[Hidden-tech] Captcha help, please

[Alex at Just Peachy]

I completely agree with Stephen about the issues with reCAPTCHA. It
punishes real users to prevent bots.

I also see Shel’s point about having to Google to pass an alternative
challenge feeling like a pretty negative user experience.

A possible compromise would be a simple math problem (what is 7 + 4?).
There are a number of services out there that provide random math problems
for preventing form spam. In my experience, much like Stephen’s trivia
question, while the bots could be programmed to answer math questions,
spammers don’t seem to have gone to that length yet.

Another tool is what’s referred to as a “honeypot.” This is a field that’s
added to the end of your form but isn’t visible to people. Spam bots will
see the field in the code of your web page and fill it in (since they’re
generally programmed to fill all available fields), but real people never
will since they can’t see it on the page. Then, your form system just dumps
any entry that has content in that field into your spam folder. Not all
form services offer this as an option, but many do.

I find that using these two strategies together eliminates 99.9% of form
spam on even high traffic sites, all while minimizing inconvenience to real
users.

Just food for thought!

Best,
Alex

On Fri, Jan 21, 2022 at 9:43 AM Stephen Michel via Hidden-discuss <
hidden-discuss at lists.hidden-tech.net> wrote:

> That's an interesting perspective on having to run a web search for
> something. Personally, I feel the way you expressed about reCAPTCHA,
> whereas if I can search something and get the answer on the first page,
> that's way easier for me.
>
> However, I think my overall point has been lost somewhat in the details.
>
> The more important point with the hcoop example is that we've had a
> static question for many years. Every time I edit the wiki, I put in
> one of the same answers ("Richard" or "Carter"). The people who were
> spamming us could easily set their bot to know those two specific
> answers, and be able to spam us again. But they never cared enough to
> do that. I'm even comfortable posting the answers here, publicly!
>
> What that all means is that you probably just need a tiny deterrent to
> be left alone.
>
> Certainly, malicious people and bots are likely to try and protect
> their identity. I also definitely agree that you need to do something
> to stop them! Spam in general is a big problem, and reCAPTCHA does
> work…
>
> The point I was trying to make is that it's a big over-reaction, with
> collateral damage. It's like setting up a gated community to stop a
> string of robberies, before locking your doors. In all likelihood, the
> criminal is just looking for easy targets, and will go elsewhere when
> you put up the slightest resistance. Something like "What is five plus
> two?" may be sufficient.
>
> Best,
> Stephen
>
> P.S. I apologize for the length of these emails. I am quite busy
> (starting a new job) and lack the time to write a short one.
>
> I also appreciate that the real bad guys here are the spammers. I wish
> we lived in a world where you didn't have to deal with this at all.
> --
> To respect your time, I try to write short, functional emails.
>
> On Thu, Jan 20 2022 at 12:08:53 PM -0500, Shel Horowitz via
> Hidden-discuss <hidden-discuss at lists.hidden-tech.net> wrote:
> > Thanks, all. Erik talked me through the installation this morning and
> > hopefully that will do the trick.
> >
> > Stephen, I'm sorry to hear about your bad experience--but maybe
> > people who aggressively protect their privacy are more likely to
> > present security issues? That's certainly the case with phone
> > spammers. Personally, if I got hit with a challenge that required me
> > to Google the answers, I would walk away from that site unless I had
> > a super-compelling reason to go forward, like reviewing it for a
> > paying client.
> > ᐧ
> >
> > On Wed, Jan 19, 2022 at 12:07 PM Shel Horowitz
> > <shel at principledprofit.com> wrote:
> >> Hi, everyone,
> >>
> >> I got a note from GetResponse (my email newsletter host) that my
> >> account is suspended because one of my sites (my main one,
> >> GoingBeyondSustainability.com) is out of compliance with captcha and
> >> is being robobombed. I installed the Advanced noCaptcha and
> >> Invisible Captcha plugin but I can't figure out how to do anything
> >> with it.
> >>
> >> Can someone either talk me through it or (better) let me hire them
> >> to get it all working (could be a different Captcha plugin--I have
> >> no particular attachment to this one)? My next newsletter is slated
> >> to mail on 2/14.
> >>
> >> --
> >> Shel Horowitz - "The Transformpreneur"
> >> ________________________________________________
> >> Contact me to bake in profitability while addressing hunger,
> >> poverty, war, and catastrophic climate change
> >> * First business ever to be Green America Gold Certified
> >> * Inducted into the National Environmental Hall of Fame
> >> * Certified speaker: International Platform Association
> >> http://goingbeyondsustainability.com
> >> mailto:shel at greenandprofitable.com 413-586-2388
> >> Award-winning, best-selling author of 10 books.
> >> Latest: Guerrilla Marketing to Heal the World
> >> (co-authored with Jay Conrad Levinson)
> >>
> >> Watch my TEDx Talk,
> >> "Impossible is a Dare: Business for a Better World"
> >> http://www.ted.com/tedx/events/11809
> >> (move your mouse to "event videos")
> >> _________________________________________________
> >>
> >> ᐧ
> >
> >
> > --
> > Shel Horowitz - "The Transformpreneur"
> > ________________________________________________
> > Contact me to bake in profitability while addressing hunger,
> > poverty, war, and catastrophic climate change
> > * First business ever to be Green America Gold Certified
> > * Inducted into the National Environmental Hall of Fame
> > * Certified speaker: International Platform Association
> > http://goingbeyondsustainability.com
> > mailto:shel at greenandprofitable.com 413-586-2388
> > Award-winning, best-selling author of 10 books.
> > Latest: Guerrilla Marketing to Heal the World
> > (co-authored with Jay Conrad Levinson)
> >
> > Watch my TEDx Talk,
> > "Impossible is a Dare: Business for a Better World"
> > http://www.ted.com/tedx/events/11809
> > (move your mouse to "event videos")
> > _________________________________________________
> >
>
>
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20220121/10eb814c/attachment.html>