Wolfram Alpha

[keyboard]

I was googling about captchas(how even logic questions can be calculated with a computer {what is the 4th letter of the word butterfly?}) and came across this website -
http://www.wolframalpha.com/

I don't even know how to describe it... Has anyone got an opinion on this software?

[djr33]

It's not very advanced. The concept is to build a computer that can think. For many reasons that's difficult (some might say impossible). They haven't done it. They're simulating it a bit, and it will be interesting to see what the future developments are, but that's about it at the moment.

As for a captcha, you don't need anything unbreakable. It's not security. It's just a filter. Any kind of captcha, even just "type 1 in the box" will stop most bots-- they float around the web looking for places they can enter text without ANY trouble.
Until your site becomes a specific target of bots you don't need to worry. I think it's much more important to make it easier for your users rather than harder for bots. Put an easy-to-use captcha there and then deal with a few spam messages that get through.

[jscheuer1]

Query:

getelementsbyclassname usage

Response:

Wolfram|Alpha doesn't understand your query

Showing instead result for query: usage

It needs to learn javascript.

[riptide]

This reminds me of igod from a few years ago.

[keyboard]

It can detect things like -
What is the 4th letter of the word butterfly?
What is the 16th letter English Alphabet?
What is five plus four?
Who is Bill Gates?

and other questions like that. I thought it was interesting to see how the logic captchas could be defeated (all captchas can be defeated actually!).

[djr33]

If you want a type of captcha that is very hard to defeat with modern technology, ask about an image. "How many cats?" is a popular one.

Another option is to rely on less logical knowledge. For example, "which one tastes the best?". Or anything that relies on inference. "Who is happy? A) An injured man. B) A wealthy man. C) A dead man."

Nothing is guaranteed, but as I said above, it's not security; it's a filter.

[keyboard]

I was reading an article about captchas and it stated that image captchas can decrease your audience (the disabled, (blind)).

I'm not sure how they're meant to use the website if they're blind???

Also, a lot of people use recaptcha, which works well as a deterent (it doesn't have to be uncrackable, just take long enough that the spam bot will stop bothering and move on), but it has been cracked (I'm pretty sure).

An interesting method is the honeytrap (place a hidden field in your form, and if it's been filled out they're probably a spam bot).

None of the above stop manual spam! It is more importent to filter out content and moderate content (in my opinion) than it is to stop the spam bots. Spam is the web designers problem, and not the general public's, so why should they have to waste time trying to decipher captchas?

[riptide]

Are you having a lot of problems with bots on your site or forum. I was at one place where the bots were posting messages in a thread and it seemed like the were a part of the conversation. Some members though that a person would make the account and then turn it over to a bot. I can't prove that it is what really happened.

[keyboard]

No, not having any trouble at all, just planning ahead!
That's a classic example, which would completly bypass the security on a site! On easy method is to do things like detect links in posts, keep a blacklist of ip's and automatically require their posts to be approved... Things like that.

[djr33]

[quote]I was reading an article about captchas and it stated that image captchas can decrease your audience (the disabled, (blind)).

I'm not sure how they're meant to use the website if they're blind???[quote]Screen readers. And of course they can listen to audio.
So there's another option: an audio captcha. That's very reliable. Computers would have a tough time cracking it. But of course it's hard to set up and takes time from your visitors.

Also, a lot of people use recaptcha, which works well as a deterent (it doesn't have to be uncrackable, just take long enough that the spam bot will stop bothering and move on), but it has been cracked (I'm pretty sure).

It hasn't been cracked. The images are from book scans. They're constantly adding new ones. There may be bots that are good at solving it, though, yes. This means: use a 'bad' custom captcha and it will be more secure than the best popular captcha. It's all about whether bots care about your site.

None of the above stop manual spam! It is more importent to filter out content and moderate content (in my opinion) than it is to stop the spam bots.

Exactly. So use a decent filter (as I've been saying), but don't rely on it 100%.

Spam is the web designers problem, and not the general public's, so why should they have to waste time trying to decipher captchas?

No, you should use a captcha if you get spam. The amount of messages that get through with no captcha is absurd. But use a basic easy one to solve. It should take 5 seconds for a visitor, and should stop 80% of bots. Done.

No, not having any trouble at all, just planning ahead!

Not worth your time. Unless you're behind facebook, this really isn't a big deal. Use a decent captcha, filter out most of the spam, continue with other things.


My personal opinion on this is to use a novel captcha in a format that bots don't know about. Just something original and creative. Even "are you a bot? [YES] [NO]" as the submit button. 50% of your spam is gone.

Bots are not intelligent. They're programmed specifically to crack certain captchas. So just use anything else. Literally anything else. Even a button that says "don't click this!" would stop many bots.

Until a bot programmer decides your site is important enough to write a bot specifically for it, you're safe.



There are three kinds of bot attacks:
1. Random bots that float around the internet with nothing better to do than fill out every single form they come across. Any of the most basic captchas (even "don't click this!") will stop them. They aren't designed to guess. They aren't designed to even check if your form is useful. For example, a personal contact form receiving messages in Russian is probably not helping them get any business. They want it posted publicly, so the goal is that they just sent the bot on its way to post anywhere and everywhere. If your site doesn't work, it doesn't even know to give up. So, filter it out-- at some sort of very basic task to stop it. Solved.
I've dealt with this a few times, and it's not hard at all to get rid of them. But if you do nothing, you'll get daily spam messages, maybe up to 10 in a day. Even if it's a useless form (for advertising), such as one that sends you a personal email or a help request.

2. Bots that are designed to search for useful places. That would include the bots that post here. (And some of these might be humans.) In this case, they attempt to make wide attacks. This would be the sort of thing that would try to defeat recaptcha. So, don't use recaptcha*. Use anything else. Suddenly if they want to attack your site, they'll need to care enough about it to actually target your site in particular rather than all of the other easier fish in the sea. So you're pretty safe. Some of this spam will still get through, and all of it from humans.

(*recaptcha is actually pretty good. I'd be surprised if there are bots that always get it right. But it's still the opposite in this case of "safety in numbers"-- more like "security in being unique".)

3. Bots that are very specifically designed to target one place. If you're facebook (and other huge sites), you need to worry about this. If not, you're safe. To put it in perspective, I don't think even Dynamic Drive is really at that level. Certainly it's targetted often by spammers, but I doubt they'd design a custom bot just to tackle our defenses here. (DD is vulnerable as a vBulletin forum by bots that target vBulletin.)


And in the end, spammers often are human. So give up trying to stop it and just settle for significantly reducing it.

Plus, isn't there a bit of satisfaction knowing that you are getting attention from spammers? I mean, that feels like the first step toward success. Haha.