Leif K-Brooks wrote:
> I'm building a site which will have forms which must be protected from
> bots.
What kind of bots? Malicious bots or well-meaning-but-misguided bots. If
the latter, then robots.txt should be your friend. If the former, then
keep reading...
> The obvious solution is to use a CAPTCHA of some sort, but it
> needs to be accessible so images are out. The best solution seems to be
> some sort of logic, but it will be open source so something fairly
> complicated is needed. Any suggestions?
Ask a simple question at the end of each form, but choose the question to
ask from a huge pool of questions. Example in Perl...
Part of the code that contructs your form:
# make sure questions.txt cannot be accessed directly by browsers
open(QA,"questions.txt");
$i = 0;
while($qa = <QA>) {
chomp $qa;
($q,$a) = split(/\|/,$qa);
$Q[$i] = $q;
$A[$i] = $a;
}
close(QA);
print qq!<input type="hidden" name="qnum" value="$r">\n!;
print q!<p><strong>Question:</strong> ! . $Q[$r] . qq!<br>\n!;
print qq!<input type="text" name="a"></p>\n!;
Part of the code that handles form submissions:
# I'm assuming you've taken your GET or POST variables and put them in
# a hash called %invar.
open(QA,"questions.txt");
$i = 0;
while($qa = <QA>) {
chomp $qa;
($q,$a) = split(/\|/,$qa);
$Q[$i] = $q;
$A[$i] = $a;
}
close(QA);
$ProbablyABot = 0;
if( $Q[$invar{'qnum'}] ne $invar{'a'}) {
$ProbablyABot = 1;
}
Where questions.txt consists of many lines like:
If I have two apples and 3 pears, how many pieces of fruit do I have?|5
What is the number after nine?|10
Red, blue, green, yellow. How many colours were in that list?|4
How many days of the week start with the letter 'S' in English?|2
etc, etc, etc...
On second thoughts, you probably don't want to pass "qnum" in the form:
rather attach it to some kind of session ID.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me -
http://www.goddamn.co.uk/tobyink/?page=132
Sounds stupid, but you just know some
Similar Threads
