Recently I was contacted by an individual who I have done some Drupal work for in the past. He has an older site that is primarily static HTML with a perl script handling contact form submissions. As most of us experience once a website has become established, he was getting inundated with spam through his contact form.
He was willing - though not overly eager - to implement a CAPTCHA solution but was worried about introducing an extra hurdle for those making casual inquiries. As the various spambots were filling in all the form fields with mostly random garbage and their website links, we decided to just do a validation on the phone number textarea and reject the submission if the phone number validation failed.
However, he also wished for the phone number field to remain optional as often his potential customers leave the phone number field blank in their preference to be contacted by email. We thought it would probably be safe to do two things: 1) pass validation of the form if the phone number textfield was not empty and was a valid phone number, and 2) pass validation of the form if the phone number textfield was blank.
The last I spoke to him, the spam had stopped and valid submissions were getting through.
I figured this approach has probably been used elsewhere, and sure enough, it is commonly referred to as 'reverse CAPTCHA' or 'negative CAPTCHA'. There are implementations for other platforms (here's one for Ruby on Rails) but I didn't see one for Drupal, so thought I would code one up and see how effective it is. Basically it adds a hidden form element which your users won't see, but automated spambots will. If anything is placed in the textfield, validation fails. So instead of making the user prove that they are human, we allow the spambot to betray itself as a bot.
This blog has been around for over 2 years and gets a large volume of daily spam comment submissions so I have implemented it here and will see how it performs against other methods.
Building it out as a plugin for the existing CAPTCHA module took very few lines of code, as the CAPTCHA module handles the bulk of what needs to be done. All you need to do is switch your settings from either the 'image', 'text', or 'math' setting to the 'reverse' setting.
<?php
/**
* Implementation of a hidden 'reverse CAPTCHA', for use with the CAPTCHA module
*/
/**
* Implementation of hook_help().
*/
function reverse_captcha_help($section) {
switch ($section) {
case 'admin/user/captcha/reverse_captcha':
return '<p>'. t('Provides a non-visible field to fool spambots into revealing themselves as non-human.') .'</p>';
}
return $output;
}
/**
* Implementation of hook_captcha
*/
function reverse_captcha_captcha($op, $captcha_type='') {
switch ($op) {
case 'list':
return array('Reverse');
case 'generate':
if ($captcha_type == 'Reverse') {
drupal_add_css(drupal_get_path('module', 'reverse_captcha') . '/reverse_captcha.css');
$result = array();
$result['solution'] = '';
$result['form']['captcha_response'] = array(
'#type' => 'textfield',
'#title' => t('Leave this field blank'),
'#weight' => 0,
'#required' => FALSE,
);
return $result;
}
}
}
?>That's it! And the included css file just declares
fieldset.captcha {
display: none;
} I decided to go with "display: none" instead of absolute positioning it off the page (ie. "-2000px") because my understanding is that screen readers will often read elements that are positioned outside of the viewable area, but will skip elements set to display: none.
Here's a link to a tarball with the module and info file. If it is effective, I'll submit to the CAPTCHA project proper.
These days with the popularity of Mollom, I imagine that CAPTCHA is being used on fewer sites, but hey, someone might get some use out of this approach.
Testing submission as a (human) Anon.
testing
Well so far, this is working amazingly well.
The spam submissions have dropped to such an extent that I actually made sure I'd turned on the 'rejected comment' logging feature of CAPTCHA so that I could double check what was happening. End result: the spambots are getting screwed - as they should - but legitimate results are making it through. Lovely!
A couple observations and thoughts:
- The spambots are filling in the (hidden) CAPTCHA field with a single space in most cases. This is probably in order to have some sort of information in potentially required form fields.
- I intentionally made the field not-required, but as the writers of the bots get smarter, they could easily just leave non-required fields blank (if they develop their scripts to be sophisticated enough to recognize a required field from a non-required one). I have some additional thoughts on this matter, such as making the field required, but then in the validation handler actually passing it if it is blank. That would be pretty darn tricky to outsmart. Escalating technological arms war, anyone?
- I think that I will patch my local copy of the CAPTCHA module to gather some additional information about failed submissions. I'd like to see what the actual posts contain, to be super sure that there are no false positives.
- The hidden field shows up in both the lynx, links and presumably other text-based browsers, which is great for testing. Give it a try. This isn't a problem, as far as I can tell, because the textfield has the quite clear instruction to leave it blank.
- The word 'blank' in the textfield would make the job of identifying a reverse CAPTCHA field easier for spambot writers. So cleverer wording might be called for in the future. Arms race again.
Captcha system challenge me in processing comments.It is great challenger,and can add skills to commentators.Excellent!
It sure does.
i like reverse captcha, it really is easier than the other way around. thanks for the post.
At the moment, I have fiesta online money .
This is quite a up-to-date information. I'll share it on Facebook.
Captcha system challenge me in processing comments.It is great challenger,and can add skills to commentators.Excellent !
excellent article, thank you
UGG Boots, UGGs 55 -75% Off All UGG Boots 100% Australian Sheepskin. UGGs australia, Free Shipping! Money Back Guarantee! Buy your UGG Boots now! and Sell Cheap Jordan Shoes!
kzzrDl ydaecmvyqwnv, [url=http://fvkoklfvetds.com/]fvkoklfvetds[/url], [link=http://ibxgwmsawuyr.com/]ibxgwmsawuyr[/link], http://tmxaswfbfcpv.com/
jordan shoes | ugg boots | wholesale nike shoes | cheap air jordans | basketball shoes | nike air jordan shoes | nike shoes | nike air jordan 1 | nike air jordan 2 | nike air jordan 3 | nike air jordan 4 | nike air jordan 5 | nike air jordan 6 | nike air jordan 7 | nike air jordan 8 | nike air jordan 9 | nike air jordan 10 | nike air jordan 11 | nike air jordan 11.5 | nike air jordan 12 | nike air jordan 13 | nike air jordan 14 | nike air jordan 15.5 | nike air jordan 16 | nike air jordan 23 | nike air jordan 2009 | nike air jordan true flight | uggs | cheap ugg boots | sheepskin ugg boots | cheap uggs | discount ugg boots | ugg classic tall boots | ugg classic short boots | ugg classic mini boots | ugg ultra tall boots | ugg ultra short boots | ugg classic cardy boots | ugg classic tall metallic | ugg sundance ii boots | ugg nightfall boots | ugg amelie suede sandals | ugg tasmina braid sandals | ugg tasmina sandals |
Still looking for Levitra?
Levitra Online
The best way is to visit our online store!
Cheapest website to buy Levitra online.
Prada shoes have great color! These shoes are perfect for walking around. Quite comfortable, good grip on wet surfaces.
If you have an interest in this shoes, you can visit http://www.tgool.com/
If you have an interest in it, you can contact us by email or MSN.
Email:tgool@shopkiss.com
MSN:joeyselina@hotmail.com
Very nice, thank you!
Thanks for posting such kind of usefull information.Keep Posted in future as well.Thank you! Please come visit my site youth organizations when you got time.
I just love it ..... well i don't have any doubt about your articles... your articles are awesome... Honestly you are simply the best.Thanks for sharing this with us. Please come visit my site events listing when you got time.
Good tips that are worth checking and these tips are also worth suggesting to friends. Thanks for sharing. Great stuff! . I am new to seo, trying to visit more seo blogs for guides and tips. You can be friends with me. Please come visit my site attorneys when you got time. Thanks.
You share valuable information and excellent design you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up. Please come visit my site employment agency when you got time.
Hmm...CAPTCA or even reCAPTCA are now both breakable by software like Xrumer. Even the cute kittenauth is now breakable. But it should stop most of the simply spambots.