Author Topic: Captcha Alternative for preventing spam bots from signing up.  (Read 3745 times)

maverick

  • Administrator
  • Veteran Member
  • *****
  • Posts: 3139
  • Karma: +211/-7
    • Maverick Webworks
You have Captcha on the registration page, yet you're still getting bombarded with spammers signing up!

The Problem:
Unfortunately most captchas are no-longer very effective in preventing spam bots from registering or posting on sites, which is exactly what captchas were intended for. Bots these days are getting smarter when it comes to captcha images, they're increasingly being able to recognize letters and numbers on images using OCR (Optical Character Recognition) programs.

You can alternately try using a Bot Trap.

What is a Bot Trap?
A bot trap is a hidden field added to the registration which is only seen by bots. The concept is to try and trap the bot by filling out this hidden field. Most bots simply inspect the page and will typically try to fill in ALL available fields, if they fill in the hidden field they are caught in the trap and the registration fails.

Info and instructions for adding a "Bot Trap" has been added to the Online Documentation:
http://www.datemill.com/etano/wiki/doku.php?id=captcha_alternative

Fusion Responsive Template & Free Mods
http://www.maverickwebworks.com
DO NOT PM me asking for personal help. Post your problem or request in the forums so the entire community can contribute and benefit.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: Captcha Alternative for preventing spam bots from signing up.
« Reply #1 on: April 18, 2014, 08:52:32 PM »
I decided to try this out. I did everything according to the instructions and something seems wrong.

In Step 2. The code now looks like this
Code: [Select]
<!--/opt name="output.page1"-->
<input type="hidden" name="redirect_thanks_url" value="{tplvars.baseurl}/login.php” />
<fieldset class="controls">
<p class="mandatory"><span>* Blue fields</span> are mandatory.</p>
<input type="submit" class="button medium" value="Save" tabindex="52" />
</fieldset>
</form>

But when I open the registration page, the words *Blue fields are mandatory, show up as small black text shifted all the way to the left, just above the Save button.
And when I try to show the hidden field, as shown in Step 4, the field doesn't appear.

Do you have any idea on what is happening?
If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.

maverick

  • Administrator
  • Veteran Member
  • *****
  • Posts: 3139
  • Karma: +211/-7
    • Maverick Webworks
Re: Captcha Alternative for preventing spam bots from signing up.
« Reply #2 on: April 18, 2014, 10:11:46 PM »
Code: [Select]
<input type="hidden" name="redirect_thanks_url" value="{tplvars.baseurl}/login.php” />Make sure you ONLY pasted in the line of code shown above, which goes right above the following line in your join.html file:
Code: [Select]
<fieldset class="controls">
This is a hidden field that won't show and is utilized as a redirect function in the event that the bot trap field gets filled out, this field and has nothing to do with the actual bot trap field showing up on the registration page.

To make sure that the bot trap field shows up, when you created the profile field for the bot trap in Step 1, make sure that you ONLY added a name for the "LABEL", and checked the "At registration" box, and that "On Page" is set to 1. Then make sure that you regenerate your profile fields when you're done.  Just creating this profile field properly is all that's needed for the bot trap field to show up on the registration page, it's the same as creating any other profile field you want included at registration.

Right after you create the new field you can go to your join (signup) page and check to see if it's showing before proceeding on to the other steps.

I've tweaked the instructions a bit to try and make things a little easier to understand and follow, including some info in a couple places regarding testing your work before proceeding to the next step.

 

Fusion Responsive Template & Free Mods
http://www.maverickwebworks.com
DO NOT PM me asking for personal help. Post your problem or request in the forums so the entire community can contribute and benefit.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: Captcha Alternative for preventing spam bots from signing up.
« Reply #3 on: April 20, 2014, 03:23:03 PM »
I fixed the problem. It was just a simple syntax error. One of the quote marks didn't reproduce properly in Notepad++, so I had to manually type it.

I'm so glad that I can sweep the Dice Captcha under the rug. Most people who joined complained that they had difficulties with the Dice.
If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.

maverick

  • Administrator
  • Veteran Member
  • *****
  • Posts: 3139
  • Karma: +211/-7
    • Maverick Webworks
Re: Captcha Alternative for preventing spam bots from signing up.
« Reply #4 on: April 20, 2014, 05:04:22 PM »
I think part of the problem was with the DocuWiki program used for creating the documentation & instructions. Looking closer I noticed the double quote marks in the line of code had been converted to curly quote marks, no matter what I did it kept converting them from straight to curly marks. I landed up having to change a setting in the config file so it wouldn't do typo replacements on double quotation marks.

Anyway, glad you figured out the problem and hope it works out for you. From my research it was one of the most recommended alternatives which a lot of people claimed to have had favorable results and success with.

Fusion Responsive Template & Free Mods
http://www.maverickwebworks.com
DO NOT PM me asking for personal help. Post your problem or request in the forums so the entire community can contribute and benefit.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: Captcha Alternative for preventing spam bots from signing up.
« Reply #5 on: April 21, 2014, 08:05:19 AM »
Also, if someone decides to send the bot to another website instead of their login screen, they could add a rel="nofollow" to the input line.

For example:
Code: [Select]
<input type="hidden" name="redirect_thanks_url" rel="nofollow" value="http://www.fbi.gov/" />
If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: Captcha Alternative for preventing spam bots from signing up.
« Reply #6 on: June 15, 2015, 11:42:32 AM »
How can I set up a bot trap for the contact.php page?
If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.

maverick

  • Administrator
  • Veteran Member
  • *****
  • Posts: 3139
  • Karma: +211/-7
    • Maverick Webworks
Re: Captcha Alternative for preventing spam bots from signing up.
« Reply #7 on: June 15, 2015, 01:11:08 PM »
A bot trap probably isn't really a viable solution for the contact form.

Personally I've never received a single legit contact submission from a non-member, just junk. So what I did was made access to the contact form just for members only.

Which can be done in the Admin >> Access Levels section and un-check non-members for the "contact" level.

 

Fusion Responsive Template & Free Mods
http://www.maverickwebworks.com
DO NOT PM me asking for personal help. Post your problem or request in the forums so the entire community can contribute and benefit.

Marble

  • Global Moderator
  • Veteran Member
  • *****
  • Posts: 1006
  • Karma: +56/-7
Re: Captcha Alternative for preventing spam bots from signing up.
« Reply #8 on: June 15, 2015, 03:17:17 PM »
Thanks for the suggestion. That certainly is a better solution since I too was getting illegitimate messages from non-members. And most members who used the form were logged in anyway.
If you see that I'm logged in forever... it just means I turned the page on my browser and forgot to logout.