an API for content based spam detection.

kickstart Member

kickstart

Posted
Posted

Hi

 

Gmails spam filters are not perfect, although it is a doddle to report spam. I suspect the ease of reporting and the large user base makes analysing such spam easy. However not sure how many of us are processing emails except in limited circumstances (including the original poster).

 

My view is just to pick and choose many different methods (customised to your own site) to make life difficult for those trying to automate the use of sites to make their coding more difficult and more expensive.

 

All the best

 

Keith

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.