Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • You may not have seen it anywhere else, yet there's been a blog post [damienkatz.net] that got linked to from Reddit, two weeks ago. That post itself in turn points to yet another article.

    Anyway, that's not what I wanted to comment on. What I did want to say, is that another link found on Reddit, a "movie", clearly showed that with tools currently in use by comment spammers, captchas are easily bypassed, completely automatically. A test shows [untwistedvortex.com] a submit of the same post on 400 different forums in about 10 minutes time.

  • Unfortunately, just like many CAPCHTAs, wouldn't this keep those with visual disabilities from commenting? How are users not using CSS's screen profile (or not using CSS at all) going to know that this particular form field should not be filled in?

    Still, an interesting idea. I think ultimately the solution may be for everyone to roll their own solution with modified software, such that there is no one technique that spammers can break.
    • Instead of making the form field invisible, create a div that's invisible via CSS, with text and the form field. The text then noting that the field is for spam prevention and is not to be filled in. That way anyone using a screen reader or not CSS enabled, can understand why the field is there.

  • DVD John's blog [nanocrew.net] uses WP-Hashcash [elliottback.com] which is another interesting idea adapted from email spam ideas. I don't know how it degrades for those who don't have Javascript, though.

    Basically, submitting a comment requires your browser to devote a certain number of processor cycles to calculating something that is quickly verifiable by the server [hashcash.org].