Ramin Hossaini

How to get rid of your CAPTCHA and still avoid spam

Sep
24

CAPTCHAs. You hate them, I hate them. Everyone’s seen them and everyone will tell you they’re annoying.

captcha

I’ll admit, I used to use a Maths CAPTCHA, cause I thought it’d be easier for someone to add 5 + 6 than to read some scew text-characters. Apparently this only annoyed people more though (there is an amazing aversion to Mathematics out there). I can’t blame you, it really is annoying.

captcha2

And this one is very popular. Which apparently uses CAPTCHAs to help digitize books. That’s great, but I don’t feel like helping.

captcha3

Which all brings me to something I’d encourage more people to use.

Spambots fill up fields in a form and submit. If there’s a CAPTCHA, advanced spambots actually solve it and enter a value. Which leads to more advanced (nastier-looking) CAPTCHAs.

Invisible Defender is an example of spam-protection that does things a little differently. Instead of displaying a CAPTCHA, it adds a bunch of generic fields to the form. These fields remain invisible/hidden from the typical user:

captcha4

(Most) Spambots don’t realise this and fill up those fields too. The script detects if the fields were filled in and if they are, it shows an 403 error-page to the bots. I heard of this simple-concept about a year ago and thought it was such an eloquent solution. It almost seemed too simple to work.

Mind you, spambots are getting smarter, so some get past this too. But so far it’s worked pretty well for me. I’m curious to know about your experiences too!

6 Responses to How to get rid of your CAPTCHA and still avoid spam

  1. Interesting…I am going to try it…

  2. Ramin,

    I frequently use this, the Honey-Pot technique as I’ve heard it called, and it really works extremely well. A few more tips:

    – Don’t name the input something that might get filled in by an auto-form-generator.
    – If you’re storing data, it may be helpful to store it no matter what and mark it as spam, so if the technique fails somehow, the data isn’t lost.
    – Setup a system so if an interval between submissions is greater than X a captcha appears; no reason for a bot to be hammering your servers

    Also, http://xkcd.com/632 🙂

    -Nicky

  3. Thanks Nicky!

    I agree – I’m still trying to find a plug-in that generates random IDs for the hidden fields, if I dont find one I think I might code one up myself!

  4. I saw one that had a pick the odd one out, eg “one, two, sheep, three” – although it obviously requires user interaction, which is what I guess you want to avoid?

  5. Borna,

    I thought those logic-ones were cool too, but yeah, it would be slicker if it avoided the whole “prove to me that you’re human”.

    Tell the pilg. team to get rid of it on the external site! 😉

  6. So…I implemented the plugin, started getting a few spam comments a day. 😛

Leave a Reply

Your email address will not be published. Required fields are marked *