captcha to defeat form spammers

Discussion in 'HTML' started by let@it.snow, May 1, 2007.

  1. Guest

    I wish to use a CAPTCHA to defeat form spammers... currently I am
    using NMS FormMail Version 3.14c1 ... is there a simple solution for
    NMS FormMail perhaps using a CAPTCHA (I know it's been mentioned
    before)?

    Alternatively there is http://www.freecontactform.com/

    I would like to hire someone to customise that freecontactform for me.
    It is written in PHP and I do not understand PHP. I need two contact
    forms and could pay $40 by paypal to a developer for the minor changes
    needed to the form.

    Please reply to

    This is a service which the form developer claims to provide but they
    have not answered my emails.
    , May 1, 2007
    #1
    1. Advertising

  2. Tina Peters Guest

    <> wrote in message
    news:...
    > I wish to use a CAPTCHA to defeat form spammers... currently I am
    > using NMS FormMail Version 3.14c1 ... is there a simple solution for
    > NMS FormMail perhaps using a CAPTCHA (I know it's been mentioned
    > before)?
    >
    > Alternatively there is http://www.freecontactform.com/
    >
    > I would like to hire someone to customise that freecontactform for me.
    > It is written in PHP and I do not understand PHP. I need two contact
    > forms and could pay $40 by paypal to a developer for the minor changes
    > needed to the form.
    >
    > Please reply to
    >
    > This is a service which the form developer claims to provide but they
    > have not answered my emails.



    I have a really simple form that may work for you here:

    www.formmailscript.com

    You don't need to know any coding at all, you just copy/paste the form bit
    into your webpage.

    --Tina
    Tina Peters, May 1, 2007
    #2
    1. Advertising

  3. Tina Peters wrote:
    > I have a really simple form that may work for you here:
    >
    > www.formmailscript.com
    >
    > You don't need to know any coding at all, you just copy/paste the form bit
    > into your webpage.


    Your fake CAPTCHA is just as useless as the last time you advertised it
    here. The security characters are printed _in_the_clear_ in the HTML
    source of the page. It would be completely trivial to write a script to
    break your 'CAPTCHA', as seen here:
    <http://groups.google.com/group/alt.html/msg/8a280131cf52deb1>.

    Please stop selling snake oil. Your code isn't worth the hard drive
    space used to store it, and it _certainly_ isn't worth $10.
    Leif K-Brooks, May 1, 2007
    #3
  4. Tina Peters Guest

    "Leif K-Brooks" <> wrote in message
    news:463748ff$0$20597$...
    > Tina Peters wrote:
    > > I have a really simple form that may work for you here:
    > >
    > > www.formmailscript.com
    > >
    > > You don't need to know any coding at all, you just copy/paste the form

    bit
    > > into your webpage.

    >
    > Your fake CAPTCHA is just as useless as the last time you advertised it
    > here. The security characters are printed _in_the_clear_ in the HTML
    > source of the page. It would be completely trivial to write a script to
    > break your 'CAPTCHA', as seen here:
    > <http://groups.google.com/group/alt.html/msg/8a280131cf52deb1>.
    >
    > Please stop selling snake oil. Your code isn't worth the hard drive
    > space used to store it, and it _certainly_ isn't worth $10.



    and yet, I've been using it for close to a year with ZERO spam issues.

    Further, I've sold it close to 60 times with not one complaint. I'm fairly
    certain that some of those sales came from people here at alt.html, because
    there was a spike in sales last time you went on your tirade about how
    worthless it was. Yet, I don't see anyone here complaining about it ;-)

    --Tina
    Tina Peters, May 1, 2007
    #4
  5. Tina Peters wrote:
    > and yet, I've been using it for close to a year with ZERO spam issues.


    That's because spammers typically go for the very low-hanging fruit and
    ignore everything else; it has nothing to do with the merits of your
    'CAPTCHA'.

    When one of your 'close to 60' customers finally wakes up and realizes
    how they've been scammed, I would suggest you give them a link to a real
    CAPTCHA, with real security. Luckily, quite a few of them are available
    for free; for example, QuickCaptcha:
    <http://www.web1marketing.com/resources/tools/quickcaptcha/>.
    Leif K-Brooks, May 1, 2007
    #5
  6. Tina Peters Guest

    "Leif K-Brooks" <> wrote in message
    news:46375460$0$20597$...
    > Tina Peters wrote:
    > > and yet, I've been using it for close to a year with ZERO spam issues.

    >
    > That's because spammers typically go for the very low-hanging fruit and
    > ignore everything else; it has nothing to do with the merits of your
    > 'CAPTCHA'.



    Thank you for making the argument for my form (which I never said was
    CAPTCHA). ;-)

    I never said my form couldn't be cracked. I'm saying that spam bots have no
    reason to try to get around it and will probably be a very long time before
    they even try. In the almost year that I've been using it, we went from
    about 99% bot generated spam to 1% legitimate email ratio from our
    form....to 100% legit. That's ZERO bot generated spams for almost a year.
    For $10, its more than worth it.

    Also, as you so rightly suggested, guess which method spammers are going to
    try to get around first? CAPTCHA, which millions of sites currently
    use...or my form, which *maybe* 200 people use. Do you honestly think
    CAPTCHA is 100% spam proof? I'm sure that's not what you're trying to
    imply.

    --Tina
    Tina Peters, May 1, 2007
    #6
  7. Tina Peters wrote:
    > "Leif K-Brooks" <> wrote in message
    > news:46375460$0$20597$...
    >> Tina Peters wrote:
    >>> and yet, I've been using it for close to a year with ZERO spam issues.

    >> That's because spammers typically go for the very low-hanging fruit and
    >> ignore everything else; it has nothing to do with the merits of your
    >> 'CAPTCHA'.

    >
    >
    > Thank you for making the argument for my form (which I never said was
    > CAPTCHA). ;-)



    No you allude to it by offing it as a solution to posters looking for
    CAPTCHA. Your make your bogus "security" code look like a CAPTCHA
    *image* by randomizing the color and font faces but it still is just
    plain old character data.

    The principle behind the *security* in CAPTCHA is that the characters
    are represented as distorted binary data images of the characters which
    can neither be recognized as characters nor OCR converted! You form is
    *no more effective* than adding an input field with an unexpected name
    say "monkey"

    <label for="monkey">Enter 'monkey' in this box</label>
    <input name="monkey" id="monkey" type="text">

    Spammers would not be expecting a required "monkey" field.

    >
    > I never said my form couldn't be cracked. I'm saying that spam bots have no
    > reason to try to get around it and will probably be a very long time before
    > they even try. In the almost year that I've been using it, we went from
    > about 99% bot generated spam to 1% legitimate email ratio from our
    > form....to 100% legit. That's ZERO bot generated spams for almost a year.
    > For $10, its more than worth it.
    >
    > Also, as you so rightly suggested, guess which method spammers are going to
    > try to get around first? CAPTCHA, which millions of sites currently
    > use...or my form, which *maybe* 200 people use. Do you honestly think
    > CAPTCHA is 100% spam proof? I'm sure that's not what you're trying to
    > imply.


    As long as your "security" script remains obscure no one will bother to
    hack it but that is no excuse to sell it under the pretext of what is is
    not! You are just scamming the ignorant.

    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
    Jonathan N. Little, May 1, 2007
    #7
  8. Chris Morris Guest

    "Jonathan N. Little" <> writes:
    > The principle behind the *security* in CAPTCHA is that the characters
    > are represented as distorted binary data images of the characters
    > which can neither be recognized as characters

    ....by people. I mentioned CAPTCHAs at a talk on web application
    security I was giving earlier today, and the audience found them very
    annoying from a user perspective...

    The reason the majority of spam-bots don't break CAPTCHAs is not
    because it's especially difficult (several well-documented methods
    exist) but because there are enough sites out there that don't have
    any anti-spam defences of any sort it's not worth their time to try.

    That being the case, I'd take a custom-written plain text challenge
    over a standard CAPTCHA library any time. If I wasn't capable of
    coding my own, I might even consider paying someone $10 to add a
    unique one to my application.

    > <label for="monkey">Enter 'monkey' in this box</label>
    > <input name="monkey" id="monkey" type="text">


    I did this for an installation of a popular bulletin board, except
    that the field was hidden and prefilled with the correct value. I
    already had a decent keyword-based spam filter in place, I was just
    curious as to how much I would catch by using this first. 20-25%, as
    it happens, which gives an idea of the spammers' methodology and
    cost-benefit calculations here.

    The most effective one is to drop messages containing URLs (or too
    many URLs, if there might be legitimate reasons to include any at all)
    and there's nothing the spammers can do about it because they need
    those URLs to be present to get any benefit from the spam.

    --
    Chris
    Chris Morris, May 1, 2007
    #8
  9. dorayme Guest

    In article <46375460$0$20597$>,
    Leif K-Brooks <> wrote:

    > Tina Peters wrote:
    > > and yet, I've been using it for close to a year with ZERO spam issues.

    >
    > That's because spammers typically go for the very low-hanging fruit and
    > ignore everything else; it has nothing to do with the merits of your
    > 'CAPTCHA'.
    >
    > When one of your 'close to 60' customers finally wakes up and realizes
    > how they've been scammed, I would suggest you give them a link to a real
    > CAPTCHA, with real security. Luckily, quite a few of them are available
    > for free; for example, QuickCaptcha:
    > <http://www.web1marketing.com/resources/tools/quickcaptcha/>.


    I have been waiting for a link like this for ages. Always meaning
    to investigate it. Thanks for posting this, Leif.

    --
    dorayme
    dorayme, May 1, 2007
    #9
  10. Chris Morris wrote:
    > "Jonathan N. Little" <> writes:
    >> The principle behind the *security* in CAPTCHA is that the characters
    >> are represented as distorted binary data images of the characters
    >> which can neither be recognized as characters

    > ...by people. I mentioned CAPTCHAs at a talk on web application
    > security I was giving earlier today, and the audience found them very
    > annoying from a user perspective...


    I totally agree...I was not advocating the use of CAPTCHAs just that
    TP's script is masquerading as one...which it is not.

    >
    > The reason the majority of spam-bots don't break CAPTCHAs is not
    > because it's especially difficult (several well-documented methods
    > exist) but because there are enough sites out there that don't have
    > any anti-spam defences of any sort it's not worth their time to try.
    >


    Proper server-side validation of data and simple measures to prevent
    relaying is your best defense.

    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
    Jonathan N. Little, May 1, 2007
    #10
  11. In alt.html, dorayme wrote:

    > In article <46375460$0$20597$>,
    > Leif K-Brooks <> wrote:
    >
    >> for free; for example, QuickCaptcha:
    >> <http://www.web1marketing.com/resources/tools/quickcaptcha/>.

    >
    > I have been waiting for a link like this for ages. Always meaning
    > to investigate it. Thanks for posting this, Leif.


    Is the sample on that page supposed to work? I tried at least a dozen
    different 'Submits', after refreshing the page each time and getting a
    new image. Always the answer, "You entered an incorrect code." ..and my
    eyes are pretty good.

    They are extremely hard to read; I'd never use it on my sites.

    --
    -bts
    -Motorcycles defy gravity; cars just suck
    Beauregard T. Shagnasty, May 1, 2007
    #11
  12. dorayme Guest

    In article <48dd5$4637c0c8$40cba7b7$>,
    "Jonathan N. Little" <> wrote:

    > I totally agree...I was not advocating the use of CAPTCHAs


    ah but they do look nice...

    --
    dorayme
    dorayme, May 1, 2007
    #12
  13. Tina Peters Guest

    "Jonathan N. Little" <> wrote in message
    news:48dd5$4637c0c8$40cba7b7$...
    > Chris Morris wrote:
    > > "Jonathan N. Little" <> writes:
    > >> The principle behind the *security* in CAPTCHA is that the characters
    > >> are represented as distorted binary data images of the characters
    > >> which can neither be recognized as characters

    > > ...by people. I mentioned CAPTCHAs at a talk on web application
    > > security I was giving earlier today, and the audience found them very
    > > annoying from a user perspective...

    >
    > I totally agree...I was not advocating the use of CAPTCHAs just that
    > TP's script is masquerading as one...which it is not.


    Is that the best argument you can come up with against my form? That is
    pretends to be CAPTCHA when it isn't? Its NOT CAPTCHA and is so obviously
    NOT CAPTCHA - its a simple script that thwarts spam bots and IT WORKS.
    Will it work 12 months from now? Who knows? Will CAPTCHA? It probably
    has a better chance of being beaten, since more people use it...hence,
    spammers have more motivation to get around it.

    --Tina
    Tina Peters, May 1, 2007
    #13
  14. Tina Peters Guest

    "Tina Peters" <> wrote in message
    news:5yPZh.71$...
    >
    >
    > "Jonathan N. Little" <> wrote in message
    > news:48dd5$4637c0c8$40cba7b7$...
    > > Chris Morris wrote:
    > > > "Jonathan N. Little" <> writes:
    > > >> The principle behind the *security* in CAPTCHA is that the characters
    > > >> are represented as distorted binary data images of the characters
    > > >> which can neither be recognized as characters
    > > > ...by people. I mentioned CAPTCHAs at a talk on web application
    > > > security I was giving earlier today, and the audience found them very
    > > > annoying from a user perspective...

    > >
    > > I totally agree...I was not advocating the use of CAPTCHAs just that
    > > TP's script is masquerading as one...which it is not.

    >
    > Is that the best argument you can come up with against my form? That is
    > pretends to be CAPTCHA when it isn't? Its NOT CAPTCHA and is so obviously
    > NOT CAPTCHA - its a simple script that thwarts spam bots and IT WORKS.
    > Will it work 12 months from now? Who knows? Will CAPTCHA? It probably
    > has a better chance of being beaten, since more people use it...hence,
    > spammers have more motivation to get around it.
    >
    > --Tina



    PS: Four more people purchased it today and I can only assume that it was
    from these postings, since traffic to the site
    (http://www.formmailscript.com) is almost negligible. Soooooo, whoever
    purchased it, please be sure to post about how useless it is, how it didn't
    completely eliminate your form spam and how it wasn't worth your $10. ;-)

    --Tina
    Tina Peters, May 1, 2007
    #14
  15. dorayme Guest

    In article
    <alPZh.94909$>,
    "Beauregard T. Shagnasty" <> wrote:

    > In alt.html, dorayme wrote:
    >
    > > In article <46375460$0$20597$>,
    > > Leif K-Brooks <> wrote:
    > >
    > >> for free; for example, QuickCaptcha:
    > >> <http://www.web1marketing.com/resources/tools/quickcaptcha/>.

    > >
    > > I have been waiting for a link like this for ages. Always meaning
    > > to investigate it. Thanks for posting this, Leif.

    >
    > Is the sample on that page supposed to work? I tried at least a dozen
    > different 'Submits', after refreshing the page each time and getting a
    > new image. Always the answer, "You entered an incorrect code." ..and my
    > eyes are pretty good.
    >
    > They are extremely hard to read; I'd never use it on my sites.


    mmm... it is a point! Some of them _are_ hard to read, I agree.
    Most I have little trouble.

    My guess for

    <http://members.optushome.com.au/droovies/test/pics/captcha.gif>

    is:

    1. 7C2CR

    2. 9NSW1

    3. J7B4D

    4. PJ9FK (this one is really too hard!)

    So more care is needed I guess in the construction of these
    things, but the idea is pretty good as far as I can see?

    --
    dorayme
    dorayme, May 2, 2007
    #15
  16. Tina Peters wrote:

    >> Is that the best argument you can come up with against my form? That is
    >> pretends to be CAPTCHA when it isn't? Its NOT CAPTCHA and is so obviously
    >> NOT CAPTCHA


    Then why to you bother to change the fonts and colors of the "security"
    code?


    - its a simple script that thwarts spam bots and IT WORKS.
    >> Will it work 12 months from now? Who knows? Will CAPTCHA? It probably
    >> has a better chance of being beaten, since more people use it...hence,
    >> spammers have more motivation to get around it.
    >>
    >> --Tina

    >
    >
    > PS: Four more people purchased it today and I can only assume that it was
    > from these postings, since traffic to the site
    > (http://www.formmailscript.com) is almost negligible. Soooooo, whoever
    > purchased it, please be sure to post about how useless it is, how it didn't
    > completely eliminate your form spam and how it wasn't worth your $10. ;-)


    Hey, some folks also give away their money to folks that promise them
    some sort of afterlife, does not mean that they shall receive!

    --
    Take care,

    Jonathan
    -------------------
    LITTLE WORKS STUDIO
    http://www.LittleWorksStudio.com
    Jonathan N. Little, May 2, 2007
    #16
  17. Tina Peters Guest

    "Jonathan N. Little" <> wrote in message
    news:69689$4637c89c$40cba7b7$...
    > Tina Peters wrote:
    >
    > >> Is that the best argument you can come up with against my form? That

    is
    > >> pretends to be CAPTCHA when it isn't? Its NOT CAPTCHA and is so

    obviously
    > >> NOT CAPTCHA

    >
    > Then why to you bother to change the fonts and colors of the "security"
    > code?


    What a dumb question. Who cares what color the font is? It can be changed
    to whatever anyone wants it to be.


    > > PS: Four more people purchased it today and I can only assume that it

    was
    > > from these postings, since traffic to the site
    > > (http://www.formmailscript.com) is almost negligible. Soooooo, whoever
    > > purchased it, please be sure to post about how useless it is, how it

    didn't
    > > completely eliminate your form spam and how it wasn't worth your $10.

    ;-)
    >
    > Hey, some folks also give away their money to folks that promise them
    > some sort of afterlife, does not mean that they shall receive!



    Some folks also try to make completely unrelated analogies seem relevant.
    ;-)

    --Tina
    Tina Peters, May 2, 2007
    #17
  18. Tina Peters wrote:
    > What a dumb question. Who cares what color the font is? It can be changed
    > to whatever anyone wants it to be.


    So you made every character in your 'CAPTCHA' a different color and font
    just because you felt like it? I find that hard to believe.
    Leif K-Brooks, May 2, 2007
    #18
  19. In alt.html, dorayme wrote:

    > "Beauregard T. Shagnasty" <> wrote:
    >> They are extremely hard to read; I'd never use it on my sites.

    >
    > mmm... it is a point! Some of them _are_ hard to read, I agree.
    > Most I have little trouble.
    >
    > My guess for
    >
    > <http://members.optushome.com.au/droovies/test/pics/captcha.gif>


    Good samples. My point, which I might expound on a bit, was that I
    *studied* the graphics - up close and personal - to be sure I had the
    right characters, and every time I typed one, the site told me it was
    incorrect. If I couldn't read it fairly easily, I refreshed and got
    another. So either I'm colorblind, or the sample page fails.

    I'm not colorblind, but just now thinking about that, how would a
    colorblind person ever get one of these QuickCaptcha things to work?

    > So more care is needed I guess in the construction of these
    > things, but the idea is pretty good as far as I can see?


    Pardon my French, but the idea sucks. :)

    --
    -bts
    -Motorcycles defy gravity; cars just suck
    Beauregard T. Shagnasty, May 2, 2007
    #19
  20. dorayme Guest

    In article
    <xDSZh.398467$>,
    "Beauregard T. Shagnasty" <> wrote:

    > In alt.html, dorayme wrote:
    >
    > > "Beauregard T. Shagnasty" <> wrote:
    > >> They are extremely hard to read; I'd never use it on my sites.

    > >
    > > mmm... it is a point! Some of them _are_ hard to read, I agree.
    > > Most I have little trouble.
    > >
    > > My guess for
    > >
    > > <http://members.optushome.com.au/droovies/test/pics/captcha.gif>

    >
    > Good samples. My point, which I might expound on a bit, was that I
    > *studied* the graphics - up close and personal - to be sure I had the
    > right characters, and every time I typed one, the site told me it was
    > incorrect. If I couldn't read it fairly easily, I refreshed and got
    > another. So either I'm colorblind, or the sample page fails.
    >
    > I'm not colorblind, but just now thinking about that, how would a
    > colorblind person ever get one of these QuickCaptcha things to work?
    >
    > > So more care is needed I guess in the construction of these
    > > things, but the idea is pretty good as far as I can see?

    >
    > Pardon my French, but the idea sucks. :)


    I like this kind of French. <g>

    It is, indeed, a point about the color-blind. But I don't really
    see that the basic idea depends on colour:

    <http://members.optushome.com.au/droovies/test/pics/captchaGreysca
    le.gif>

    And I am not at all sure why you think the idea itself sucks? As
    for it not working on some page, that may be due to other faults
    (surely on the link you used it would not be meant to work, but
    just showing an example? But I don't know this for sure.). I very
    much like the idea that a pattern recognition being can see
    things that clunky old robots can't.

    True, this would still leave the blind without help and this may
    be something you are concerned about and fair enough too.

    --
    dorayme
    dorayme, May 2, 2007
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bill

    Defeat popup stoppers?

    Bill, Nov 5, 2003, in forum: HTML
    Replies:
    30
    Views:
    1,172
    Russell Turner
    Nov 14, 2003
  2. Replies:
    6
    Views:
    495
  3. Replies:
    25
    Views:
    972
    Charlie
    Feb 27, 2007
  4. Replies:
    4
    Views:
    286
    Bob Kolker
    Feb 5, 2007
  5. sur
    Replies:
    0
    Views:
    188
Loading...

Share This Page