InfoQ: Spam Prevention without CAPTCHA Images
InfoQ: Spam Prevention without CAPTCHA Images:
The ASP.NET AJAX Control Toolkit (formally known as AJAX) offers a control that reduces spam on web logs and forums without requiring users to enter a CAPTCHA.
The NoBot control uses three techniques to detect bots.
* First, it offers a framework for a challenge/response in the form of a client-side JavaScript calculation. This will filter out bots that don't support JavaScript.
* Second is a minimum delay. The idea behind this is if you know that users cannot possible fill out a form in less than 2 seconds, you can assume they are bots.
* Finally it can limit the number of submissions from a given IP address in a time period. For example, a human isn't likely to make 5 posts in a single minute.
Interesting setup, but....
It works only because it encourages spammers to go to the less-protected sites. Of the three techniques, the 2nd and third are both trivial for a bot to circumvent -- should the spammer care to. They're little more than security by obscurity, and I don't think worthy of even bothering with. Faking IP addresses and adding sleeps are trivial for a spammer to do.
As to the first -- given spammer's willingness to improve their technology as the anti-spammer technology does, it's probably only a matter of time.
I was hopeful, but to me, this mostly seems capable of instilling a false sense of security, I don't think it really can replace the CAPTCHA (and I hate them.... I'd love to find an alternative).
God, do I hate CAPTCHA. Sometimes, when trying to buy tickets to a popular event on TicketBastard, an image comes up that I can't make out, forcing me to waste time waiting for a new one to come up.
What does someone with sight impairment do?
Posted by: Mike | October 28, 2006 at 09:35 AM