I don't know how well I understand this new spam technique, (http://news.bbc.co.uk/2/hi/technology/7067962.stm) but it's interesting.

George

Captchas have been around for quite a while and are getting more sophisticated - and more difficult to read! What they do is defeat spambots signing up for forums such as this, but the images have to get more and more "dirty" to beat the character recognition systems used by the spammers.

I use them on WordPress sites, on forums and on some Joomla! sites where automated spam may be a nuisance.

You are right about the "dirt": I submitted a client site to Google yesterday, and it was quite hard to read the letters. Looked like a piece of paper that had been in the footwell of the land rover for a few weeks!

I wonder if the next thing will be typing in a description of an object?

You are right about the "dirt": I submitted a client site to Google yesterday, and it was quite hard to read the letters. Looked like a piece of paper that had been in the footwell of the land rover for a few weeks!

I wonder if the next thing will be typing in a description of an object?The "next" thing is not to bother legit users at all, but trap the bots. You'll find it variously referred to as "hidden captcha", "reverse captcha" or similar terms. And it's quite simple: It's just an extra field in your form that is hidden with CSS (display: none;) and that a normal user should never fill in (or change the default content of); the label should be something like "subject"; add a bit of text to warn human users using a text browser not to touch the field. Then on the server side check if the field has a (new) value - if so: bad bot, bye bye! if not, validate the normal contents...

And there are plenty more techniques you can use without bothering human users at all.

Captchas are inaccessible (I flatly refuse to use them on any site, and Wikka Wiki will never include one even if there's a plugin available); they annoy legit users, and can send them away. Captchas are old-fashioned by now!

You are right about the "dirt": I submitted a client site to Google yesterday, and it was quite hard to read the letters. Looked like a piece of paper that had been in the footwell of the land rover for a few weeks!

I wonder if the next thing will be typing in a description of an object?Answering questions are now quite common. Effectiveness depends to some extend to the admin’s ability to come up with questions that work, however!

Answering questions are now quite common. Effectiveness depends to some extend to the admin’s ability to come up with questions that work, however!To a fairly small extent though - one famous example is of a system that simply always asks for the answer to the same simple math problem (what is the result of evaluating 2 * 4), which on its own produced an enormous decrease in the amount of spam.

Still, systems that don't bother humans with extra things to do can be equally effective - even more when you combine two or three, or randomly pick one of the options - so why annoy them?

(Without always inspecting the source code of forms you fill in online, you don't have an idea how often those are used - as opposed to the annoying extra fields to fill in...)

To a fairly small extent though - one famous example is of a system that simply always asks for the answer to the same simple math problem (what is the result of evaluating 2 * 4), which on its own produced an enormous decrease in the amount of spam.Possibly so. But sometimes what seems obvious to us is less so to potential members!

Still, systems that don't bother humans with extra things to do can be equally effective - even more when you combine two or three, or randomly pick one of the options - so why annoy them?

(Without always inspecting the source code of forms you fill in online, you don't have an idea how often those are used - as opposed to the annoying extra fields to fill in...)Not sure what you mean, but I do believe that people can endlessly surprise us.

The "next" thing is not to bother legit users at all, but trap the bots. You'll find it variously referred to as "hidden captcha", "reverse captcha" or similar terms. And it's quite simple: It's just an extra field in your form that is hidden with CSS (display: none;) and that a normal user should never fill in (or change the default content of); the label should be something like "subject"; add a bit of text to warn human users using a text browser not to touch the field. Then on the server side check if the field has a (new) value - if so: bad bot, bye bye! if not, validate the normal contents...Ooh — I like that one. Have to figure out a way to use it.

Reverse/Hidden captchas ... wonderfully devious. Thanks for describing it.

Still, systems that don't bother humans with extra things to do can be equally effective - even more when you combine two or three, or randomly pick one of the options - so why annoy them?We have discussed this in the past. I think you mentioned the plug-in used by WordPress (Akismet).

My main resistance to that sort of spam deterrent is that it is triggered by a post. True, it will be marked for moderation and thus be invisible to non-staff members. (We actually have a plug-in that behaves somewhat this way.) But during serious sieges, the staff can be hit with lots of posts or threads that have to be waded through.

The simple question method gives the staff a rest from spam posts. The hazard is that even an obvious answer may not be all that obvious to everyone, and someone we would love to have here may be turned away in frustration.

What we really need is a mind searcher that can evaluate intent. Wouldn’t that be lovely?

Reverse/Hidden captchas ... wonderfully devious. Thanks for describing it.I found Drupal has a (contributed) module for this called Gotcha. :D

<G>