Firefox PHP

Spam Hurdles Module (CAPTCHA's and other anti-spam tools)

Posted by Maurice Makaay 
Re: Spam Hurdles Module (CAPTCHA's and other anti-spam tools)
February 02, 2007 03:50AM
One other option - use Phorum's feature of moving the "reply" input box to a separate screen. This will dramatically reduce the number of CAPTCHAs generated.
I've done this on my site, ever since the first version of this module took my server down repeatedly with tens of thousands of files.

If you can't bear to do that, hacking the module to remove the duplicate data in each record stored shouldn't be too hard.
For example, this is what is stored in the phorum_spamhurdles.data field:
a:6:{s:11:"create_time";i:1170371608;s:3:"key";s:32:"a49cbf62f689d48353dd314081353828";s:9:"form_type";s:7:"posting";s:16:"prev_key_expired";b:0;s:13:"captcha_class";s:15:"captcha_maptcha";s:7:"captcha";a:7:{s:8:"question";s:32:"Question: how much is 19 plus 6?";s:6:"answer";i:25;s:15:"input_fieldname";s:10:"k2i1tq8a75";s:11:"spoken_text";s:0:"";s:9:"html_form";s:549:"<div id="spamhurdles_captcha"><div id="spamhurdles_captcha_title">Spam prevention:</div><div id="spamhurdles_captcha_explain">Please, solve the mathematical question and enter the answer in the input field below. This is for blocking bots that try to post this form automatically.</div><div id="spamhurdles_captcha_image">Question: how much is 19 plus 6?</div><label for="spamhurdles_captcha_answer_input">Answer: </label><input type="text" name="k2i1tq8a75" id="spamhurdles_captcha_answer_input" value="{FIELDVALUE}" size="3" maxlength="2" /></div>";s:15:"html_after_form";s:0:"";s:5:"error";s:90:"You did not provide the correct answer for the spam prevention question. Please try again.";}}

I'm thinking that :
<div id="spamhurdles_captcha"><div id="spamhurdles_captcha_title">Spam prevention:</div><div id="spamhurdles_captcha_explain">Please, solve the mathematical question and enter the answer in the input field below. This is for blocking bots that try to post this form automatically.</div><div id="spamhurdles_captcha_image">
and
You did not provide the correct answer for the spam prevention question. Please try again.
...could be hardcoded into the module for a start, which would reduce the data by approx 30%.


freedman's idea of reusing CAPTCHAs sounds intriguing to me...

/\dam

--
My notable Phorum sites:
Movie Deaths Database - "review comments" system mostly powered by Phorum
Learn Chinese! - integrated forum quiz
Re: Spam Hurdles Module (CAPTCHA's and other anti-spam tools)
February 02, 2007 09:28AM
For generating captcha's, I am using a class based system. So for the example above, I load the base class and the maptcha class and create an object using that. After that, the object will generate the code to display on screen for that specific captcha. For performance, I only want to use the captcha modules for generating this data and after that letting Phorum cache it in the database.

If you guys are really this much into shrinking the size of the table for the spam hurdles mod, then I could create an option in the admin interface for configuring whether the object generated data should be cached or not. If not, then a couple of fields could be left out of the data. Personally, I feel more for the approach of reusing captcha's, since that would bring down the number of times that a captcha object has to generate its data.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Spam Hurdles Module (CAPTCHA's and other anti-spam tools)
February 02, 2007 01:54PM
Just to clarify, I was just trying to help milos, I don't have strong views on the redundant data in the table. However, I host with a provider that is very "tight" with diskspace too, so I do have some sympathy with his position!

Quote

Personally, I feel more for the approach of reusing captcha's, since that would bring down the number of times that a captcha object has to generate its data.
I agree wholeheartedly. That could shrink DB storage by a large amount, and still provide decent protection against spammers. Users could tweak the scale of the reuse according to their needs.

/\dam

--
My notable Phorum sites:
Movie Deaths Database - "review comments" system mostly powered by Phorum
Learn Chinese! - integrated forum quiz
Re: Spam Hurdles Module (CAPTCHA's and other anti-spam tools)
February 02, 2007 04:05PM
Oh, that's not the kind of reuse I was thinking of. Reuse can only be done in a sane way if the captcha wasn't used for posting some data to the server. As soon as a captcha is used (for either registration or posting), the captcha can no longer be valid and a new one must be generated.

Reuse of a captcha would be valid in the situation where a user is reading a lot of pages with the reply form on the same page, without doing an actual reply. There's no problem in presenting the same captcha over and over again then.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Spam Hurdles Module (CAPTCHA's and other anti-spam tools)
February 02, 2007 04:07PM
and what if he opens 3 read pages (in parallel, different tabs) - doesn't all the 3 pages contain the same captcha then but only of them can be used for replying?


Thomas Seifert
Phorum Development Team / Mysnip-Solutions.de
Custom Phorum and general software development
worry-free Phorum Hosting
Re: Spam Hurdles Module (CAPTCHA's and other anti-spam tools)
February 02, 2007 04:47PM
Yes, you are right, I don't know how many people would work like this, but for those this might be a bad idea.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Spam Hurdles Module (CAPTCHA's and other anti-spam tools)
February 02, 2007 04:52PM
Quote

As soon as a captcha is used (for either registration or posting), the captcha can no longer be valid and a new one must be generated.
Yes, but the problem of huge numbers of CAPTCHAs in caused by spiders (in my opinion).
If you could detect a spider and only generate one CAPTCHA for it that would be tremendously helpful. Do spiders accept cookies though?...

Quote

and what if he opens 3 read pages
They won't lose anything, they'll just have to re-renter a CAPTCHA for their 2nd and 3rd posts :-)

/\dam

--
My notable Phorum sites:
Movie Deaths Database - "review comments" system mostly powered by Phorum
Learn Chinese! - integrated forum quiz
Re: Spam Hurdles Module (CAPTCHA's and other anti-spam tools)
February 02, 2007 05:06PM
Quote

They won't lose anything, they'll just have to re-renter a CAPTCHA for their 2nd and 3rd posts :-)

yeah, it just turns the mod into a user-hurdle instead of a spam-hurdle without providing any additional value - good luck with getting the users back.


Thomas Seifert
Phorum Development Team / Mysnip-Solutions.de
Custom Phorum and general software development
worry-free Phorum Hosting
Re: Spam Hurdles Module (CAPTCHA's and other anti-spam tools)
February 02, 2007 05:27PM
If they are that keen on my site that they are drafting three messages at once, then they aren't going anywhere :-)

--
My notable Phorum sites:
Movie Deaths Database - "review comments" system mostly powered by Phorum
Learn Chinese! - integrated forum quiz
Re: Spam Hurdles Module (CAPTCHA's and other anti-spam tools)
February 03, 2007 08:45AM
Quote
mmakaay
For generating captcha's, I am using a class based system.
ahhh, see... here's the problem... I have it on good authority that I have no class :P


personally, I'm happy with the module as it is, but I havn't had the need to apply it to every post, it's just used for registrations in most cases...

but if implementing an option to reuse generated captcha's wouldn't be overly time consuming, I think it would be the most efficient and universal solution.
Sorry, only registered users may post in this forum.

Click here to login