I have a simple reg form (Name, Email, Password) on my website and im looking to implement some sort of anti-bot/spam protection, Captcha seems like a very long winded way, plus they really annoy me when I see them on sites. Has anybody an alternative method to protecting against spam which is lightweight and simply integrated?
Source: Tips4all
One alternative is to use a hidden form field as a honeypot for bots. This field can be filled using an appropriate value from Javascript, or it can just be left blank. Either way, if the value isn't what you expect, then you can treat the submission as spam. This won't stop bots that are specifically targeting your site, but it will stop most of the common spam bots that just see a form and fill it out.
ReplyDeleteThe most simple solution is to ask user solving a mathematical equation like 3 + 2. Nobody, I think, will make a spam bot for a beginning site. Or, If you want, use ReCaptcha .
ReplyDeleteNEW EDIT:
ReplyDeleteI just implemented something like it: http://jsfiddle.net/ravan/FK4st/2/
EDIT:
A better alternative is to display like 3 squares, one color each, and ask the user to click on a specific color. You can also use multiple divs overlayed with low opacity in order to get color meshs. No difference for user, but a headache for spammers.
Old Answer:
You can ask something to user, like:
What day is today?
What day of the week comes after tomorow?
How much is 2+2?
Notice that it is not as secure as captcha, but should filter some spammers.
I once used "Which is hotter, fire or ice?" followed by a textbox and that stopped every spambot in its tracks. Example here
ReplyDeleteCaptcha
ReplyDeleteThey are annoying as hell, but most effective against detecting automated bots. If big sites like Google,Yahoo!,etc did not need captchas to detect bots then they would not use them because like you said they aren't very user-friendly.
OpenID
I keep repeating this but we don't need yet another username/password and I think you should be implementing openID instead to authenticate your users. I have made a library available at https://github.com/alfredwesterveld/php-openid which resembles a lot like the login which can be found at stackoverflow.com. If you want to first view a demo you could try openID on a little demo I made available at http://westerveld.name/php-openid/. When using OpenID the users probably has to perform captcha verification once to create an account.
Protecting against Bots
Spam
If for example you would like to detect if the comment is SPAM you could use something like akismet.
Akismet filters out your comment and
track-back spam for you, so you can
focus on more important things.
For personal blogs you can use this for free(or donate if you like product). For a small commercial blog you have to pay $5/month to detect spammy comments.
Other
Some other forms of verifying human would be:
Sent email verification with unique link or something.
Only allow users which you know are human. The rest should first proof they are users to you.
All these forms of verification could be broken and even CAPTCHA(especially simple ones) can be broken by really smart bots, but right now is the best solution against verifying.
See if you can use slider captcha:
ReplyDeleteDemo: http://www.myjqueryplugins.com/QapTcha/demo
There are many alternatives listed here: http://plugins.jquery.com/plugin-tags/captcha