Anti-Spam snippet
When I first began blogging, I was naive enough to think that porn bots (or whatever they're properly called) wouldn't find me. Wrong. So, I enabled the Captcha that comes built in to BlogCFM (yep, not CFC...I'm a rebel). That immediately thwarted their attempts at decorating my blog posts with colorful solicitations. Then a month or two later, I got a sudden influx of the same spam! So, I swapped out my captcha with something that would require some real thought: a math problem. That stopped them for another couple of months, then lo and behold it happened again. I really have no idea how the spam hackers do it, but it has resulted in yet another evolution in my efforts to stop the spam. So far it's worked solidly, so I thought I'd share it in case anybody else might find it useful.
It consists of a function that generates a question that must be answered, and the answer to that question. It will ask the commenter to figure out what letter is exactly X number of places before or after a randomly selected letter in the alphabet, then directs them to type their answer exactly Y number of times in the answer box. Upon page load the correct answer is saved to a persistent variable, then when the comment is submitted the answer typed (form.answer) is compared to the stored answer (session.answer). Simple enough I think, but with enough randomness to make it something that can't be automatically breached without some real effort.
Here's the code for the function:
(the function returns a structure containing the keys "question" and "answer")
Here's some starter code for utilizing it:
Code to evaluate saving a comment...
Code for displaying question and capturing answer:
Hope it helps! :)
It consists of a function that generates a question that must be answered, and the answer to that question. It will ask the commenter to figure out what letter is exactly X number of places before or after a randomly selected letter in the alphabet, then directs them to type their answer exactly Y number of times in the answer box. Upon page load the correct answer is saved to a persistent variable, then when the comment is submitted the answer typed (form.answer) is compared to the stored answer (session.answer). Simple enough I think, but with enough randomness to make it something that can't be automatically breached without some real effort.
Here's the code for the function:
<cffunction access="public" name="genQuestion" output="false" returntype="struct" description="I generate a random question to use as an antispam key">
<cfset var stReturn = structnew() />
<cfset var firstnum = randrange(1,4) />
<cfset var secondnum = randrange(1,4) />
<cfset var letter = randrange(5,20) />
<cfset var where = randrange(1,2) />
<cfset var answer = "" />
<cfset var i = "" />
<cfset variables.numbers = "one,two,three,four" />
<cfset variables.letters = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z" />
<cfset variables.beforeafter = "before,after" />
<CFSET stReturn.times = randrange(1,4) />
<cfset stReturn.question = "What letter comes " & listgetat(variables.numbers,firstnum) & " places " & listgetat(variables.beforeafter,where) & " the letter " & listgetat(variables.letters,letter) & "?<br>Type your answer exactly " & listgetat(variables.numbers,secondnum) & " times in the box below." />
<cfif where eq 1>
<cfset letter = letter - firstnum />
<cfelse>
<cfset letter = letter + firstnum />
</cfif>
<cfloop index="i" from="1" to="#secondnum#" >
<cfset answer = answer & listgetat(variables.letters,letter)/>
</cfloop>
<cfset stReturn.answer = answer />
<cfreturn stReturn />
</cffunction>
<cfset var stReturn = structnew() />
<cfset var firstnum = randrange(1,4) />
<cfset var secondnum = randrange(1,4) />
<cfset var letter = randrange(5,20) />
<cfset var where = randrange(1,2) />
<cfset var answer = "" />
<cfset var i = "" />
<cfset variables.numbers = "one,two,three,four" />
<cfset variables.letters = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z" />
<cfset variables.beforeafter = "before,after" />
<CFSET stReturn.times = randrange(1,4) />
<cfset stReturn.question = "What letter comes " & listgetat(variables.numbers,firstnum) & " places " & listgetat(variables.beforeafter,where) & " the letter " & listgetat(variables.letters,letter) & "?<br>Type your answer exactly " & listgetat(variables.numbers,secondnum) & " times in the box below." />
<cfif where eq 1>
<cfset letter = letter - firstnum />
<cfelse>
<cfset letter = letter + firstnum />
</cfif>
<cfloop index="i" from="1" to="#secondnum#" >
<cfset answer = answer & listgetat(variables.letters,letter)/>
</cfloop>
<cfset stReturn.answer = answer />
<cfreturn stReturn />
</cffunction>
(the function returns a structure containing the keys "question" and "answer")
Here's some starter code for utilizing it:
Code to evaluate saving a comment...
<cfif isDefined("saveComment")>
<cfif form.answer neq session.answer>
<cfset errorMessage = errorMessage & "<li>Invalid anti-spam key. Please try again.</li>#Chr(10)#">
<cfelse>
<!--- perform comment saving here --->
</cfif>
</cfif>
<cfif form.answer neq session.answer>
<cfset errorMessage = errorMessage & "<li>Invalid anti-spam key. Please try again.</li>#Chr(10)#">
<cfelse>
<!--- perform comment saving here --->
</cfif>
</cfif>
Code for displaying question and capturing answer:
<cfset variables.spamquestion = genQuestion()>
<h3>Please answer the following question:</h3>
<CFOUTPUT><STRONG>#variables.spamquestion.question#</STRONG></CFOUTPUT><br>
Type in the answer to the question you see above:
<input type="text" name="answer" size="6" maxlength="6" required="Yes" Message="You must complete the anti-spam field.">
<!--- save the answer to session for evaluation after the form is submitted... --->
<cfset session.answer = variables.spamquestion.answer>
<h3>Please answer the following question:</h3>
<CFOUTPUT><STRONG>#variables.spamquestion.question#</STRONG></CFOUTPUT><br>
Type in the answer to the question you see above:
<input type="text" name="answer" size="6" maxlength="6" required="Yes" Message="You must complete the anti-spam field.">
<!--- save the answer to session for evaluation after the form is submitted... --->
<cfset session.answer = variables.spamquestion.answer>
Hope it helps! :)
Subscription Options
You are not logged in, so your subscription status for this entry is unknown. You can login or register here.
Re: Anti-Spam snippet
See the hottest midget porn action on the web. You will see circus midgets, umpa loompas, multi-racial midgets and all your favorite mascots doing the craziest midget porn action on the web. Visit us today.
Posted by tony shortshaft on July 23, 2007 at 1:50 PM
Re: Anti-Spam snippet
I KNEW someone couldn't resist! Thanks Tony, I'll definitely check out the crazy midget porn next chance I get. ;)
Posted by dougboude on July 23, 2007 at 1:54 PM
Re: Anti-Spam snippet
You might check out CFFormProtect. I have had it running on my blog for a long time and have had 0 spam posts get through, and only a couple of false positives. Others have reported similar results.
http://cfformprotect.riaforge.org/
http://cfformprotect.riaforge.org/
Posted by Jake Munson on July 23, 2007 at 2:58 PM
Re: Anti-Spam snippet
You might as well shut comments off. The requirement is too annoying to be useful.
Posted by ziggy on July 24, 2007 at 4:06 AM
Re: Anti-Spam snippet
Thanks for your constructive input, Ziggy...I'll certainly take it into consideration. ;)
Posted by dougboude on July 24, 2007 at 10:13 AM
Re: Anti-Spam snippet
Couldn't help but notice, though...it didn't seem to be annoying enough to prevent you from telling me how annoying it was...I'm sensing some kind of paradox here....
Posted by dougboude on July 24, 2007 at 10:14 AM