Ask a question instead of CAPTCHA

rageh · August 22, 2011, 4:59pm

Why not use the so honey-trap method? It is very effective. And the user does not have answer anything. Nor type. Give it a try.

adh32 · August 22, 2011, 5:54pm

That is not a method with which I can agree after experiencing the handiwork of someone who clearly did not know how to do it properly and accommodate false positives.

the182guy · August 22, 2011, 6:06pm

If a captcha is too hard to read or too strict on case etc then the coder is the problem not the idea of captcha. Questions will be limited and could encourage spammers to target your form with ease.

rageh · August 22, 2011, 8:16pm

That person clearly impelemented it incorrectly.

I implemented the honey trap method a while ago. Not a single spam email came to my inbox. So it is a question of doing it right. Any method done in the wrong way will not work, as you might have gathered.

Cups · August 22, 2011, 8:37pm

Math questions are easy to pose, and more users whose mother tongue is not yours probably more likely to understand the question.

Make sure the answers are between 1 and 999 and make the maxlength of the text area 3.

Ask questions using a mixture of words and numbers, the answers should always be numbers.

“What number is Thirty and 3?”
“What number is a dozen?”
Maintiain a single array of questions and answers which are available to the client-side generating code and the backend checking code:
turing_questions.php


<?php
$turing[0]['question'] = "Thirty and 3";
$turing[0]['answer'] = 33;
$turing[1]['question'] = "a dozen";
$turing[1]['answer'] = 12;

Include the file in both the view and whatever you use to as a postback, set and retain control of which question is being posed in a session.
eg


$_SESSION['turing'] = 1

Filtering and sanitizing the answer is dead simple.


<?php
// your postback form handler
include 'turing_questions.php';

if( !isset($_POST['answer'])
  || (int)$_POST['answer'] === 0
  || $_POST['answer'] > 999 )
// you are bad, sending you away unceremoniously

// $_SESSION['turing'] = 1

if( $_POST['answer'] !== $turing[$_SESSION['turing']]['answer']) 

//failed to answer correctly, maybe you are not human,
// or able to answer 
// mathematical questions or you do not speak my language?
//

abdussamad · August 23, 2011, 8:16pm

Actually you’re probably better off using nested associative arrays if you want to store q’s and answers:


$muckabout=array();

$muckabout[]=array("question"=>"How many Chinese in China?", "answer"=>"too many");

$muckabout[]=array("question"=>"How many engineers does it take to screw in a light bulb?", "answer"=>"way too many");

And no the above the are not good questions for captcha

C_Ankerstjerne · August 23, 2011, 8:33pm

Cups
I wouldn’t consider those two questions very good. A lot of people wouldn’t know how much a dozen is, and 30 and three would be said to be integers or natural numbers. I’m being nit-picky here, but it’s important to bear this in mind. Likewise, a simple question such as ‘which month is the longest’ is equally ambiguous. October has the most hours (due to daylight savings time), but September has the most letters, and any child will tell you that December is the longest month in the year by far.

tgavin · August 24, 2011, 12:23am

I like the reverse captcha method, where you add an additional text field and set it to display:none.

Basically, a bot will try to answer all form fields, so if this field is filled don’t process the form. Not one spam email has gotten through with this on any of my forms.

<?php
if($_POST['field'] == '') {
    // process the form
}
?>
<input type="text" name="field" style="display:none">

Rikki · August 24, 2011, 11:59am

Been using the questions and answers things on my forum for years (Textual Confirmation).

Things like:

Type the year
What do you freeze to make ice
If you had 4 apples and ate 2 of them, how many would you have left
Which is not a computer/IT company out of Google, Apple, Microsoft and Ford
What colour do you get when you mix blue and yellow

…

bimalpoudel · August 24, 2011, 12:22pm

#tgavin I love to write the name as email, with not inline style. So, many spammers would fill up this form, if they try to automate.

<input type="text" name="email" class="hide">

Sometimes, though not seen in practice:
Give the answers within the form.
Like, what is 2+3 = ? And, make the user click on 5 (correct answer) out of 2, 5, 7, 1 (in the options)

Do not accept the form, if the header is not valid (the form should be posted online, in your website only).

Do not accept the form if submitting a too old form (loaded once and saved the html for offline use, etc, or too delayed to submit the form)

And this is what I practice myself:
Using the unobtrusive javascript, I answer the captcha within the forms myself, in a hidden way. No one sees my forms include an embeded/valid captchas. Though this is not always a solution, it keeps far away from the automated spammers.

tgavin · August 24, 2011, 12:39pm

bimalpoudel:

#tgavin I love to write the name as email, with not inline style. So, many spammers would fill up this form, if they try to automate.
<input type="text" name="email" class="hide">

Yeah, I generally use ‘company’ as the field name.

What I like about this method is that you’re not forcing your user to do more work than is necessary. Making the user jump through hoops to give you their information doesn’t make sense to me. I’d rather do all of the hard work (no matter what that may be) than make my user (read: potential customer) do it.

ralphm · August 24, 2011, 12:45pm

[ot]

Easy peasy:

Type the year: year
What do you freeze to make ice: beer
If you had 4 apples and ate 2 of them, how many would you have left: half as many
Which is not a computer/IT company out of Google, Apple, Microsoft and Ford: Microsoft
What colour do you get when you mix blue and yellow: blellow[/ot]

frworkbd · August 24, 2011, 2:09pm

The code which is shown is absolutely okay. It can help me and others.

adh32 · August 24, 2011, 3:40pm

tgavin:

I like the reverse captcha method, where you add an additional text field and set it to display:none.

Basically, a bot will try to answer all form fields, so if this field is filled don’t process the form. Not one spam email has gotten through with this on any of my forms.
<?php
if($_POST['field'] == '') {
    // process the form
}
?>
<input type="text" name="field" style="display:none">

You know that a number of ATs ignore display:none if it’s applied to form elements, right? So you still need an instructive label for them and no-CSS viewers.

tgavin · August 24, 2011, 6:26pm

No, I didn’t.

I normally apply CSS to the containing div. Sometimes I try to over-simplify things on the forums so the example doesn’t get lost, and then give bad advice. I should change that behavior.

Thanks for the heads up.

Rikki · August 25, 2011, 12:05pm

Yup, it weeds out the dickweeds nicely too

jaysonharmons · August 27, 2011, 1:45am

Better yet, does anyone know of a WP plugin for this? I’d also rather have people answer a question. I have also seen graphic ones lately where you have to slide a carrot to a rabbit for example when it asks which food does this animal eat? Thought that was cool!

adh32 · August 27, 2011, 2:17pm

…Thought that was cool!

It might be if you can (a) see it and (b) use a pointing device.

Andres_Vaquero · August 31, 2011, 3:48am

Hats off to the reverse captcha method. Under the hood, less work and less fuss for all. Many times the simplest solution is the most efficient. Gonna try it myself and see how it works out.

Thank you for mentioning it here

system · August 31, 2011, 8:34am

CAPACHA is so difficult to verify but most secure way…
i have most of problem with CAPACHA verification code…thats effect my submission speed in SEO…