Re: [PHP-DOC] fight spam in notes system [patches]
Hi there, I've made something, please take a look at that: The spam challenge currently implemented is a first degree equation solver. e.g. "What is the value of x that satisfies this equation: - 20 = - 2*x + 56". It can handle 2 types of answers: 1) multiple choices (will display a list of radios) 2) one choice (a text input) The type of answer accepted depends on the spamProtection_callback used, it was designed to handle more than one type of challenge, and randomly choose one of them. Here is the files I've modified: php-master-web/entry/spam-protection.php [1] (new file) php-master-web/entry/user-note.php [2] phpweb/manual/add-note.php [3] + Dump of the new required SQL table [4] It *should* work, but I've no testing environment, is there one available ? Thanks in advance. [1] http://www.colder.ch/repository/php/php.net/spam-protection.php [2] http://patches.colder.ch/user-note-1.55.patch?markup [3] http://patches.colder.ch/add-note-1.69.patch?markup [4] http://www.colder.ch/repository/php/php.net/spam_tickets.sql.txt -- Etienne Kneuss http://www.colder.ch/ [EMAIL PROTECTED]
RE: [PHP-DOC] fight spam in notes system
Another option would be to get the submitters to answer PHP questions. That way, they have to understand PHP to be able to submit the note! Our own sort of mini ZCE test! As a ZCE myself, I, of course, would be exempt from answering these questions! -Original Message- From: bu [mailto:[EMAIL PROTECTED] Sent: 13 June 2006 15:22 To: Hannes Magnusson Cc: phpdoc@lists.php.net Subject: Re: [PHP-DOC] fight spam in notes system Hello everyone, Here is some of my personal thought. Why don't we just give them some choice to choose? e.g. Who is known for his great formula "E=mc square"? [O] Albert Einstein [O] Thomas Edison [O] Alfred Nobel ([O] means a radio button) Is the BOT able to choose which one is true? If it can't, we can use this solution. ~ bu 在 2006/6/13 下午 12:16 時,Hannes Magnusson 寫到: > On 6/12/06, Pierre <[EMAIL PROTECTED]> wrote: >> On Mon, 12 Jun 2006 13:48:46 +0200 >> [EMAIL PROTECTED] (Etienne Kneuss) wrote: >> >> > Hi Nuno, >> > >> > 3. +1 >> > >> > I can think of two more solutions against it: >> > >> > 4. QI test, with a simple math calculus (maybe in a phrasal form >> "what >> > is the result of three plus for?") >> >> I prefer this one too (without typos ;-), text to speak or blind >> users will appreciate it too. >> >> -- Pierre >> > I am all for basic questions like "what year is it?" "which function > are you commenting on?" "If I had five apples and you eat 3 of them, > how many do I have left?" etc. etc. > > captcha... ...no way. not a change. I'd rather keep the system closed. > > -Hannes
Re: [PHP-DOC] fight spam in notes system
Hi I've some ideas and some time, so I'll try to make something about that (provide a patch). About the general way we handle that: What do you think about creating a file on master.php.net that is responsible for handling such spam challenges. Things would work like that: add-note.php : asks spam-protection.php on master.php for a spam protection challenge. (using posttohost) spam-protection.php: generates a spam protection challenge(A), the answer(B), and a unique-id(C). (A) and (C) are returned to add-note.php while (B) and (C) are stored and timed on a database. user-note.php: makes the checks. Any comments ? -- Etienne Kneuss http://www.colder.ch/ [EMAIL PROTECTED]
Re: [PHP-DOC] fight spam in notes system
Hello everyone, Here is some of my personal thought. Why don't we just give them some choice to choose? e.g. Who is known for his great formula "E=mc square"? [O] Albert Einstein [O] Thomas Edison [O] Alfred Nobel ([O] means a radio button) Is the BOT able to choose which one is true? If it can't, we can use this solution. ~ bu 在 2006/6/13 下午 12:16 時,Hannes Magnusson 寫到: On 6/12/06, Pierre <[EMAIL PROTECTED]> wrote: On Mon, 12 Jun 2006 13:48:46 +0200 [EMAIL PROTECTED] (Etienne Kneuss) wrote: > Hi Nuno, > > 3. +1 > > I can think of two more solutions against it: > > 4. QI test, with a simple math calculus (maybe in a phrasal form "what > is the result of three plus for?") I prefer this one too (without typos ;-), text to speak or blind users will appreciate it too. -- Pierre I am all for basic questions like "what year is it?" "which function are you commenting on?" "If I had five apples and you eat 3 of them, how many do I have left?" etc. etc. captcha... ...no way. not a change. I'd rather keep the system closed. -Hannes
Re: [PHP-DOC] fight spam in notes system
On 6/12/06, Pierre <[EMAIL PROTECTED]> wrote: On Mon, 12 Jun 2006 13:48:46 +0200 [EMAIL PROTECTED] (Etienne Kneuss) wrote: > Hi Nuno, > > 3. +1 > > I can think of two more solutions against it: > > 4. QI test, with a simple math calculus (maybe in a phrasal form "what > is the result of three plus for?") I prefer this one too (without typos ;-), text to speak or blind users will appreciate it too. -- Pierre I am all for basic questions like "what year is it?" "which function are you commenting on?" "If I had five apples and you eat 3 of them, how many do I have left?" etc. etc. captcha... ...no way. not a change. I'd rather keep the system closed. -Hannes
Re: [PHP-DOC] fight spam in notes system
im all for a captcha on the master server right now. the basic math idea might work though...could probably make it more complexed as time goes, randomize it a little. have maybe a few calculations in 1 go. but then again with most scripting languages it probably still wouldnt be hard to crack if you parsed number words as numeric with str_replace or something :) captcha on the master server is probably about as good as it gets for now... Nathan.On 6/12/06, Nuno Lopes <[EMAIL PROTECTED]> wrote: >> 4. QI test, with a simple math calculus (maybe in a phrasal form "what>> is the result of three plus for?")>> I prefer this one too (without typos ;-), text to speak or blind > users will appreciate it too.I'm afraid a bit of this one, because it is damn too easy to crack.. Asimple grammar will generate the correct answer.I think we can try it, but I bet it is cracked in one week or even less :) I'm currently busy studying, but I can develop something until the end ofthe week (unless someone wants to send a patch :)Nuno
Re: [PHP-DOC] fight spam in notes system
4. QI test, with a simple math calculus (maybe in a phrasal form "what is the result of three plus for?") I prefer this one too (without typos ;-), text to speak or blind users will appreciate it too. I'm afraid a bit of this one, because it is damn too easy to crack.. A simple grammar will generate the correct answer. I think we can try it, but I bet it is cracked in one week or even less :) I'm currently busy studying, but I can develop something until the end of the week (unless someone wants to send a patch :) Nuno
Re: [PHP-DOC] fight spam in notes system
On Mon, 12 Jun 2006 13:48:46 +0200 [EMAIL PROTECTED] (Etienne Kneuss) wrote: > Hi Nuno, > > 3. +1 > > I can think of two more solutions against it: > > 4. QI test, with a simple math calculus (maybe in a phrasal form "what > is the result of three plus for?") I prefer this one too (without typos ;-), text to speak or blind users will appreciate it too. -- Pierre
Re: [PHP-DOC] fight spam in notes system
Hi Nuno, 3. +1 I can think of two more solutions against it: 4. QI test, with a simple math calculus (maybe in a phrasal form "what is the result of three plus for?") 5. An input that _can't_ be filled, if filled then the note is rejected: why ? Non-specific spam bots tend to fill everything, especially if the input is named importantly, "lastname" for example. We could also hide it using javascript to reduce cases when users accidentally fill it. That could work well against some bots. But of course a bot designed to spam php.net specifically will easily avoid both traps. -- Etienne Kneuss http://www.colder.ch/ [EMAIL PROTECTED]