Felix,
yes I know captchas are bad. Why should we code in xhtml, make
unobtrusive _javascript_, and then use captcha ?
I know the "fake porn site" strategy as anti-anti-bot. I guess it would
also be efficient against my preferred method of "organic questions".
The only efficient solution I see against spam, would be towards
"identity 2.0". By any chance, you know if there would be some identity
2.0 solution
we can put our hands on soon ?
olivvv
Felix Geisendörfer wrote:
Jo Olivier,
Captchas are *bad*. Those things are better for keeping blind people
out, then they are for defeating actual spammers. This is because some
captchas can easily be decoded, but mainly because they are easy to
hijack. If you want to spam a site with captchas, you simply set up 1-x
"The greatest porn you've ever seen"-sites, make their url's popular by
spamming non-captcha sites and you've got a good amount of 'users'
visiting the site. Now when those users open up one of the fake porn
sites, they will see a captcha from the site you want to spam, and be
asked to solve it in order to get in. And hey, people are stupid like
that and will fill out hundreds of captchas for you, that you can use
to spam the site, where they were from.
It's not as efficient as spamming non-captcha sites, but the more
captchas become popular, the more it will be done.
What else is there? Well RosSoft mentioned hidden fields, which I make
use of in 1-2 sites of mine as well and it works pretty good (no spam
so far). However, if the site you do is pretty big, people will
eventually write customized spam bots for it. Now, your only other
solution right now is to keep blacklists, with words, ip's, etc. or to
use some form of self learning statistical ai / filter. Tons of work if
you want to do it yourself.
What I would recommend right now when you seriously want to fight spam,
is Akismet they offer their spam
filter as a free web api (for sites that make less then $500 / month)
and there are a couple php api's for it. In order to get a key you have
to open up a wordpress account over at wordpress.com, but you can
really use it for any site, not just blogs. Before I started making use
of their technology I had to filter out tons of spam on thinkingphp.org, now that I have
it installed only 1 spam comment made it through the filter, and 2405
didn't. So right now, I think they are doing a really good job (thx for
dhofstet for pointing them out to me) and it's worth considering to
integrate their api.
Anyway, spam remains a big problem, and anybody who can come up with a
simple and practical solution could potentially make a good fortune out
of it ; ).
Best Regards,
Felix Geisendörfer
--
http://www.thinkingphp.org
http://www.fg-webdesign.de
Olivier Percebois-Garve schrieb:
I'm not specialist of this but the usual "brutal" anti-bot approach is
the captcha.
If there is some trust in the user base, another way is to add a
confirmation field
with common sense questions provided by the users.
Like "what is the color of the sky ?" and if "blue" does not come as
answer for this field, then the post should be invalidated.
However it probably it requires a lot of coding to have something
smooth, with rotation of questions, etc..
olivvv
[EMAIL PROTECTED] wrote:
Thank's ;-)
I think try referer + time_period (1 post in 1 minutes.. Or something
like this)...
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~---
