less spam on blogs
And no it’s not a better solution than Akismet, but will do against spam bots…
This is for the ones that host blogs/create a blog and don’t have a spam protection module at it. Maybe you’ve seen this type of protection before (and sure you have; ex: www.darknet.org.uk). Have you guessed it by now? Yes, it’s the “number adding protection”, when you have a last field in a comment form where you have to add 2 numbers (could be even 1mil if wanted, but than who would post comments?).
The most simple method is the following
—
<?php
$n1 = rand(0,20);
$n2 = rand(0,20);
$sum = $n1 + $n2;
echo(”<input type=\”hidden\” name=\”sum\” value=\”$sum\”/>”);
echo(”<input type=\”text\” name=\”add\” value=\”\”/> result $n1 + $n2?”);
?>
—
And on the form parsing page
—
<?php
$sum = $_REQUEST["sum"];
$add = $_REQUEST["add"];
if($sum==$add) {
//parse the form submited
}
else {
header(”Location: http://somewebsite.com”); //redirect (if follows)
//to a not so prefered blog (the bot)
}
?>
—
This would be one way to do it, and the lass good, because the bot could be taught to retrieve the value of the sum field, and the whole protection would be of no use. The next method is based on the same tehnique, only that it uses javascript (there are cases when users have deactivated javascript, or by example use NoScript). No php required in this case…
—
<html>
<head>
<script type=”text/javascript”>
n1 = Math.round(Math.random()*20);
n2 = Math.round(Math.random()*20);
sum = n1 + n2;
document.getElementById(”sum”).innerHTML=”result “+n1+” + “+n2+” ?”;
function formSubmit() {
if(document.forms[0][0].value==sum) {
return true;
}
else {
alert(”Lack of math skills!”);
return false;
}
}
</script>
</head>
<body>
<form action=”somepage.php” onsubmit=”return formSubmit()”>
<input type=”text” name=”add” value=”"><div id=”sum”></div>
<input type=”submit” value=”submit”>
</body>
</html>
—
E(n)D
Of course as always, you can mix them, or even use this method for displaying your emails(only the second one) because those damn bots can’t parse javascript code… anyway feel free to thrown in some interesting ideas, creative ways to stop spam via html/javascript/php code…
>the bot could be taught to retrieve the value of the sum field
Rather than wasting time parsing the whole page, they could simply post whatever values they wanted for the “sum” and “add” fields - i.e. “hello” for both, since the input is blindly trusted.
I’ve turned it off recently if you noticed :D Am using a new method now with JavaScript and Cookies as spam bots don’t generally accept either. It requires no additional user input.
To be honest, considering that most spam is actually trackbacks and not comments, I don’t think it’ll do much good.
trackbacks can be deactivated…