Jump to content

Recommended Posts

place question id into hidden input

 

That's a bad idea. Imagine someone who wants to abuse the form would only have set the same question id and pre-fill the answer, eureka!

 

Instead store the correct answer in the session instead of the form.

If you are going to do this, you need to output the question in the form of an image (that does not have a fixed/unique signature for each question) so that a bot script cannot simply scrape the question out of the html source and lookup the text answer or solve the math expression and post the answer.

 

I was a moderator on a different php helo forum and the owner's office thought it would be a good idea to replace an existing traditional image based captcha (enter the letters/numbers you see) with a simple text based question/answer captcha, with a limited number of random questions/answers. The number of automated registrations (followed by spamming) went from one every few days to ~ 250 per day for a couple of days until the person that made the change got around to undoing what he did.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.