Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Touring Test (Anti-Spam)


Guest

Recommended Posts

Posted

Much as I love the idea of "recaptcha', I really don't need to go that far.

 

I want a simple human test for my Contact Us page to foil the random spider that keeps sendinng me this:

"Sp7HCf _a href="http://xexj[broken]sdus.com/"_xexjsxwjsdus_/a_, tavor.com/]glvopzitavor, [link=http://acsmkuc[broken]hnybs.com/]acsmkuchnybs[/link], http://neqiyrc[broken]wmcyj.com"

 

In cgi, this is a simple process. I just add an extra text box with any simple task, like basic addition, to the form. Here's and example:

http://www.tedward.org/torgmail.html

 

I obfuscate the field names so that "mail" doesn't show up anywhere, that stops some. then we add the touring test at the bottom. Just this little line will stop all robots. they can't understand the request. Sure they can read it, but they can't do the math. It's simple, more effective than captcha, and less stress on the customer.

 

Can anyone do this in php?

Posted

Can anyone do this in php?

 

Yes, and it's fairly simple. Insert something like this into the HTML output:

 

<tr>
 <td class="main">Anti-spam: what is the sum of 7 and 14?</td>
</tr>
<tr>
 <td class="main"><?php echo tep_draw_input_field('antispam'); ?></td>
</tr>

Then, in the portion of the code that processes the POST, you put something like this:

 

if (!isset($HTTP_POST_VARS['antispam']) || (int)$HTTP_POST_VARS['antispam'] != 21) {
 $error = true;
 $messageStack->add('contact', 'Invalid answer for the anti-spam question');
}

EDIT: The last part is not quite as simple as I make it out to be. The contact_us.php code doesn't actually process $error, so you'll have to modify the existing code a bit to correctly process what I wrote above.

Check out Chad's News.

Posted

Or, an invisible field (say, display: none; in the CSS) with input. If anything comes in non-null for that field, you know that a bot filled it out. At any rate, you want the type of question and the inputs to be different for each visitor. There are many ways to test, and none of them are foolproof, especially as more and more spammers are using real people to register and send spam contact messages or forum postings.

 

By the way, it's Turing Test, named for Alan Turing, the Founding Father of Computer Science. He did critical work on "Ultra", used to break the German "Enigma" code, and "Colossus", used to break the top level German "Lorenz" ("Fish") code during WWII. Despite his services to the Allied cause, he was executed by Britain in 1954 for the crime of being gay.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...