Additionally, the other method that was suggested (asking questions which almost have the answers embedded in them) and, by ensuring enough questions and randomness, would also be difficult to crack with a bot (although easier than the Captcha method). I'd use a "dealing" method (shuffle the deck of questions, each time a question was used it was removed from the deck - when the desck is empty you start again).
The method of embedded a signature in a hidden field can easily be replicated. A bot would only need to make one additional HTTP call to first get the hidden information.
A screen scraping bot (e.g. something written using a test tool - for example) could easily "pretend" to type into the page.
All the token or signature method does is slow down the process.
On 4/24/06, Patrick H. Lauke <
[EMAIL PROTECTED]> wrote:
Hassan Schroeder wrote:
>> http://muffinresearch.co.uk/archives/2005/09/26/dvoraks-comment-spam-fix/
>
> And this "prevents" automated submissions exactly how?
>
> Is this based on the assumption that bots can't handle cookies and
> therefore won't submit within the context of the session from which
> the form was loaded? Or that bots won't request a form, fill in the
> fields, submit, lather/rinse/repeat?
>
> Both assumptions seem pretty optimistic to me :-)
For the time being anyway, most if not all mass bot form submissions I'm
aware of are written to go straight for the receiving page which,
particularly in the case of blogs, is usually on a known address.
But as ever, it's an arms race between bot writers and anti-spam measure
writers. The more people use a particular anti-spam solution, the more
likely it is that bots will emerge to circumvent it...
--
Patrick H. Lauke
__________________________________________________________
re·dux (adj.): brought back; returned. used postpositively
[latin : re-, re- + dux, leader; see duke.]
www.splintered.co.uk | www.photographia.co.uk
http://redux.deviantart.com
__________________________________________________________
Web Standards Project (WaSP) Accessibility Task Force
http://webstandards.org/
__________________________________________________________
******************************************************
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list & getting help
******************************************************
