[lists] Re: [wp-hackers] Spam results
r at schestowitz.com
Sat Dec 4 06:37:18 UTC 2004
> Jeff Barr wrote:
> > I am getting lots of good reports on my simple "Turing Test" system:
> > http://www.syndic8.com/~jeff/blog/index.php?p=103
> > I simply prompt for my first name, and verify that it is there. If
> > not, I issue a simple message.
> > The user (if they are not a comment spammer) can simply press Back and
> > try again.
> The only problem I see with this system is that it forces the users to
> enter a non-related piece of information to prove they're not a robot.
> I think that more sophisticated methods would check the client "in the
> background," transparently. You could imagine testing for keyboard and
> mouse strokes, or a client-side computation in flash or jscript, or any
> number of inobtrusive things.
Valid XHTML and CSS'? You are hogging resources this way; you are spying
on users and therefore discourage them from posting messages. Whatever
you do, the spammers will adapt to. So, let's not punish all users
because of some real culprits.
More information about the hackers