InfoQ: Spam Prevention without CAPTCHA Images

InfoQ: Spam Prevention without CAPTCHA Images:

The ASP.NET AJAX Control Toolkit (formally known as AJAX) offers a control that reduces spam on web logs and forums without requiring users to enter a CAPTCHA.

The NoBot control uses three techniques to detect bots.

* First, it offers a framework for a challenge/response in the form of a client-side JavaScript calculation. This will filter out bots that don’t support JavaScript.

* Second is a minimum delay. The idea behind this is if you know that users cannot possible fill out a form in less than 2 seconds, you can assume they are bots.

* Finally it can limit the number of submissions from a given IP address in a time period. For example, a human isn’t likely to make 5 posts in a single minute.

Interesting setup, but….

It works only because it encourages spammers to go to the less-protected sites. Of the three techniques, the 2nd and third are both trivial for a bot to circumvent — should the spammer care to. They’re little more than security by obscurity, and I don’t think worthy of even bothering with. Faking IP addresses and adding sleeps are trivial for a spammer to do.

As to the first — given spammer’s willingness to improve their technology as the anti-spammer technology does, it’s probably only a matter of time.

I was hopeful, but to me, this mostly seems capable of instilling a false sense of security, I don’t think it really can replace the CAPTCHA (and I hate them…. I’d love to find an alternative).

You might also want to read:

  1. some early images out of the new gear. during my trip to LA for christmas with mom, we took a couple of hours out to go to a local lake and get some...
  2. 2010 Collection of Best Images Listing (via JMG Galleries) Every year, Jim Goldstein at JMG Galleries collects a list of photographer’s best photos. He’s now published the list, and it’s got a whopping 160...
  3. NHL claims all-star votes are valid, explains fraud prevention NHL claims all-star votes are valid, explains fraud prevention – Puck Daddy… – NHL – Yahoo! Sports: Last week, a scheme by Montreal Canadiens fans...
  4. CAPTCHA Cracked… Interesting piece by Ars Technica on CAPTCHA which more or less puts the wooden stake into the heart of the technology. http://arstechnica.com/news.ars/post/20081002-right-back-at-ya-captcha-bad-guys-crack-gmail-hotmail.html In some cases,...
  5. Why validating e-mail addresses won’t solve the spam problem Assume for a minute that you build a system that allows you verify that a piece of e-mail’s “from” address actually comes from the system...

  • Mike

    God, do I hate CAPTCHA. Sometimes, when trying to buy tickets to a popular event on TicketBastard, an image comes up that I can’t make out, forcing me to waste time waiting for a new one to come up.
    What does someone with sight impairment do?