Take that evil spambots!

Nice one Dale!

Oh, no, I can no longer post anything. I will have to keep my woeful ignorance to myself. What is that strange 'number on a grid'? Surely not identity cards for text?

Hey now this is a nice solution! Is this available, or is it a 'Samizdata Solution?'

I can only take the credit for installing it. The author has it available here:

http://james.seng.cc/archives/000145.html
http://james.seng.cc/scode-0.1a.tar.gz

It's not a trivial installation. You'd better know Perl because you've got to edit a couple MT files from the Unix command line.

You don't have to edit them from the command line, Dale just does it because he's ornery.

Nope, you have to edit Comments.pm from the MT source, and customize Scode.pm from the plugin source. And you might have to create some directories and such as well.

*sigh*

From the command line? Hm, "nedit" or even "gvim" is your friend.

Can you make it so the number doesn't change (or is no longer needed for that specific comment) after a successful preview? If they already got the number right previewing, they aren't going to suddenly turn into a spambot when pressing "post". Preview is good and having to squint at and type a number twice will discourage its use.

Good idea, but probably not. I'd have to spend a day to figure out the guy's code and make sure I got the number passed along properly through the session but no further. It could get messy because http is stateless; any appearances to the contrary are done with messy hacks which have been known to get confused.
(Yes, I've even seen the noble php get lost in state-space)

It would probably be trivial for the original author though since he's already worked through the thought process. You might follow the link and suggest it.

Hmm. It should be simple enough.

- On a successful preview, add "user has authenticated" to the PHP session

- On a successful post, remove it.

- On generating the page, if their session is authenticated, put the number in a hidden field instead of including a text box. The antispam checking code has no way to distinguish between a filled-in text box and a hidden field, so it need not be altered.

Testing would be simple: test if it gets set, test if it gets properly unset, test if it works a second time around. Voila.

Bit of a bugger for anyone visually impaired.

I used to communicate a lot on the net with a guy that used a braille reader.

Stuff like this might be an acceptable as a short term solution, but longer term MT sites need a better solution.

Hmm, Turing numbers. Me likey. I wrote one in PHP a while back. If you had the GD library linked in then it was easy to generate the numbers on the fly.

As for the authentication tracking etc, I just postponed entering the number until I was ready to post. Preview doesn't need it.

I have a better idea for the avoidance of e-mail address harvesting: never use your REAL e-mail address when posting or providing details to access a site! It's surprising how many people still give their real details in web forms.

I keep a throwaway webmail address purely for web forms on sites I don't really trust not to spam me.

Ah, well. A minor inconvenience that will be a major hassle to the tossers, er, DoSsers plaguing the site.

I like it, and it seems to have worked for me.

Does this mean no more Kodiak...?

Hah! You silly Bushist unilateralist person you! I fart in your general direction! Vive La France! The French state is the mother of all wondefulness! Unilateral French military action in Africa is in fact multilateralist because, well, I say so and so does Sartre and Derida and Johnny Haliday! etc. etc. etc. etc. etc. etc. etc. etc.

Ribbit.

Ribbit.

Ribbit.

* amon breaks into fits of giggles and gets carted away

Someday we'll have a knock down, drag out verbal battle over some fine bottles of vino somewhere in Paris with "Dissident" as my second. You know, wine bottles at 10 paces. Ready, aim, drink!

test

How long I wonder until a spammer gets some geek for pay to whip up a widget that can OCR those turing numbers. The background grid is consistent, and the fonts don't look randomly distorted.

But for now it's a great hack!

I wrote a small (500 line) C++ hack that can take one of these PNG's and return the number. The problem is, as David Mercer says, that the fonts are too regular. Even if they were shifted up and down and shrunk or expanded, some relatively simple image processing should be able to decode them.

The thing with these sort of systems is that they are meant to make it too hard for the spammer to bother with your site. It doesn't make your site impregnable, it just raises the bar a bit so the spammer will go looking for softer targets.

All true. It's an arms race and there is little value in 'spending' more at a given time that the threat requires. It's the money value of my time ;-)

Is there some sort of time-out function at play here? I enter the secret number, and then go on to enter my post. But that may take me serval minutes, or even hours, if I leave it for some reason.

In any event, I've made a habit of checking to see that I've entered the number before hitting the post button, but still frequently get n error. I can't be keying in the wrong number that frequently - what's up?

Ok I'm having hassles with the installation. It's not trivial, everything works except for the fact that the image with the number doesn't actually appear.

So as a result on my personal blog it has, in effect, disabled comments.

I've emailed James to try and find out what I might have done wrong.

"It's not trivial,"

Don't say I didn't warn you :-)

It's really not that bad though. It just requires a bit of fairly straightforward hacking. It's just a matter of getting it right..."the devil is in the details" as the saying goes.

We got bit by a problem in the White Rose blog because I can't rewrite templates from the CGI front end unless they are less than 950 chars long... An entirely seperate network problem which seems unique to me and smells like an MTU...

shall therefore compose basic html with their bare hands?