[TYPO3-dev] captcha

Steffen Kamper steffen at dislabs.de
Thu Dec 14 09:29:34 CET 2006 

"R. van Twisk" <typo3 at rvt.dds.nl> schrieb im Newsbeitrag 
news:mailman.15230.1166064351.21325.typo3-dev at lists.netfielders.de...
> Zorik wrote:
>> 1. I do not use captcha. I do not like websites using this type of
>> protection and perceive it user annoying. developers trying to fight the
>> bots make text unreadable for humans.
>> 2. As a bot developer I can state that many such images can successfully 
>> be
>> read by a bot. This protection definately requires counting form
>> submissions and access denial for more than 5-10 submissions.
>>
>> As for using this as "anti-spam". I believe, that it is better to receive 
>> 9
>> spam messages and 1 contact, then receiving no messages because visitor 
>> got
>> annoyed while filling the contact form.
>>
>> As for login forms etc. - I personally use bots for doing job instead of 
>> me.
>> And it is very handy. And it does not violate any law written or spoken.
>> And bot's behavior does not differ from mine. So I see absolutely no
>> problem with this. In contrast - I promote this technology. According to 
>> my
>> experience - it can leverage work effort by 10 times.
>>
>> As a developer of automation framework I am very confused by people
>> perceiving automation and artificial intelligence technology as spam
>> networks and fraud clicks generators.
>> (And I am very angry on spammers and scammers for creating this image)
>>
>>
>> As a bottom line - I do not think captcha technology should be used 
>> widely.
>> This is why I do not think it should be implemented in core.
>>
>> As for forms processing in the core in general - I believe the whole 
>> process
>> must be removed from core and put in separate extension (T3 service). 
>> This
>> would provide much more flexibility, allow more active development and
>> enable wider usage of T3 forms (instead of php in extensions), therefore
>> more standartized processing of forms generation and data processing,
>> unified control.
>>
>>
> Zorik,
>
> I think Steffen Kemper is talking about mis-use of forms by bots.
> I by myself get very frustrated if I read a nice thread on a subject
> and all of a sudden I see:
>
> READ THIS READ THIS READ THIS
> READ THIS READ THIS READ THIS
> READ THIS READ THIS READ THIS
> READ THIS READ THIS READ THIS
> READ THIS READ THIS READ THIS
> READ THIS READ THIS READ THIS
> READ THIS READ THIS READ THIS
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> IT REALLY WORKS!!
> (The texts are links of course)
>
> I need to scroll all they way down to read more.
>
> I partly agree with you last paragraph however,
> forms processing can be seen as part of a CMS core.
> Captcha can be seen as a service provided by the core.
> On ECT there has been talk about forms systems in
> general but no results as far as I know.
>
>
> May I ask you what we can do to prevent
> bots from adding unsolisitated text to any website?
> specially on response forms and contact forms.
> As you seem to know a lot about the subject I think it
> would be a good question for you.
>
> I am really interested in this...
>
>
>
> I personally don't use bots to do any automated tasks (but
> really occasionally, but that has nothing to do with
> forms). You mentioned it leverages your work 10 times,
> But for the general webmaster it increased the work load
> 10 times, just don't forget that...
>
> -- 
> Ries van Twisk
> Freelance Typo3 Developer
> === Private:
> email: ries at vantwisk.nl
> web:   http://www.rvantwisk.nl/freelance-typo3.html
> skype: callto://r.vantwisk
>
>

I agree that bots are able to read captchas. But in most cases these bots 
lookink in Forums like phpBB.
In most cases a very simple Javascript helps me to prevent bot entries:

<form action=http://www.google.com ...>
...
<input type="submit" onclick="this.form.action='index.php" />

In my cases no more bot emtries are in guestbooks, contact forms etc.
But also the captcha helps to prevent the bots.
I don't think users are annoyed from using captcha because all users know 
the spams from ther email client.

Making captcha and other spam methods with a service might be a good 
solution, but for beginning the existing captcha does the work. You can see 
this captcha from bernhard also on typo3.org in the extension contact form.

vg  Steffen

More information about the TYPO3-dev mailing list