Topic on Project:Support desk

Preventing spam - invisible captcha

4
Uri Even-Chen (talkcontribs)

Hi. Regarding preventing spam on my website, http://www.speedypedia.info/ - I want to try to create an invisible captcha, that will use the math captcha to ask a math question, such as 75+10. But increment each number by a number selected randomly per session (n), so for example if this number is n=2 then the captcha will display 75+10 but expect the result of 77+12 (89) and not 85. Then a JavaScript code will update the input field to 89 after 6 seconds, and all the captcha fields will be invisible by CSS or JavaScript (*position*: absolute; *left*:-10000px; *top*:-10000px;). Then humans will not see the captcha at all, but if it takes them at least 6 seconds before they submit the form then the captcha will be correct; bots who leave the field empty or enter any number which is not 89 will fail. The number n will not be visible anywhere but the JavaScript code will know the correct solution (89).

I want to know if anybody tried this solution before and if you think it can prevent bots from creating accounts or articles on my website? And are there any developers who can help me create such an extension to MediaWiki, which will be used with ConfirmEdit?

By the way, Speedypedia supports Hebrew and English, and only the English version is currently protected by username & password, because it was flooded with spam. The Hebrew version was never flooded with spam. If you want to see the English version, please contact me personally on http://www.speedysoftware.com/uri/en/

Ciencia Al Poder (talkcontribs)

That looks smart, although would prevent people that doesn't have JavaScript enabled to edit your wiki

Uri Even-Chen (talkcontribs)

JavaScript must be enabled to use my website. That's OK.

Florianschmidtwelzow (talkcontribs)

> The number n will not be visible anywhere but the JavaScript code will know the correct solution (89). ??? JavaScript is client side code, so basically any bot has the ability to know the answer :) It "just" need to read the incoming JS code.

And your thoughts will work for bots that try to register as much as possible accounts all over the web, but it will definitely won't work for targeted bots. An experienced developer will (maybe) find out your little "easter egg" and program the bot to leave the field as is. Another situation would be (if you anti spam would be used on many sites), that a bot programmer would reletively easy find out, what he has to do. Your solution has one problem: It can be calculated for anyone, not just your server and humans :) Your solution isn't much better as a plain MathCaptcha.

So, in my opinion: I wouldn't force the use of JavaScript to implement such a CAPTCHA :)

Reply to "Preventing spam - invisible captcha"