Arrow

Version 0.1 released! | Peter's Random Anti-Spam for WordPress | Forum

Back to the random anti-spam plugin page

Please consider registering
guest

Log In

Lost password?
Advanced Search

— Forum Scope —

  

— Match —

   

— Forum Options —

   

Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
Version 0.1 released!
July 28, 2007
7:00 pm
Peter
Admin
Forum Posts: 841
Offline

This spin-off is for those who want some random text instead of custom text... it also has a handy new feature whereby you can click on the image to generate some new text!

Download the release on the plugin page:

http://www.theblog.ca/?page_id=138

July 29, 2007
9:34 am
wirelessguru
Guest

Peter,

After reading the negative comments about Captcha in the comments of your latest plug-in, I thought of an idea for a variation of your plug-in that may help to resolve some people's Captcha problems.

Shall I post it here, or would you prefer to correspond via e-mail?

July 29, 2007
10:54 am
Peter
Admin
Forum Posts: 841
Offline

Sure, post your idea here. I don't really consider them to be negative comments. It is true that CAPTCHA does not always work. However, it foils most spambots and can be part of a comprehensive anti-spam solution. The filter solutions can never be perfect either — they will also produce false positives (thus filtering out legitimate comments) and let some spam comments through. I recommend using both an easy-to-read CAPTCHA and a filter.

August 1, 2007
12:45 am
wirelessguru
Guest

Similar to the math that is required in the forum, is there a way you could combine an anti-spam image of a math problem, and the answer would be required?

August 1, 2007
7:15 pm
Peter
Admin
Forum Posts: 841
Offline

That's a great idea :D

In my opinion, the challenge is to structure the plugin so that the answer cannot be guessed by any of the information available in the HTML code, without using cookies or JavaScript.

In other words, there has to be no mapping possible, except by someone reading the image.

For example, with my Custom Anti-Spam plugin, there's a set number of words, so if you were to, say, define only two anti-spam words ("bottle" and "cookie"), antispamgenerator.php?id=1 (visible in the code) would always generate "bottle" and antispamgenerator.php?id=2 would always generate "cookie".

With the Random Anti-Spam plugin, there isn't a set number of words, making it a lot harder to map, but still very possible. Something like antispamgenerator.php?id=325skfjasdf3 (again, visible in the code) will always produce an image that says "2ccffd".

In both cases, of course, you can periodically change the mapping, by either switching the words or switching the encoding key. A much stronger defense would automatically shuffle the words or encoding key with a cron job.

Any ideas on how to overcome this sort of mapping for a math problem, or is it something we'll just have to live with? We still have to feed the image generator some sort of information (visible in the code unless we used $_SESSION, which requires cookies) that would let it know what numbers to output...

August 2, 2007
1:08 am
wirelessguru
Guest

I hadn't realized the complexity needed so that the "answers" couldn't be easily read in the code.

I'm not sure many people would be opposed to a plugin that used cookies - but if someone didn't use cookies would that break the plugin, or make it easily bypassed? I'm using the Subscribe-to-comments plugin on my site - which uses cookies.

I wonder how the "Math Required" plugin in the forum works to curb spam, and if it's any better than an anti-spam image.

You might be interested in a recent Security Now podcast about CAPTCHA http://www.twit.tv/sn101

August 5, 2007
1:35 am
Peter
Admin
Forum Posts: 841
Offline

Thanks for the link!

I'm resigned to the fact that there will be spambots who will read my CAPTCHA images. As was discussed in the podcast, if the spambots can't be bothered to read the images, some feed them to porn registration pages as "pretend" anti-spam images. They gather the user input on the porn registration page (which doesn't actually check what was entered) and forward what was typed back to the form they're trying to spam. This process (duplicate image; collect user input on another site; forward that user input to the original site) can happen almost instantly.

However, I am willing to put up with a spam message every once in a while instead of making it too hard for human visitors to read the anti-spam word or excluding certain visitors from being able to comment (that being said, it's on my list to add an audio option for anti-spam words as a built-in feature for visually impaired users!).

I think I've finally solved the mapping problem though :D

I'm testing out the next release of the custom anti-spam plugin (it will be 2.9.0) on theblog.ca. Basically, the new version generates a new anti-spam word mapping for each visit and stores it in a database table. Once a comment for that mapping goes through or 24 hours has passed, that specific mapping in the database table is deleted. If all goes well, I'll also implement this framework for the random anti-spam and possible math anti-spam versions!

The "Math Required" plugin came with the forum and I haven't had any spam yet. However, the forum posting system uses JavaScript, which is a barrier for spambots (but also for a fraction of human visitors as well).

August 5, 2007
9:53 am
wirelessguru
Guest

Thanks for the updates. I'll be looking forward to your latest releases. Keep up the good work.

August 24, 2007
3:36 am
Peter
Admin
Forum Posts: 841
Offline

The Custom Anti-Spam Image, Math Version is mostly ready... I'll be testing it out on my blog next week, hopefully for release in early September.

September 11, 2007
12:38 am
Peter
Admin
Forum Posts: 841
Offline
10

Math version released...

http://www.theblog.ca/?page_id=151