[TYPO3-dev] captcha

Zorik zorik2005 at zorik.net
Thu Dec 14 10:57:16 CET 2006 

> May I ask you what we can do to prevent
> bots from adding unsolisitated text to any website?
> specially on response forms and contact forms.
> As you seem to know a lot about the subject I think it
> would be a good question for you.

There's a lot of techniques.
To prevent the example you gave you simply have to check for doubleposting.
This is implemented in the core, by the way (in a good, old FETCE).

The best technique I saw so far, which prevents me from using bots, is a
simple "terms and conditions" agree checkbox. There are websites where I
have to check the checkbox to enter. But the T&C states that no automated
software may be used. Entering the site with a bot would be a violation of
agreement and is illegal.

As for preventing spambots and botnets. Bots mimic human behavior. Humans
and bots use software to get things done. There may not be a bot prevention
solution based on software.

Spam problem, at my point of view, depends a lot on user disclosure
readiness. If spammer would know that I live in Israel, he would not offer
me to rent a studio in Moscow ( :) yes, this happens).
If forum owner would identify each user posting to the forum - no spambot
could ever post to the forum.
And there are ways to prevent email spam completely - based on sender
identity verification.

What I am trying to say is - if you can verify the identity of your
visitor - there's no need for you to control "how" he/she accesses your
website.

"So, what's the problem?" you may ask.

The problem is with website owners. If they put T&C checkbox as a first page
of their site - their traffic will decrease by 50%. They will never do
this.
Forum owners - registration process is lengthy. They will have far less
users if they would require registration.
Email - there are users, which will delete identity verification message,
thinking it is a spam. So you may not get all mail you wanted.

There are efforts to create a general identity verification system. Passport
from microsoft, community based identity sharing between website owners,
all kinds of desktop tools for automated forms filling.
But still, there's currently no generally accepted solution.



-- 
Zorik

More information about the TYPO3-dev mailing list