Leif said:
I'm building a site which will have forms which must be protected from
bots.
What kind of bots? Malicious bots or well-meaning-but-misguided bots. If
the latter, then robots.txt should be your friend. If the former, then
keep reading...
The obvious solution is to use a CAPTCHA of some sort, but it
needs to be accessible so images are out. The best solution seems to be
some sort of logic, but it will be open source so something fairly
complicated is needed. Any suggestions?
Ask a simple question at the end of each form, but choose the question to
ask from a huge pool of questions. Example in Perl...
Part of the code that contructs your form:
# make sure questions.txt cannot be accessed directly by browsers
open(QA,"questions.txt");
$i = 0;
while($qa = <QA>) {
chomp $qa;
($q,$a) = split(/\|/,$qa);
$Q[$i] = $q;
$A[$i] = $a;
}
close(QA);
print qq!<input type="hidden" name="qnum" value="$r">\n!;
print q!<p><strong>Question:</strong> ! . $Q[$r] . qq!<br>\n!;
print qq!<input type="text" name="a"></p>\n!;
Part of the code that handles form submissions:
# I'm assuming you've taken your GET or POST variables and put them in
# a hash called %invar.
open(QA,"questions.txt");
$i = 0;
while($qa = <QA>) {
chomp $qa;
($q,$a) = split(/\|/,$qa);
$Q[$i] = $q;
$A[$i] = $a;
}
close(QA);
$ProbablyABot = 0;
if( $Q[$invar{'qnum'}] ne $invar{'a'}) {
$ProbablyABot = 1;
}
Where questions.txt consists of many lines like:
If I have two apples and 3 pears, how many pieces of fruit do I have?|5
What is the number after nine?|10
Red, blue, green, yellow. How many colours were in that list?|4
How many days of the week start with the letter 'S' in English?|2
etc, etc, etc...
On second thoughts, you probably don't want to pass "qnum" in the form:
rather attach it to some kind of session ID.
Sounds stupid, but you just know some