I was googling about captchas(how even logic questions can be calculated with a computer {what is the 4th letter of the word butterfly?}) and came across this website -
http://www.wolframalpha.com/

I don't even know how to describe it... Has anyone got an opinion on this software?

It's not very advanced. The concept is to build a computer that can think. For many reasons that's difficult (some might say impossible). They haven't done it. They're simulating it a bit, and it will be interesting to see what the future developments are, but that's about it at the moment.

As for a captcha, you don't need anything unbreakable. It's not security. It's just a filter. Any kind of captcha, even just "type 1 in the box" will stop most bots-- they float around the web looking for places they can enter text without ANY trouble.
Until your site becomes a specific target of bots you don't need to worry. I think it's much more important to make it easier for your users rather than harder for bots. Put an easy-to-use captcha there and then deal with a few spam messages that get through.

Query:

getelementsbyclassname usage

Response:


Wolfram|Alpha doesn't understand your query

Showing instead result for query: usage

It needs to learn javascript.

This reminds me of igod from a few years ago.

It can detect things like -
What is the 4th letter of the word butterfly?
What is the 16th letter English Alphabet?
What is five plus four?
Who is Bill Gates?

and other questions like that. I thought it was interesting to see how the logic captchas could be defeated (all captchas can be defeated actually!).

If you want a type of captcha that is very hard to defeat with modern technology, ask about an image. "How many cats?" is a popular one.

Another option is to rely on less logical knowledge. For example, "which one tastes the best?". Or anything that relies on inference. "Who is happy? A) An injured man. B) A wealthy man. C) A dead man."

Nothing is guaranteed, but as I said above, it's not security; it's a filter.

I was reading an article about captchas and it stated that image captchas can decrease your audience (the disabled, (blind)).

I'm not sure how they're meant to use the website if they're blind???

Also, a lot of people use recaptcha, which works well as a deterent (it doesn't have to be uncrackable, just take long enough that the spam bot will stop bothering and move on), but it has been cracked (I'm pretty sure).

An interesting method is the honeytrap (place a hidden field in your form, and if it's been filled out they're probably a spam bot).

None of the above stop manual spam! It is more importent to filter out content and moderate content (in my opinion) than it is to stop the spam bots. Spam is the web designers problem, and not the general public's, so why should they have to waste time trying to decipher captchas?

Are you having a lot of problems with bots on your site or forum. I was at one place where the bots were posting messages in a thread and it seemed like the were a part of the conversation. Some members though that a person would make the account and then turn it over to a bot. I can't prove that it is what really happened.

No, not having any trouble at all, just planning ahead!
That's a classic example, which would completly bypass the security on a site! On easy method is to do things like detect links in posts, keep a blacklist of ip's and automatically require their posts to be approved... Things like that.

I was reading an article about captchas and it stated that image captchas can decrease your audience (the disabled, (blind)).

I'm not sure how they're meant to use the website if they're blind???[quote]Screen readers. And of course they can listen to audio.
So there's another option: an audio captcha. That's very reliable. Computers would have a tough time cracking it. But of course it's hard to set up and takes time from your visitors.

[quote]Also, a lot of people use recaptcha, which works well as a deterent (it doesn't have to be uncrackable, just take long enough that the spam bot will stop bothering and move on), but it has been cracked (I'm pretty sure).It hasn't been cracked. The images are from book scans. They're constantly adding new ones. There may be bots that are good at solving it, though, yes. This means: use a 'bad' custom captcha and it will be more secure than the best popular captcha. It's all about whether bots care about your site.


None of the above stop manual spam! It is more importent to filter out content and moderate content (in my opinion) than it is to stop the spam bots.Exactly. So use a decent filter (as I've been saying), but don't rely on it 100%.


Spam is the web designers problem, and not the general public's, so why should they have to waste time trying to decipher captchas? No, you should use a captcha if you get spam. The amount of messages that get through with no captcha is absurd. But use a basic easy one to solve. It should take 5 seconds for a visitor, and should stop 80% of bots. Done.


No, not having any trouble at all, just planning ahead!Not worth your time. Unless you're behind facebook, this really isn't a big deal. Use a decent captcha, filter out most of the spam, continue with other things.


My personal opinion on this is to use a novel captcha in a format that bots don't know about. Just something original and creative. Even "are you a bot? [YES] [NO]" as the submit button. 50% of your spam is gone.

Bots are not intelligent. They're programmed specifically to crack certain captchas. So just use anything else. Literally anything else. Even a button that says "don't click this!" would stop many bots.

Until a bot programmer decides your site is important enough to write a bot specifically for it, you're safe.



There are three kinds of bot attacks:
1. Random bots that float around the internet with nothing better to do than fill out every single form they come across. Any of the most basic captchas (even "don't click this!") will stop them. They aren't designed to guess. They aren't designed to even check if your form is useful. For example, a personal contact form receiving messages in Russian is probably not helping them get any business. They want it posted publicly, so the goal is that they just sent the bot on its way to post anywhere and everywhere. If your site doesn't work, it doesn't even know to give up. So, filter it out-- at some sort of very basic task to stop it. Solved.
I've dealt with this a few times, and it's not hard at all to get rid of them. But if you do nothing, you'll get daily spam messages, maybe up to 10 in a day. Even if it's a useless form (for advertising), such as one that sends you a personal email or a help request.

2. Bots that are designed to search for useful places. That would include the bots that post here. (And some of these might be humans.) In this case, they attempt to make wide attacks. This would be the sort of thing that would try to defeat recaptcha. So, don't use recaptcha*. Use anything else. Suddenly if they want to attack your site, they'll need to care enough about it to actually target your site in particular rather than all of the other easier fish in the sea. So you're pretty safe. Some of this spam will still get through, and all of it from humans.

(*recaptcha is actually pretty good. I'd be surprised if there are bots that always get it right. But it's still the opposite in this case of "safety in numbers"-- more like "security in being unique".)

3. Bots that are very specifically designed to target one place. If you're facebook (and other huge sites), you need to worry about this. If not, you're safe. To put it in perspective, I don't think even Dynamic Drive is really at that level. Certainly it's targetted often by spammers, but I doubt they'd design a custom bot just to tackle our defenses here. (DD is vulnerable as a vBulletin forum by bots that target vBulletin.)


And in the end, spammers often are human. So give up trying to stop it and just settle for significantly reducing it.

Plus, isn't there a bit of satisfaction knowing that you are getting attention from spammers? I mean, that feels like the first step toward success. Haha. ;)

So the second class of bots are the ones that may have humans behind them.
Well the site I was talking about is a vBulletin site too. But it's much more dead that DD and the strange attacks came some time after it was dead for a while.

So I'm just wondering how would you get around human backed bots.
Also why do some sites with no captchas have little to no spam.

I wasn't sugggesting don't use a captcha. I was saying that you shouldn't have to spend 20 seconds trying to decipher one (they should be simple).

Also, audio captchas, what if they're deaf?

I definetely think I'll go and make a custom one, with a few other methods to catch spam.

@riptide, there are other ways to catch spammers then a captcha. I mentioned honeytraps earlier. You can also have a timer with the minimum amount of time you can physically complete the form. Because spam bots are automated, they may be to quick and you can ban them automatically.

Another option (if your site isn't that big) is to manually verify each account/post...

As to human bots, try keywords (this is for comments of posts on a site).

For instance, if a post contains the word casino or maybe a link to another site, you could automatically hide the post untill it has been approved by someone (in essence a good filter).

The best way to go is to combine all these little methods.

P.s. I'm doing all this because I'm beefing up the security on my site before I upload it. I know that I don't have to try that hard, but I think of it as a challenge...

I wasn't sugggesting don't use a captcha. I was saying that you shouldn't have to spend 20 seconds trying to decipher one (they should be simple).I completely agree with this.


Also, audio captchas, what if they're deaf?Combine it with a visual one, of course.
recaptcha does this and it works pretty well.



Riptide, there are at least 3 ways:
1. Use a spam management system that tracks bad IPs, usernames and emails across websites. (A very interesting thing I've just noticed-- I'm currently an active user on two forums, this one and another, and I've found the same username posting spam on both sites within minutes recently, a few times.)
2. Attentive moderators.
3. Require approval before posting anything.

And ask keyboard says, you can use other kinds of protection like keyword filtering or blocking posts that have links in them.

Human backed bots cannot be stopped by captchas, though.

How about a Zen Kōan? Then only the enlightened could get in.

I like the one about the cats.

4471

How many cats are in the box?

Are any of them named Schrödinger?

How about a Zen Kōan? Then only the enlightened could get in.


It's a coding website :D



How many cats are in the box?
Are any of them named Schrödinger?


How are they physically supposed to answer those? :p

Serious answers please John :D

p.s I agree with the Zen Kōan idea! I've actually got some good ones around here somewhere...

I like the one about the cats.

4471

How many cats are in the box?

Are any of them named Schrödinger?
This made me smile. I guess you could ask a question about Schrödinger cat.

Is Schrödinger's cat alive?
Yes|No|Maybe|Neither

There goes a 3/4 quarters of your spam! :D

Depending on what type of people visit the site, you could use that to your advantage.

"Are Java and Javascript the same thing?"

"How many points do you need in [some online game] to become a super special [some position of magic user]?"

"Finish the phrase: Luke, I am your _____"


But of course that might make some people fail these things.

Note that the biggest risk is for those who don't speak (=read) English well. Then something like "what's 2 plus 2?" might be hard. It's important to think about that.
(Unless you want to translate everything...)

Hmmm, I definetely might make the questions basic coding related. Only coders will ever need to login/register...

the only limits to those kind of things however, are that some users may not speak english, which would kind of limit the audience a bit. although, you could always just have options for different languages.

With quiz kind of things, some people could just google the answers.

I agreee with keybord in that the numbers system works, but it needs to be easier to read.

Also, back to the original topic, Wolfram Alpha is a good, quick source of information, but not much more than that.